This is a remote position and can be located anywhere in Canada


Smarter decisions, fewer barriers, and better incentives are just the beginning. Smile CDR makes it easy for healthcare stakeholders to collect and exchange data with our leading FHIR-based data liberation platform.

We reduce barriers between information and care for those who deliver or consume health services and products and whose roles or care are hindered by fractured, inaccessible or complex information systems.

Let’s make a difference!


As an Information Security Analyst, you will be responsible for providing project support, vulnerability management, business continuity, disaster recovery and auditing requirements to support the operations of multiple healthcare clients and the internal operations of Smile CDR.


  • Review and manage vulnerabilities identified by security operations, quality assurance, or other sources.
  • Conducts regular access reviews and audits of staff and vendor activity related to internal services or client environments.
  • Manage client requests such as security reports, audit requests and questionnaires as required.
  • Will serve as alternate/backup Incident Manager for Privacy and Security incidents as reported internally or from clients.
  • Act as the Information Security lead for organizational business continuity plan and ensure that the obligations are met by all stakeholders.
  • Review and maintain client disaster recovery plans as necessary and act as a liaison.
  • Provide Information Security to various internal teams, including software developers.
  • Contribute to sales efforts such as questionnaires and RFPs as necessary.
  • Maintain technical standards supporting HITRUST, ISO 27001, and SOC 2  controls.
  • As needed, investigate incidents through the entire process lifecycle and collect necessary documentation and evidence.
  • Updates Privacy and Security standards and procedures as necessary.
  • Perform security reviews for network changes, software requests and add-on features and provide recommendations as needed.
  • Collaborates with the Client Services department to review privacy and security requirements.
  • Regularly validates privacy and security controls for cloud services and verifies with frameworks (ISO 27001, NIST, HITRUST, etc.)


  • A Bachelor’s degree or College diploma in Business, Engineering, IT, Healthcare or related field, or equivalent experience.
  • 3+ years in conducting vulnerability management.
  • At least one of the following certifications: CIPP/US, CISSP, or CISA.
  • 3+ years working with a large US-based healthcare organization, ideally in Information Security,  Privacy or Risk Management.
  • 3+ years of experience auditing user and patient access related to HIPAA.
  • 3+ years of experience providing information security expertise to web development.
  • Excellent communication skills, both verbally and written.
  • Can demonstrate logical thinking and handle complex situations under pressure.
  • Experienced in maintaining documentation.
  • Familiarity with cloud platforms such as Azure and AWS.
  • Ability to manage multiple tasks concurrently with little supervision.
  • Able to communicate effectively and adjust to different audiences depending on business focus (technical, privacy, legal, etc.)
  • Solid understanding of technical controls enforcing privacy and security requirements.
  • Ability to create policies, standards and procedures using the ISO 27001 standard or NIST framework.

Smile CDR’s core values are respecting, embracing our differences, and celebrating our shared values. Our people are the foundation of our success, and we remain dedicated to building diverse and inclusive teams. We welcome and encourage candidates of all backgrounds to apply. Please let us know if you require accommodations or have questions during the application process.