The Healthcare Insurance Reciprocal of Canada (HIROC) is a trusted healthcare safety advisor, committed to offering a full spectrum of insurance, risk and claims management products and support.
HIROC knows healthcare as it’s the largest not-for-profit healthcare liability insurer in the country, with over 700+ healthcare organizations part of the Reciprocal. Combined with sage counsel and risk management solutions, HIROC works with its partners to increase safety.
As a Reciprocal, HIROC is governed by its Subscribers and remains an innovative, agile and proactive partner. Since its inception in 1987, the not-for-profit has returned over $200 million to the healthcare system.
HIROC’s thirty-plus years of data is combined with its extensive experience to advise and share learnings, all with the goal of scaling knowledge and increasing safety across Canada’s healthcare system.
One common thread running through HIROC’s culture is the feeling of being part of something unique: partnering to create the safest healthcare system – HIROC’s vision.
Each employee has the opportunity to find their calling and help build a stronger organization designed to meet the needs of its Subscribers. As a Top 100 GTA Employer eight years running, HIROC employees are empowered to find solutions and create amazing experiences in service to its Subscribers.
Join us and be part of the team working to make a difference.
Key Responsibilities
- Coordinate and gather required evidence to assess compliance for Data Protection, Information Security and Privacy
- Assist HIROC’s Lead, Privacy and Compliance Officer with SOC 2 compliance review activities and third-party audit activities
- Assist HIROC’s Lead, Privacy and Compliance Officer and Lead, Infrastructure with assessment with gathering evidence and assessing NIST Cybersecurity Framework compliance
- Track and monitor statuses on privacy and security recommendations for new systems, cloud solutions and projects affecting sensitive data
- Coordinate remediation activities of identified vulnerabilities and exploits
- Assist with remediation efforts as required (e.g. patch update, decommissioning of servers, etc.)
- Help develop knowledge base for IT (e.g. repository of procedures, changes to technology, etc. associated with change management)
- Conduct phishing simulation campaigns and lead staff awareness training
- Maintain and update existing documentations, including policies, checklists, asset inventories, etc.
- Monitor various communication avenues for security vulnerabilities and security patches. Assess security vulnerabilities and security patches across the operating environment.
- Review penetration test and vulnerabilities scan results and coordinate mitigating activities with Information Technology and Information Systems team.
- Undertake least invasive vulnerability testing as instructed by Lead, Privacy and Compliance Officer (e.g. Nessus Scans)
- Assist in the administration of HIROC’s Data Governance program, with a focus on data security and privacy controls
- Working with our MSSP to support the technical investigations of alerts that are generated via the SIEM and SOC
- Assist with the development and delivery of information security awareness training programs
- Assist the with the development of regular and ad-hoc security assessments and analytical reports for dissemination to various audiences, including Executive Team, Operations, and Employees
- Work with HIROC’s Lead, Privacy and Compliance Officer with rolling out a Compliance Management System
- Other duties as assigned
Knowledge, Skills & Abilities
- Demonstrate strong organizational, research, analytical and problem-solving skills to evaluate situations, make recommendations and take effective action
- Capable of articulating complex technical concepts or scenarios to both technical and non- technical audiences
- Professional security or intelligence designation is an asset (e.g. CISSP, CSX-P, CRISC)
- Detailed understanding of information security concepts and ability to work with subject matter experts in IT and cybersecurity
- Good knowledge of security management principles, practices, policies, and procedures
- Demonstrates good communication skills and a good team player
- Passionate about corporate security, analysis and problem-solving
Education, Training & Experience
- Completed post-secondary education at the Bachelor or College level in Information Technology and 5 years of related work experience or an equivalent combination of education and experience
- Cyber security related experience and understanding of NIST framework and SOC2 audits would be considered an asset
Hours of Work
- Monday-Friday 8:30am-4:30pm, some flexible hours may be required to meet Subscriber needs.
- May be required to occasionally work after- hours
Working Conditions
- Normal working conditions in an office setting. Working at computer for most of the day.
- Some travel may be required – Presentations, conferences, and courses.
- Hybrid work model.
How to Apply
Please submit your résumé to [email protected].
In order to be considered for this position, please include a current résumé or detailed qualifications summary with your application. Only those selected for an interview will be contacted.
HIROC is committed to fostering a climate of equity, diversity, inclusion, and accessibility. HIROC respects the diversity of all members of its community and welcomes applications from those who have demonstrated a commitment to the values of equity, diversity and inclusion. Applications from members of groups that have been historically disadvantaged and marginalized, including First Nations, Métis and Inuit peoples, racialized persons, persons with disabilities, those who identify as women, 2SLGBTQ+, individuals who self-identify on the basis of any of the protected grounds under the Human Rights Code and/or others who may contribute to the further diversification of ideas within its community are encouraged. HIROC is committed to fair assessment of a candidate’s abilities, and consideration for diversity of thought, method, and experience, including non-traditional career paths.
HIROC is committed to providing a barrier-free environment for all stakeholders, including its participants, employees, job applicants, suppliers, the public and any visitors who may enter its premises, access its information, or use its services. As an organization, HIROC respects and upholds the requirements set forth under the Accessibility for Ontarians with Disabilities Act (AODA) and its associated standards and regulations and will ensure that HIROC offers a safe and welcoming environment that is respectful of each person's dignity and independence.