Job description
Working for a company like Smile Digital Health means supporting our mandate for #BetterGlobalHealth. We strive towards this goal every day, and the results can be seen in the impact of our innovative health data platform and data management solutions, which are used in over 20 countries. We were #19 on Deloitte’s Technology Fast 50 Ranking for 2024!
Smile Digital Health makes it easy for healthcare stakeholders to collect and exchange data with our leading FHIR-based data liberation platform.
At its heart, the Smile platform enables people and organizations to better manage healthcare data. We help generate and liberate structured healthcare data to ensure effective delivery across care teams and health systems bringing #BetterGlobalHealth to patients everyday!
Apply today and find plenty of reasons to SMILE!
Summary:
This position is responsible for managing risk and security related requirements for Managed Services, in the cloud and on the Smile Digital Health platform. The primary focus of this position will be on evaluating technology controls, supporting audits, conducting risk assessments, investigating incidents, enhancing security and supporting relevant compliance programs with the appropriate privacy and security frameworks for the Managed Services team.
Responsibilities:
- Perform security scanning / testing, controls testing, document results, and provide detailed updates to internal colleagues.
- Conduct vulnerability assessments regularly per contractual agreement and per compliance requirements.
- Act as part of the SecOps team and ensure compliance of all security requirements.
- Proactively identify gaps or conflicts in existing processes and help develop solutions with colleagues.
- Perform assessments of systems, networks, and applications in Smile Digital Health cloud environments and readily address vulnerabilities identified.
- Assist with remediation of control deficiencies and security gaps.
- Research and perform tests with cutting edge security tools.
- Generate regular reports and technical documentation for the SecOps team.
- Assist with the education and training of process / control owners so they better understand technology control frameworks and their responsibilities.
- Assist with other security aspects as needed including vendor security assessments, customer audit needs.
- Facilitate third-party attestations, audits, and certification efforts for the organization.
- Assist IT Operations team and IT Security and Privacy Governance teams with maintaining coverage of applicable privacy laws and regulations and closely follow emerging IT Security technologies.
- Provide guidance on privacy risks and advise on application of privacy requirements.
- Work with the Cloud Operations and various implementation teams to ensure best practices.
- Work to integrate various security technologies with ITSM tools.
- Respond to incidents as required.
- Comply with the privacy, security and confidentiality policies.
Requirements:
- Possess a minimum of 5 years experience with linux, networking, docker and security combined with a minimum of 3 years of experience in Azure, AWS or GCP along with containerized computing environments Solid Network and IT Security fundamentals.
- Proven ability to utilize various assessment tools and navigate through logs to establish the root cause of issues.
- Proven ability to work with various security tools and frameworks including SOAR / SIEM, Vulnerability Scanners, IDS / IPS, Cloud Security Posture Management.
- Working knowledge of IT and Security compliance frameworks, such as: HITRUST, GDPR, SOC 2, ISO 27001 and HIPAA, PHIPA, etc.
- Experience in dealing with security issues and policy, as well as supporting audit and compliance requirements from a technical standpoint.
- Ability to analyze system data, including, but not limited to, security and network event logs, web, anti-virus, DLP, syslogs, IPS and firewall logs.
- Experience in access control and identity management for on premise and cloud environments.
- The capacity to accommodate a flexible schedule (for audits and security incidents) and work on a regular on-call rotation.
- Experience working with and having access to confidential & sensitive information and interfacing with senior business leaders as a technical resource.
- Must have experience with access control and identity management, analyzing security and network logs along with supporting audit and compliance requirements from a technical and operational standpoint.
- Post secondary education in IT security or networking or a similar subject field is preferred.
- Must comply with appropriate background check requirements such as but not limited to: criminal, exclusion screening, credit, education, etc. Such checks are based on the job requirements. The incumbent may be required to re-verify the required checks on an annual basis or from time-to-time as determined by the Company.
Some of the benefits we offer:
\* Remote Work Environment
\* Flexible Time Away From Work Policy including PTO, Personal and Sick Days
\* Competitive Salary and Health/Medical Benefits
\* RRSP/TFSA/401K Employee Contribution
\* Life and Disability
\* Employee Assistance Program
\* FHIR Study Program and Skillsoft Learning
\* Super HAPI Fun Club
Smile’s core values include respect, inclusion, embracing our differences, and celebrating shared values because our people are the foundation of our success. We are big on creating a sense of belonging and empowering each other to bring our authentic selves to work. We are dedicated to fostering a workplace that values diversity, equity, and inclusion.
We welcome and encourage candidates of all backgrounds to apply. Candidates are encouraged to inform us if they wish to discuss or require accommodations during interviews or while working at Smile.
