Information Security Analyst I

Staff - Non Union

Job Category
M&P - AAPS

Job Profile
AAPS Salaried - Information Systems and Technology, Level C

Job Title
Information Security Analyst I

Department
Information Security | Dean's Office | Faculty of Medicine

Compensation Range
$6,551.00 - $9,418.83 CAD Monthly

The Compensation Range is the span between the minimum and maximum base salary for a position. The midpoint of the range is approximately halfway between the minimum and the maximum and represents an employee that possesses full job knowledge, qualifications and experience for the position. In the normal course, employees will be hired, transferred or promoted between the minimum and midpoint of the salary range for a job.

Posting End Date
April 8, 2024

Note: Applications will be accepted until 11:59 PM on the day prior to the Posting End Date above.

Job End Date

This position is located within a health-care facility, therefore, the successful candidate will be required to provide verification of full vaccination against Covid-19 provided prior to the start date, as required by a provincial health mandate.

At UBC, we believe that attracting and sustaining a diverse workforce is key to the successful pursuit of excellence in research, innovation, and learning for all faculty, staff and students. Our commitment to employment equity helps achieve inclusion and fairness, brings rich diversity to UBC as a workplace, and creates the necessary conditions for a rewarding career. 

Job Summary

The Information Security Analyst I provide technical expertise to support the delivery of information security services and controls within the Faculty of Medicine, ensuring the ongoing management and implementation of security measures based on client needs, University policies, information security standards and compliance requirements. The success of this position is greatly dependent on the individual’s ability to:

• Design and implement IT systems to address security challenges and mature defense capabilities.
• Build relationships and collaborate with distributed IT & security teams across the organization.
• Engage in various projects (vulnerability assessments, risk remediation and security awareness).
• Effectively communicate technical information to stakeholders.
• Take initiative, and embrace problem-solving, continuous improvement, learning and growth.

Organizational Status

The University of British Columbia is a global centre for research and teaching, consistently ranked among the top 20 public universities in the world. Since 1915, UBC’s entrepreneurial spirit has embraced innovation and challenged the status quo. UBC encourages its students, staff and faculty to challenge convention, lead discovery and explore new ways of learning. At UBC, bold thinking is given a place to develop into ideas that can change the world.

Our Vision: To Transform Health for Everyone

Ranked among the world’s top medical schools with the fifth-largest MD enrollment in North America, the UBC Faculty of Medicine is a leader in both the science and the practice of medicine. Across British Columbia, more than 12,000 faculty and staff are training the next generation of doctors and health care professionals, making remarkable discoveries, and helping to create the pathways to better health for our communities at home and around the world.

The Faculty—comprised of approximately 2,200 administrative support, technical/research and management and professional staff, as well approximately 650 full-time academic and over 10,000 clinical faculty members—is composed of 19 academic basic science and/or clinical departments, 3 schools, and 25 research centres and institutes. Together with its University and Health Authority partners, the Faculty delivers innovative programs and conducts research in the areas of health and life sciences. Faculty, staff and trainees are located at university campuses, clinical academic campuses in hospital settings and other regionally based centres across the province.

The UBC Vancouver Campus is located on the traditional, ancestral, and unceded territory of the xʷməθkʷəy̓əm (Musqueam) people. The City of Vancouver is located on Musqueam, Squamish, and Tsleil-Waututh First Nations territory.

Reports to the Senior Information Security Manager within the Faculty of Medicine Digital Solutions team. Works independently, collaborates and interacts directly with management, staff and technology professionals from various units within the Faculty of Medicine, the Cybersecurity team, Information Technology, Privacy and Information Security Management, and other teams.

Work Performed

• Provides technical expertise in monitoring and analyzing complex system security events and issues.
• Participates in developing mitigation strategies that describe the issue, risk, solution, and maintenance to prevent future problems or failures.
• Investigates security control deficiencies and implements or coordinates remediation required to ensure appropriate risk management actions are taken to address them, documenting exceptions as necessary.
• Contributes to the design, provisioning, and configuration of systems to strengthen cybersecurity and enhance resilience of Administrative, Academic, and Research Systems.
• Gathers information from application and system owners to assist in application system protection assessments.
• Reviews, assesses, and rates security vulnerabilities, collaborating with subject matter experts and technical owners to mitigate identified vulnerabilities and respond to new or observed threats, in adherence to a risk-based methodology.
• Ensures issues are addressed by continually scanning the environment and maintaining regular contact with service owners, escalating issues as appropriate.
• Contributes to reducing cyber risk caused by phishing-based threats, with an emphasis on creating, maintaining, and providing training for employees to better manage or respond to phishing attacks.
• Consults with users to determine their cybersecurity needs, analyzes and reviews existing security solutions' features and requirements.
• Develops relationships with IT teams within the Faculty of Medicine, building a solid understanding of the individual units within the faculty, and applying knowledge of their environment and priorities to cybersecurity solutions and compliance towards Information Security Standards.
• Assists in developing, maintaining, and communicating technical documentation, such as operational procedures, guides, architectural diagrams, data flow diagrams, and knowledge base articles.
• Contributes to the planning and implementation of small-to-medium-sized projects, as assigned.
• Supports internal software development teams to ensure that the development lifecycle aligns with industry best secure practices.
• Maintains appropriate professional designations and up-to-date knowledge of current cybersecurity techniques and tools.
• Respond to threats occasionally outside of regular business operating hours.
• Performs other related duties as required.

