Security Analyst – Project REACH - Temporary Full-Time 2025-13849

Classification: Temporary Full-Time (1-year contract, starting September 2025, with the possibility of extension)

Sunnybrook Health Sciences Centre is a nationally and internationally recognized academic health centre with multiple sites across the Greater Toronto Area (GTA). We provide expert, compassionate care to patients across Ontario, deliver broad and specialized education to thousands of learners, and lead cutting-edge research that shapes the future of healthcare.

As part of a major digital and clinical transformation, Sunnybrook is launching Project REACH, a multi-year initiative to implement a new health information system (HIS) across all campuses and satellite sites. Project REACH is rooted in clinical transformation and care redesign. Led by the Clinical Informatics Team, the project aims to enhance patient care, improve clinical workflows, and better support our care teams.

Overview:

Reporting to the HIS Project Director, Technology, Infrastructure, Devices, the Security Analyst will support cybersecurity activities related to the implementation of a new Health Information System (HIS) across a multi-site hospital environment. This role is responsible for ensuring appropriate access controls, conducting risk assessments, supporting vulnerability management, and ensuring HIS security design aligns with regulatory, organizational, and industry best practices.

Key Responsibilities:

• Conduct security risk assessments and vulnerability scans on HIS infrastructure and integrations.
• Collaborate with technical and project teams to ensure secure design, implementation, and deployment of HIS components in alignment with best practice and Hospital cyber controls.
• Develop and maintain security policies, procedures and documentation.
• Monitor, investigate, and respond to security events related to the HIS environment, escalating as required.
• Support implementation of HIS-specific security controls including identity and access management, endpoint protection, and encryption.
• Assist in the review and validation of HIS-related technical security documentation and vendor deliverables.
• Coordinate with vendors, auditors, and internal stakeholders to ensure compliance with information security requirements.
• Contribute to HIS security governance, including policy development, awareness training, and reporting.

Qualifications:

• Degree or diploma in Computer Science, Information Security, or related field.
• Minimum 5 years of experience in an information security role, preferably within healthcare or complex IT environments.
• Experience supporting system implementations or large-scale enterprise technology projects.
• Certifications such as CISSP, CISA, CEH, or CompTIA Security+ preferred.
• Familiarity with PHIPA, HIPAA, ISO 27001, NIST, or HTRA methodologies.
• Strong knowledge of security tools and controls (e.g., firewalls, endpoint protection, SIEM platforms).
• Excellent problem-solving, communication, and documentation skills.