Together, we do amazing things every day. Imagine a supportive employer, a career that fits your lifestyle, and many learning opportunities. With the Hamilton Family Health Team, you can have all of that, and more. We work hard to create an innovative and diverse workplace that values the contributions of our employees. No matter what your role, working with us is about making a difference – every day!
Your Opportunity:
We are seeking an experienced and relationship-driven Cyber Security Specialist for a 12-month contract to lead cybersecurity risk assessments and practical risk mitigation planning across a network of affiliated community-based healthcare organizations.
This role works directly with individual physician offices and community partners to assess cybersecurity posture, and identify risks related to health information and operational systems, and develop tailored cybersecurity risk profiles with practical, cost-conscious mitigation strategies.
The ideal candidate combines strong cybersecurity expertise with a collaborative and pragmatic approach. Success in this role requires the ability to build trusted relationships, communicate technical risk in business terms, and develop achievable recommendations that reflect operational realities, organizational maturity, and budget limitations.
The Cyber Security Specialist will work closely with the IT Manager, Privacy Officer, affiliate site leadership, and external vendors and partners as required.
Roles and Responsibilities:
Cybersecurity Risk Assessment & Advisory
· Conduct cybersecurity risk assessments across affiliated community and healthcare sites, including onsite reviews of technical, administrative, and physical safeguards
· Evaluate cybersecurity controls, operational processes, and security practices related to the protection of health information, business systems, and operational continuity
· Assess organizational risk exposure across confidentiality, integrity, and availability domains
· Identify vulnerabilities, control gaps, operational risks, and areas requiring remediation while considering organizational size, technical maturity, and available resources
· Develop site-specific cybersecurity risk profiles, including:
- Risk ratings
- Key findings
- Prioritized recommendations
- Practical remediation opportunities
Risk Mitigation & Practical Planning
· Develop pragmatic, cost-conscious mitigation strategies tailored to smaller healthcare and community organizations with limited internal cybersecurity capacity
· Recommend foundational cybersecurity controls and achievable remediation activities that materially reduce risk without requiring significant capital investment
· Support the development of right-sized cybersecurity roadmaps aligned to operational priorities and risk exposure
· Provide guidance on minimum cybersecurity standards, best practices, and governance expectations appropriate for community healthcare environments
· Identify opportunities for shared services, standardization, and coordinated cybersecurity approaches across affiliated sites where feasible
Stakeholder Engagement & Relationship Management
· Build strong working relationships with leadership, operational teams, technical staff, and external stakeholders across affiliated organizations
· Work collaboratively with organizations operating under independent governance structures and varying levels of cybersecurity maturity
· Understand operational impacts of recommendations, including workflow, staffing, and service delivery considerations
· Act as a trusted cybersecurity advisor by balancing risk reduction with practical operational realities
· Facilitate collaborative discussions to build alignment, trust, and shared accountability across participating organizations and educate on Cybersecurity principals ands best practices in which need to be adapted.
Reporting & Governance
· Prepare clear, concise cybersecurity risk assessment reports and executive summaries for leadership and stakeholders
· Present findings, recurring risk themes, and prioritized recommendations to both technical and non-technical audiences
· Support the development of a consolidated cybersecurity risk view across affiliated organizations to inform strategic planning and prioritization
· Track common risks, trends, remediation activities, and shared mitigation opportunities across the affiliate network
Working Conditions
· Hybrid work model with regular onsite visits to affiliated healthcare and community partner locations
· Travel across multiple locations is required
· Must be comfortable working within varied technical, operational, and organizational environments
· Valid driver’s license and reliable access to transportation required
Qualifications and Skills:
Experience
· 5+ years of progressive experience in cybersecurity, information security, or IT risk management
· Demonstrated experience conducting cybersecurity risk assessments and developing practical remediation plans
· Experience supporting healthcare organizations, regulated environments, or health information systems strongly preferred
· Experience working with smaller organizations, community-based providers, or multi-site environments considered an asset
· Proven ability to balance cybersecurity best practices with operational and financial realities
Knowledge & Skills
· Strong understanding of cybersecurity frameworks and control standards, including:
o NIST Cybersecurity Framework (CSF)
o CIS Controls
o ISO 27001
· Strong understanding of healthcare cybersecurity risks, privacy considerations, and protection of health information
· Ability to assess cybersecurity risk across people, process, and technology domains
· Excellent interpersonal and relationship-building skills
· Strong communication skills with the ability to translate technical cybersecurity risk into clear, actionable business language
· Strong analytical, documentation, and reporting capabilities
· Practical, solutions-oriented mindset focused on sustainable and achievable risk reduction
Education & Certifications
· Bachelor’s degree in Cybersecurity, Information Technology, Computer Science, or a related field
· Relevant cybersecurity certifications considered an asset, including:
o CISSP
o CISM
o CRISC
o HCISPP
Contract Deliverables
By the end of the 12-month engagement, the Cyber Security Specialist will deliver:
· Site-level cybersecurity risk assessments across affiliated organizations
· Individualized cybersecurity risk profiles for participating sites
· Prioritized and practical mitigation recommendations tailored to each organization
· Consolidated cybersecurity risk summaries identifying:
o Common themes
o Shared risks
o Strategic opportunities
· Foundational cybersecurity recommendations appropriate for smaller, resource-constrained healthcare organizations
Why join the HFHT?
Competitive Employee Value Proposition including, but not limited to: Healthcare of Ontario Pension (HOOPP) Extended health care benefits including health, dental, vision & critical Illness insurance Meaningful, purpose-based work 12 paid Stat holidays and one (1) extra float day Flexible work schedule Ongoing green initiatives
Summary
Classification: Non-Union
Primary Location: Hamilton
Employee Class: Temporary Full Time (Up to 12 Months)
Schedule: Monday-Friday
Salary: $84,500 - $96,536
Application Instructions: Interested applicants please submit résumé and cover letter as one document using naming convention Last name, First name_Position via email: hr@hamiltonfht.ca
Note: If successful in receiving a job offer with the Hamilton Family Health Team, new hires will be required to provide proof of full COVID-19 vaccination prior to start date as a condition of their employment. If successful candidates are unable to get their COVID-19 vaccination as a result of a medical exemption, they will be required to submit supporting documentation to determine if they are exempt from this requirement.
