Information Security Analyst

Status: Regular Full-Time
Number of Positions:1
Work Location: Hybrid (a combination of in-office in Vancouver and remote work)

Who we are

The British Columbia College of Nurses & Midwives (BCCNM) is the college empowered under the Health Professions Act to regulate the practice of all licensed practical nurses nurse practitioners registered midwives registered nurses andregistered psychiatric nurses in British Columbia. Regulation helps to protect the public by ensuring that professional care or service received by the public is competent ethical and meets the standards that society views as acceptable.

As western Canadas largest health profession regulator we believe a diverse and inclusive team enriches our efforts to protect the public. We welcome applications from all who reflect of the communities we serve and especially encourage Indigenous Peoples and members of equity-seeking groups to apply. We believe diverse perspectives and experiences bring both innovation and better outcomes to the work we do and the decisions we make.

BCCNMs commitment to Indigenous Specific Anti-Racism

As the largest health regulator in Western Canada BCCNM has the opportunity to influence the health professionals we regulate as well as the broader health-care system to break the cycle of racism and improve health outcomes for Indigenous Peoples. BCCNM has pledged to become culturally safe and anti-racist and to support the health professionals we regulate to do the same.

What we offer you

We promise to provide you with rewarding work that challenges you. You will be part of a passionate team contributing to our important mandate of protecting the public. As a member of the team you can expect to be working in a collaborative team-based environment and treated in a respectful and professional manner.

The expected starting base salary for this position is $121764 - $127853 annually depending on a variety of factors including qualifications and experience. Once hired you will progress through a wider salary range over time as you continue to develop job knowledge skills and competencies for the role.

In addition to base salary the college offers a generous vacation and extended benefits package. As an employee you receive 100% employer-paid health and dental benefits. And we contribute to B.C.s Municipal Pension Plan to help you secure your retirement your career with us you will engage in a variety of learning and development. We will support your professional development and cover your professional membership costs. To support you in work and life we provide an employee assistance program and fitness allowance perk. Working with us allows you to enjoy flexible hybrid work. This position is located in Vancouver but youll be able to work remotely up to 3 days a week. Our office is closed for the 11 statutory holidays in B.C. as well as Easter Monday and Boxing Day.

What youll be doing

Reporting to the Information Technology Architect (ITA) the Information Security Analyst (ISA) assesses risk and establishes a secure information processing environment through the management of a security program incorporating policies strategies mitigation plans measurement programs architecture and training processes. The ISA develops and manages the security program under the guidance of the ITA and with the support of the Director of IT and external IT security service providers.

Security is a key component of BCCNMs Information Technology architecture. Protecting data and fulfilling regulatory obligations is critical to the public having unshakeable confidence in BCCNM as a healthcare regulator.

The ISA is a member of the IT Architecture team and collaborates with IT staff and other Operations teams to identify recommend implement and manage security solutions controls and processes in order to protect BCCNM data and operations.

The ISA works with the ITA the Director of IT and external IT security service providers to ensure that security considerations are integrated into new systems features and changes and information exchanges with third parties. The ISA has a key role in IT security roadmap initiatives collaborates with IT in responding to penetration testing and vulnerability assessments and drives security incident response activities (if necessary in collaboration with external service providers).

Key responsibilities include:

• Maintain up-to-date knowledge of the IT security landscape including awareness of attacks and threat vectors security processes and security solutions.
• Advise on emerging information security threats and vulnerabilities as well as evolving industry standards and best practices.
• In collaboration with the ITA and with the support of external IT security service providers develop implement and manage an IT Security Program which establishes and maintains a secure information processing environment at BCCNM.
• Based on the IT Security Program develop and maintain BCCNMs security environment as necessary for protecting information systems and technology assets (standards policies baselines guidelines procedures processes controls and documentation).
• In consultation with the ITA and Director of IT maintain an information systems security risk register and recommend security controls to be designed and implemented in collaboration with IT Teams.
• Collaborate within the IT Teams to ensure that solutions align with an established security framework such as the BC Governments Defensible Security Framework.
• Participate in risk assessments in collaboration with the IT and IM Teams.
• Improve overall enterprise security through maximizing value from existing security solutions and where necessary driving process to enhance current solutions or select/acquire additional solutions.
• In consultation with the ITA and the Director of IT ensure appropriate standards processes and procedures are in place for the design implementation administration and documentation of information security systems and controls including but not limited to:

