RQ10341 Security Specialist Threat Risk Assessment Senior

• Manage and maintain Information Security Management System (ISMS) design and implementation of new information security controls processes continuous improvement and documentation
  
• Provide ongoing operations as required by ISO/IEC27001:2013 including developing annual information security plan monitoring performance of ISMS preparing monthly status report conducting annual audit and managing
  
• Lead and support creation of change Security and Privacy impact assessments for system changes Liaison between users and other team members
  
• Implement and maintain security and privacy audit management program and framework
  
• Primary point of contact for coordinating and communicating between Security and Privacy resources and technical implementation and business teams
  
• Work with operation Leads and stakeholders to identify and manage security standards privacy legislation compliance and business risks
  
• Provide operational support for application systems (MIS) Management Information Systems and (HRIS) Human Resource Information Systems. Ensure compliance with security and privacy best practices ISO 27000.
  

Requirements

• 5 years of experience as a privacy expert including:
  
• Managing privacy risks in the collection use and disclosure of assessment information within and between HSPs
  
• Leading end-to-end operational risk assessments including selecting risk methodologies identifying privacy compliance gaps priorities dependencies and redundancies and recommending process remediation or simplification implementing information privacy best practices in the operation of healthcare systems containing personal health information
  
• Developing implementing and operating information security and privacy risk management programs based on the ISO/IEC 17799/27001/27799 standards including strategic planning benefits-driven approaches performance evaluations and implementation plans
  
• Implementing information security and privacy best practices including but not restricted to risks to the security of data (such as financial information) and risks to the privacy of personal information
  
• Experience with commonly used business software (e.g. word processing spreadsheet database management in order to develop complete systems user and operations documentation
  

• Extensive experience in conducting conceptual logical and physical Privacy Impact Analysis (PIAs) Threat Risk Analysis (TRAs);
  
• Experience in testing privacy and security functions
  
• Extensive experience of implementing and operating security technologies and conducting vulnerability assessments and penetration testing
  

• Proven track record for building strong working relationships
  
• Strong interpersonal and verbal and written communication skills
  
• Excellent customer service skills including tact and diplomacy to ensure client needs are managed effectively
  
• Excellent analytical problem-solving and decision-making skills
  
• Ability to apply strong listening skills to facilitate issue resolution
  
• A motivated flexible creative team player with perseverance excellent multi-tasking abilities and a proven track record for meeting strict deadlines
  
  

MUST HAVES:

• Leading end-to-end operational risk assessments including selecting risk methodologies identifying privacy compliance gaps priorities dependencies and redundancies and recommending process remediation or simplification implementing information privacy best practices in the operation of healthcare systems containing personal health information
  
• Developing implementing and operating information security and privacy risk management programs based on the ISO/IEC 17799/27001/27799 standards including strategic planning benefits-driven approaches performance evaluations and implementation plans