Description:
as the Cyber Security Lead by:
• Practicing and implementing cyber security principles based on industry best practices and the risk management framework advised by Nova Scotia Health (NSH) and Department of Cyber Security & Digital Solutions (CSDS) with Province of Nova Scotia (PNS). Implementation activities include meeting with internal/external stakeholders and clients, conducting workshops, developing document deliverables and preparing/distributing communication material.
• Acquiring technology tools (software, hardware and/or services) by evaluating business needs, assessing available alternatives, and recommending the preferred approach. They will inform and advise the procurement process, including documenting business/technical requirements, preparing Request for Information/Proposal (RFI/RFP) documents, RFP responses and making final selection.
• Creating or updating documentation based on identified cyber security risks and controls and disseminating it.
• Lead and participate in multi-disciplined Health and Government teams with accountability for scope, communications, and control procedures.Translate the business impacts of cyber security requirements to a range of stakeholders in multiple digital service areas and help with the understanding of the cyber security risk.
• Act as an internal consultant to provide expert advice, coaching and mentoring on up-to-date cyber security and risk management methodologies and tools to the program team, business partners, and the vendors.
• Create cyber security documentation, define cyber security key performance indicators, and report on them.
• Create training and awareness elements that periodically educate pertinent internal and external stakeholders on the relevant cyber security risk management standards and processes.
• Monitor the key goals and metrics around cyber security risk management.Determine how deviations or problems will be identified, tracked, and reported for remediation by:
• Reporting governance/risk management issues to OPOR leadership, Cyber Security and Enterprise Risk (CSER) division at CSDS, as well as the steering committee or advisory board.
• Monitoring of risk mitigation goals and metrics against targets and review progress with key internal and external stakeholders.
Identify and collect relevant data to enable effective cyber security-related risk identification, analysis and reporting by:
• Developing and implementing cyber security control monitoring measures to ensure risks are managed to the appropriate level of acceptable residual risk.
Analyze risks and develop a substantiated view on actual cyber security risk, in support of risk decisions by:
• Conducting risk assessments, including managing the oversight of and/or performing technical risk assessments; managing information asset and application risk assessments; conducting risk reviews for new applications; and managing third-party risk assessments.
• Coordinating information security and risk management project related work with NSH, IWK, CSDS, vendors, and other stakeholders.
• Coordinating audit-related tasks such as ensuring the readiness for audit testing and facilitating the timely resolution of any audit findings.
Communicate information on the current state of cyber security-related exposures and opportunities in a timely manner to all required stakeholders for appropriate response by:
• Reviewing risk assessments and analyzing the effectiveness of cyber security control activities and reporting on them -with actionable recommendations - to the senior leadership