Located in vibrant downtown Montreal, Explorance is a rapidly growing software company recognized for its unique workplace culture.
Currently, we are looking for an exceptional IT Security and PrivacyOfficerr to join our dynamic team who thrives in a demanding, fast-moving environment.
The is a new position and is responsible for Exploranceâ€™ s overall Information Security Program including but not limited to daily operations of the security program, oversight of the annual and ongoing risk assessment process, development, implementation, and maintenance of policies and procedures, ensuring the confidentiality, integrity and access of electronic protected health information and of monitoring program compliance as well as investigation and tracking of incidents and breaches and in compliance with federal and state laws.
What you will do as our new IT Security and Privacy officer :
- Builds a strategic and comprehensive information security program that defines, develops, maintains and implements policies and processes that enable consistent, effective information security practices which minimize risk and ensure the integrity, confidentiality and availability of information that is owned, controlled and processed within Explorance.
- Ensures information security policies, standards, and procedures are up-to-date.
- Initiates, facilitates, and promotes activities to foster information security awareness within the organization.
- Creates a culture of cyber security both with the IT organization and driving behavioral changes for the business.
- Evaluates security trends, evolving threats, risks and vulnerabilities and applies tools to mitigate risk as necessary.
- Manages security incidents and events involving IT systems
- Ensure that the disaster recovery, business continuity, risk management and access controls needs are addressed.
- Ensures compliance with the administrative, technical and physical safeguards.
- Serves in a leadership and functional role for security compliance.
- Works closely with the Director ofthe Business process to ensure alignment between security and privacy compliance programs including policies, practices and investigations, and acts as the point of contact for the information systems and compliance departments.
- Is responsible for initial and periodic information security risk assessment / analysis, mitigation and remediation. Responsible for development and implementation of security risk management plan.
- Ensure the organization has audit controls to monitor activity on electronic systems that contain or use electronic protected health information.
- Oversee periodic monitoring and reviewing of audit records to ensure that activity is appropriate. Such activity would include, but is not limited to, logons and logoffs, file accesses, updates, edits and printing.
- Ensure the organization has and maintains appropriate system use and disclosure / confidentiality statement.
- Oversees, develops and / or delivers initial and ongoing security training to the workforce. Initiates, facilitates and promotes activities to foster information security awareness within the organization and related entities
- Participates in the development, implementation, and ongoing compliance monitoring of all business agreements, to ensure security concerns, requirements, and responsibilities are addressed.
- Establishes and administers a process for investigating and acting on security incidents which may result in a privacy breach.
- Partners with Human Resources and Business Process to ensure consistent sanctions for security violations
- Maintains current knowledge of applicable local, federal and international laws, as well as certification requirements and accreditation standards.
- Serves as an information security consultant to all departments for all data security related issues.
Here’s what you’ll bring to the role
- Baccalaureate degree in information systems security or a related IT security certification such as CISSP, CISM, CISA, CCSP
- Security industry related knowledge and credentials, such as NIST 800-53, ISO 27001, OWASP
- Knowledge and experience in local and federal information security laws, such as PIPEDA, FERPA, GDPR, FedRAMP
- Demonstrated organization, facilitation, written and oral communication, and presentation skills.
- Demonstrated skills in collaboration, teamwork, and problem-solving to achieve goals.
- Demonstrated skills in verbal communication and listening.
- Demonstrated skills in providing excellent service to customers.
- Excellent writing skills.
- A high level of integrity and trust.