Consequence of Error/Judgement

Cybersecurity plays a key role in enabling the University to achieve its goal of becoming one of the world's leading universities. The services supported by Cybersecurity require reliable application systems in order to provide critical functions that support all students, faculty and staff. These systems must be available on a 7x24 basis.

Decisions and actions taken by the Information Security Analyst I will have a direct impact on how efficiently and effectively the systems will perform and function. Errors in judgment, poor development, or failure to act decisively could have a detrimental effect on these systems. Unreliable systems or failure to meet contractual obligations for performance and availability will damage the reputation of UBC. This could adversely impact the University community, including the large majority of students, faculty and staff, and could cost hundreds of thousands of dollars in lost productivity, funding and revenue.

Supervision Received
Works under the general direction of the Senior Information Security Manager and Information Security Analyst II within the Faculty of Medicine Digital Solutions team. May receive direction from senior technical staff as assigned. The Information Security Analyst I must be able to work independently as well as contribute actively and collaborate openly as a team member.
Supervision Given
Acts as a mentor to other less experienced members of the team and may oversee day to day work on a project basis of other Information Security, Systems Administrators or IT professionals.
Minimum Qualifications
Undergraduate degree in a relevant discipline. Minimum of three years of related experience, or the equivalent combination of education and experience.
- Willingness to respect diverse perspectives, including perspectives in conflict with one’s own

- Demonstrates a commitment to enhancing one’s own awareness, knowledge, and skills related to equity, diversity, and inclusion

Preferred Qualifications

• Work experience in the cybersecurity and IT risk management spaces. Significant experience with complex enterprise IT systems administration and project support with the design and implementation of medium to large scale application systems.
• Experience managing and supporting Microsoft Active Directory, Windows Server, MS-SQL, MySQL, Unix/Linux, and using backup and recovery tools in a virtual environment.
• Experience supporting, securing, and remediating information systems is required.
• Knowledge of computer networking concepts, security methodologies and protocols (e.g., TCP/IP, DNS, LDAP, TLS) and network access, identity, and access management (e.g., public key infrastructure, OAuth, OpenID, SAML).
• Experience and a working knowledge of SDLC methodologies, systems automation and deployment tools such as Puppet or Ansible, scripting languages such as Python, common version control tools, unified communications systems and standard office productivity tools.
• Knowledge of firewall management, web application security standards (e.g., OWASP ASVS), web application authentication, protocols, data transmission methods, and how to mitigate web application vulnerabilities.

Collaboration - Takes initiative to actively participate in team interactions. Without waiting to be asked, constructively expresses own point of view or concerns, even when it may be unpopular. Ensures that the limited time available for collaboration adds significant customer value and business results.

Communication for Results - Converses with, and writes to, peers in ways that support transactional and administrative activities. Seeks and shares information and opinions. Explains the immediate context of the situation, asks questions with follow-ups, and solicits advice prior to taking action.

Problem Solving - Investigates defined issues with uncertain cause. Solicits input in gathering data that help identify and differentiate the symptoms and root causes of defined problems. Suggests alternative approaches that meet the needs of the organization, the situation, and those involved. Resolves problems and escalates issues with suggestions for further investigation and options for consideration as required.

Accountability - Checks assumptions about mutual expectations and clarifies standards of overall performance. Checks the scope of responsibilities of self and others. Monitors day-to-day performance and takes corrective action when needed to ensure desired performance is achieved.

Business Process Knowledge - Defines routine, integrated processes. Documents processes using basic formal process charting techniques. Applies process definitions and flows to work performed. Identifies process bottlenecks and contributes suggestions for process improvement.

Information Systems Knowledge - Possesses a basic understanding of the strategy, structures, processes, and procedures of the enterprise in its relationship with the business and its activities. Troubleshoots in response to requests for technical support. Identifies problems and needs. Escalates problems to appropriate technical experts.

Initiative - Seeks out new challenges that require risk taking. Determines the resources, team support, and technical needs necessary to enable success and procures them. Keeps responding to the challenge in spite of obstacles and setbacks.