Overview

This is a remote position and can be located anywhere in Canada

THERE’S A LOT TO SMILE ABOUT

The Smile CDR platform enables people and organizations to manage healthcare data better. It’s built around a standard made by HL7 called FHIR, which acts as a new universal language for healthcare data. Different information technology systems can communicate by speaking the same data language.

Smile CDR is a strong brand with established trust and reputation in global healthcare technology markets. This newly created role will help enable interoperability of the organization’s health systems using a standards-based product that leverages the most proven FHIR implementation globally.

Let’s make a difference!

BE PART OF THE TEAM WORKING TOWARDS #BETTERGLOBALHEALTH

As a Senior Cloud Security Analyst, you will manage risk and security-related requirements for Managed Services in the cloud and on the Smile CDR platform. The primary focus of this position will be on evaluating technology controls, supporting audits, conducting risk assessments, investigating incidents, enhancing security and supporting relevant compliance programs with the managed services team’s appropriate privacy and security frameworks.

Responsibilities:

  • Perform security scanning/ testing, controls testing, document results, and provide detailed updates to internal colleagues.
  • Conduct vulnerability assessments regularly per contractual agreement and compliance requirements.
  • Act as part of the SecOps team and ensure compliance with all security requirements.
  • Proactively identify gaps or conflicts in existing processes and help develop solutions with colleagues.
  • Perform assessments of systems, networks, and applications in Smile CDR cloud environments and readily address vulnerabilities identified.
  • Assist with remediation of control deficiencies and security gaps.
  • Research and perform tests with cutting-edge security tools.
  • Generate regular reports and technical documentation for the SecOps team.
  • Assist with the education and training of process/control owners to better understand technology control frameworks and their responsibilities.
  • Assist with other security aspects, including vendor security assessments and customer audit needs.
  • Facilitate third-party attestations, audits, and certification efforts for the organization.
  • Assist IT Operations team and IT Security and Privacy Governance teams with maintaining coverage of applicable privacy laws and regulations.
  • Closely follow emerging IT Security technologies.
  • Guide on privacy risks and advise on the application of privacy requirements.
  • Work with the Cloud Operations and various implementation teams to ensure best practices.
  • Work to integrate various security technologies with ITSM tools.
  • Respond to incidents as required.

Requirements:

  • 3+ years experience with Linux, networking, docker and security combined with at least 2+ years of experience in Azure, AWS or GCP, and containerized computing environments Solid Network and IT Security fundamentals.
  • Ability to utilize various assessment tools and navigate through logs to establish the root cause of issues.
  • Ability to work with various security tools and frameworks, including SOAR/ SIEM, Vulnerability Scanners, IDS/ IPS, and Cloud Security Posture Management.
  • Working knowledge of IT and Security compliance frameworks, such as HITRUST, GDPR, SOC 2, ISO 27001 and HIPAA, PHIPA, etc
  • 1+ years experience with the public (AWS, Azure, GCP or Oracle)
  • Experience in dealing with security issues and policy, as well as supporting audit and compliance requirements from a technical standpoint.
  • Ability to analyze system data, including, but not limited to, security and network event logs, web, anti-virus, DLP, syslogs, IPS and firewall logs.
  • Experience in access control and identity management for on-premise and cloud environments.
  • The capacity to accommodate a flexible schedule (for audits and security incidents) and work on a regular on-call rotation.
  • Experience working with and having access to confidential & sensitive information and interfacing with senior business leaders as a technical resource.
  • Proven knowledge of working with SOAR/SIEM, vulnerability scanners, IDS/IPS, and Cloud security.
  • Must have experience with access control and identity management.
  • Analyze security, network logs and supporting audit and compliance requirements from a technical and operational standpoint.
  • 3+ years of network and security troubleshooting.
  • Completed a college diploma in IT security or networking or a similar subject field preferred.
  • Previous experience with a cloud, network and security certification preferred.

Smile CDR’s core values are respecting, embracing our differences, and celebrating our shared values. Our people are the foundation of our success, and we remain dedicated to building diverse and inclusive teams. We welcome and encourage candidates of all backgrounds to apply. Please let us know if you require accommodations or have questions during the application process.