Interoperability Cybersecurity Architect

At Canada Health Infoway (Infoway) we believe a more connected and collaborative system is a healthier system, and we work with governments, health care organizations, clinicians, and patients to make health care more digital. We’re working to ensure that everyone is able to access their personal health information, book appointments, get prescriptions, view lab test results and access other health services, online. We are working with our partners to transform the health system because we know that digital health can be as transformative as digital has been in other aspects of our lives. We are an independent, not-for-profit organization funded by the federal government.

Connected care means a healthier Canada, and Infoway is committed to advancing interoperability. Harnessing data sharing will result in “connected care” and a modern health system for all Canadians. In support of the provinces and territories, Infoway is facilitating a national collaborative effort to advance interoperability using a collaborative development process.

Together with our jurisdictional, clinical, patient and industry partners we are committed to improving the health of Canadians by accelerating the development, adoption and effective use of innovative digital health solutions.

Infoway is on a learning journey guided by what we learn from Indigenous voices. We are committed to respecting Indigenous data sovereignty, advancing cultural safety and humility and supporting the health and data priorities of First Nations, Inuit and Métis Peoples. We will do this through the development of respectful relationships and partnerships with First Nations, Inuit, Métis, Northern governments, organizations and communities, which will guide our efforts.

Why Join Us?

• Be part of a high-profile, ambitious, and exciting pan-Canadian initiative that improves the health of populations and unlocks value for the health system
• Work with a dynamic, multi-functional team of professionals dedicated and passionate about modernizing the health care system
• Demonstrate your strong organizational, technical leadership skills in a fast-paced, innovative, and supportive environment
• We take care of our employees

• Design, implement, and maintain robust security architectures and solutions that protect sensitive data and ensure compliance with healthcare regulations relevant to Canada.
• Foster excellent relationships to support cross-functional collaboration to integrate security best practices into system designs and application development processes.
• Lead threat modeling, security assessments, and vulnerability remediation strategies to secure healthcare data and systems.
• Ensure secure interoperability of health care data, including compliance with standards like HL7 FHIR, and other industry-specific data exchange protocols.
• Evaluate and create implementation guidance/standards for Pan-Canadian identity and modern access and (IAM) solutions, with a focus on federated identity, single sign-on (SSO), and multi-factor authentication (MFA).
• Design secure network and communication infrastructure
• Design secure Cryptography and Public Key Infrastructure (PKI) approaches for interoperability.
• Provide expert guidance on cloud security architectures for healthcare, ensuring compliance with industry standards and best practices.
• Conduct threat and risk assessments, work with risk owners to develop mitigation strategies, and oversee the implementation of risk management policies.
• Stay current with emerging threats, security trends, and regulatory requirements, especially in health care and health IT systems.
• Participate in security incident response activities and post-incident reviews to continuously improve the organization’s security posture.

• Bachelor's degree in computer science, Engineering, Information Security, or a related field, or equivalent work experience.
• Significant and relevant experience in cybersecurity, with a focus on architecting security solutions.
• Experience designing and implementing security solutions in healthcare environments.
• Strong understanding of healthcare data standards such as HL7 FHIR and interoperability challenges.
• Proficiency in identity and access management approaches, such as SSO, MFA, and federated identity.
• Proficiency in planning for and designing Cryptography and PKI systems.
• In-depth knowledge of security frameworks, such as NIST Cyber Security Framework, ISO 27001, and CIS (Centre for Internet Security) controls.
• Familiarity with approaches to securing cloud and hybrid IT environments (e.g., AWS, Azure, GCP).
• Familiarity with regulatory privacy requirements in healthcare, such as HIPAA, PIPEDA, and GDPR.

Preferred Qualifications:

• Experience with healthcare data interoperability standards and trusted framework initiatives, such as HL7 FHIR, IHE, and ONC’s TEFCA frameworks.
• Knowledge of cross-industry identity protocols and standards (e.g., OAuth, OpenID Connect, SAML,).
• Certifications such as ISSAP (ISC2), CISSP (ISC2), CISM(ISACA), CIPT (IAPP) or CCSP(ISC2) are a plus.
• Experience working with the Digital Governance Standards Institute, the Digital Governance Council, Pan-Canadian Trust Framework™ (PCTF) from DIACC (Digital Identification and Authentication Council of Canada)

Skills & Competencies:

• Strong analytical and problem-solving skills with attention to detail.
• Ability to work effectively and proactively in a team-oriented, collaborative environment.
• Excellent verbal and written communication skills, with the ability to explain complex security concepts to non-technical stakeholders.
• Ability to adapt to changing priorities and requirements in a fast-paced environment.
• Ability to create UML, swim lane, and similar diagrams that communicate a target architecture, workflow or dataflow.