IT Security

Position Overview

The ideal candidate must possess strong 1LOD IT security leadership skills and demonstrated success in managing application, infrastructure and security functions within 1LOD, driving multiple complex and large-scale projects, and managing senior stakeholder relationships. The individual must be extremely disciplined and organized yet comfortable in a rapidly changing, dynamic environment. A high energy, fast paced, “roll-up your sleeves” attitude and commitment to success and be results driven are essential. Strong verbal and written communication skills, as well as, experience presenting and influencing senior managers and business stakeholders are pre-requisites.

Role & Responsibilities

Key Responsibilities:

1. ICT Security Strategy

·Formulate the Entity ICT security work plan, and align it with Entity’s ICT security strategy; and

·Responsible for resourcing to meet the Entity’s strategic goals.

2. Gap Analysis

·Conduct gap analysis to identify ICT security risks faced by the Entity, and gauge the Entity’s ICT security posture and level of maturity against the Entity’s ICT security maturity model

3. Security Governance

·Maintain an overall view of the ICT security design, implementation and operations of ICT systems;

·Comply with Entity and HIM security requirements;

·Collate key security metrics which will be aggregated at the public healthcare level;

·Put in place and regularly review (annually, or whenever there are changes to its business/ICT environment) the security metrics; and

·Implement the Entity’s risk and control program to manage the security posture of the Entity’s systems

Requirements

4. Risk Management

·Ensure that all ICT systems perform a thorough ICT security risk assessment.

5. Incident Management

·Ensure systems have a defined process for the identification and management of incidents is in-place;

·Ensure systems have appropriate security controls in-place to detect, prevent and recover from any security incident;

·Support the Cybersecurity Incident Response Manager (CSIRM) in the investigation and management of ICT security incidents; and

·Plan, design and conduct security incident response workshops and exercises (table-top exercises, simulation and drills).

6. Secure Development Lifecycle

·Ensure that management and execution of all Entities’ ICT system development and project management are in compliance to HIM’s security and related requirements; and

·Review all Entity’s security testing reports (Vulnerability Assessments/ Penetration Tests/ Source Code Review) and ensure mitigation is performed satisfactorily.

7. Security Controls Implementation

Work with System Owners to ensure that the management and execution of all Entity’s ICT systems are operating in compliance to HIM’s security and other security requirements, including;

·Account and access management;

·Patching, hardening and management of deviations;

·Network connectivity to Healthcare Enterprise networks;

·Privileged and remote access user management; and

·Logging of key system events and activities to enable incident investigations.

8. ICT Asset Management :Have full visibility for all Entity’s ICT systems and products across operating environments (Intranet, Internet, Extranet).

#LI-IHIS13

Apply Now