• • Monitoring for vulnerability alerts and timely application of maintenance and patches to all technology components
  • Adequate virtual network segmentation and firewall configuration (for internal or hosting providers use)
  • Adequate security testing of custom-developed technology solutions
  • Automatic configuration of all system components to use secure settings through methods such as Windows Group Policies and Microsoft 365 platform policies.
  • Management of platform operating system and application-level access permissions and identities including creation of access matrix documentation across all relevant environments whether cloud-based or on-premise.
  • Monitoring of event and security logs and automatic alert generation
  • Response to security alerts and incidents including investigation assistance to users reporting suspected incidents and taking actions to contain detected threat activity and minimize damage.
  • Participate in the development maintenance and testing of the Disaster Recovery Plan where appropriate.
  • Provide input on security requirements to be included in request for proposals (RFPs) statements of work (SOWs) and other procurement documents.
• Demonstrates a commitment to ongoing learning related to Indigenous cultural safety and humility and supporting organizational actions towards addressing indigenous-specific racism in BCs health care system.

Your education & skills:

• Bachelors degree in Computer Science Engineering or related field and/or equivalent combination of education and experience.
• Minimum 5-7 years direct experience in cybersecurity including developing implementing and managing an IT security program.
• Certified Information Systems Security Professional (CISSP) Systems Security Certified Practitioner (SSCP) or similar certification is desirable
• Experience with security architecture and controls across Microsoft cloud and on prem products and services including Microsoft 365 Dynamics 365 Azure and Microsoft networking products and services.
• Knowledge of computer networking concepts and protocols (e.g. TCP/IP DNS) and network security methodologies.
• Knowledge of network access identity and access management (e.g. public key infrastructure Oauth OpenID SAML SPML).
• Knowledge of capabilities and applications of network equipment including routers switches servers transmission media and related hardware.
• Knowledge of remote access technology concepts.
• Knowledge of application firewall concepts and functions (e.g. single point of authentication enforcement data anonymization DLP scanning SSL security).
• Strong analytical and problem-solving skills.
• Exceptional written oral and interpersonal communication skills.
• Ability to work in collaborative team environments and to negotiate with multiple stakeholders.
• Experience in developing disaster recovery plans is an asset.
• Knowledge of the Health Professions Act (HPA) Declaration on the Rights of Indigenous Peoples Act (DRIPA) and BCCNM bylaws is an asset.
• Knowledge of Canadian colonial impacts on Indigenous people in social and health contexts including social economic political and historical realities impacting Indigenous communities and knowledge of Indigenous-specific anti-racism and accompanying reports (e.g. The Truth & Reconciliation Commissions 94 Calls to Action (2015) the In Plain Sight Report (2020) and Reclaiming Power and Places Calls for Justice (2019)) is an asset.
• Demonstrated understanding of equity diversity inclusion and cultural humility as they apply to health care is an asset.

How to Apply

If you are interested in this position please apply online by 11:59pm on July 30 2025. This opportunity will remain posted until filled; however priority consideration will be given to those who apply by the deadline. To see a full list of our current opportunities or to learn more about working at the BC College of Nurses & Midwives please visit our website at Careers at BCCNM.

Collection Notice

To apply to a job posting you need to create an online account with BCCNM. To create an online account as well apply for a job posting youll be asked to provide personal information.

The BC College of Nurses and Midwives (BCCNM) collects your personal information for the purposes of creating your online account as well as for recruiting evaluating and selecting employees. The legal authority for collecting this information is under section 26 British Columbias Freedom of Information and Protection of Privacy Act. If you have any questions please contact .

Please note:BCCNM no longer requires staff contractors board and committee members and volunteers to provide an attestation of vaccination related to the Covid-19 pandemic.

In the event of a Public Health Order being issued the College is committed to full compliance with all directives and guidelines set forth by the Provincial Health Officer (PHO) to ensure the safety and well-being of our employees and the community partners we work with consistent with the duty of the College to serve and protect the public.