Security Analyst

Security Analyst

Contract REMOTE / GTA, ON October 2, 2022

Security Analyst

As an integral member of the Information Services division, the Security Analyst reports to the Manager, Information Security and Privacy.

The Security Analyst will identify, design and implement technical security solutions, controls and tools, governance and policy, support operations and shares in the responsibility for activities related to the development, implementation and operation of our Client’s information security program, based on the information security strategy developed by the Lead Security Analyst.

The Security Analyst is recognized as an expert in the Information Security domain and will work with Company stakeholders to understand how technology can be leveraged to support their business goals while ensuring it aligns with the organizations information security strategy.

Responsibilities

• Identify and report on information security risks, threats, vulnerabilities and breaches and make recommendations on remediation opportunities to manage risks.
• Develop, implement and maintain information security governance, policies, procedures and controls in coordination with Director, HIM and Information Privacy and Security to ensure continuous improvement aligned with the changing risk landscape.
• Assist and support the development and delivery of an Information Security strategic and operating plans.
• Implement best practice procedures to ensure uniform security architecture throughout Application Development, Operations and Infrastructure.
• Ensure the team develops and implements the information technology security architecture framework.
• Ensuring the continuous delivery of day-to-day information security and privacy operations.
• Ensure team can provide 7 24 monitoring and security incident response.
• Leads or commissions forensic analysis on security incidents.
• Ensure the security processes and procedures are followed at all times and escalations are performed in a timely manner.
• Leads design and execution of vulnerability assessments, penetration tests, risk assessments, and security and privacy audits and ensures they are performed on regular intervals.
• Develop materials and promote activities to foster information security awareness across the organization.
• Ensures that projects, programs and other activities in IS are implemented with proper consideration given to information security.
• Determines minimum security requirements for applications and systems based on policy, data sensitivity, exposure, and other factors.
• Maintain current knowledge security industry trends and technologies
• Evaluate new technologies including emerging concepts for security impact on the environment and makes appropriate recommendations.
• Monitor internet for emerging threats of new attacks and threat vectors.
• Leads technical implementations of security-related systems.
• Understand current regulatory environment and related implications to security management compliance.
• Effectively communicate with a wide range of technical and non-technical personnel.
• Review and validate IT controls and assess the impact of any related IT deficiencies.
• Ensure that all documentation and materials are regularly reviewed and up to date.
• Vendor relationship management.
• After hours on call work maybe required for this role.

Work Experience Requirements

• At least 5+ years of Information Security experience with expertise in either client / server, network or application security engineering.
• Direct working experience performing IT security and risk assessments and audits :

o Working knowledge of information security frameworks such as the National Institute of Standards and Technology (NIST) Cyber Security Framework (CSF), and ISO 2700 standards.

o Working knowledge of auditing frameworks such as COBIT or PCI.

• Certified Information Systems Security Professional (CISSP) certification is an asset.
• Health care experience an asset.
• Experience interpreting industry and regulatory requirements and authoring supporting controls.
• Strong business and technical acumen.
• Excellent written and verbal communication skills.

Desired Skills and Knowledge

• Identity and access management (I&AM) experience with Active Directory, NTFS permissions, LDAP, and Single Sign On (SSO) solutions.
• Experience developing and maturing information security governance frameworks, such as NIST CSF
• Experience performing Application penetration testing
• Application and database security experience including code reviews.
• Network and security engineering experience including log and network traffic capture analysis.
• Strong understanding of network protocols (e.g. IP, TCP / IP) and other network administration protocols.
• Familiarity with Windows, Linux, and UNIX based operating systems.
• Familiarity and knowledge of application development processes and typical application architectures.
• Familiarity and understanding of encryption concepts.
• Experience with system hardening procedures for Windows, Linux and UNIX platforms.
• Security operations experience with firewalls, IDS / IPS, SEIM and end-point protection platforms.
• Familiarity with Web application development experience using .NET framework as well client side applications for all mobile platforms.
• Familiarity with database technology including Oracle and MS SQL.
• Experience in with Business Continuity Plans and Disaster Recovery Plans.
• Familiarity with Information Technology Infrastructure Library (ITIL) concepts.
• Familiarity with architecture frameworks such as The Open Group Architecture Framework (TOGAF).
• Demonstrated ability to understand the business side of information risk.
• Strong analytical, research, writing, and communication skills.
• Must have the ability to communicate with internal / external customers, vendors, management etc. in both formal and informal situations.
• Ability to work with teams to achieve goals and meet deadlines in a fast-paced environment.
• Works well under pressure and time constraints and can prioritize competing priorities appropriately.
• Can work independently with minimal supervision and direction.

Key System Experience

• Firewall : Palo Alto Networks NGFW
• Email Security : ProofPoint Email Security Gateway
• Endpoint Protection : Carbon Black Defense, McAfee EPO
• Vulnerability Management : Tenable Security Center
• SIEM : Tenable LCE
• Nice to have : Cloud Security for Azure / AWS, Scripting

Education

• Undergraduate degree in Information Management, Computer Science, Engineering, or emphasis in technology or related field
• Masters degree or postgraduate diploma in information / computer science or a technology-related field preferred.

Security Analyst

Contract REMOTE / GTA, ON October 2, 2022

202-626 King St. W.

Toronto, ON, M5V 1M7

Canada

Stay up-to-date on current recruitment and hiring trends :

Email Address

J-18808-Ljbffr