Senior IT Security Analyst - Risk / Compliance

Senior IT Security Analyst - Risk / Compliance

Full-time

At Sleep Country Canada / Dormez-vous? (SCC / DV), we are inspired every day through our purpose to transform lives by awakening Canadians to the power of sleep and our vision to champion sleep as the key to healthier and happier lives, helping everyone achieve better tomorrows through better tonight’s.

Guided by our values We CARE About People; We WIN Together; We DREAM Big and We DELIVER with Excellence we are building on our 30-year foundation of taking care of each other and our customers’ sleep needs, with passion and commitment to be the best that we can be.

The Senior Technical Security Analyst ensures that all in-scope day-to-day and project activities are properly defined; effectively managed;

deliver the expected results; and meet SCC standards and policies, and that documentation, deployment, and testing are performed according to professional industry standards.

Reporting to the Manager, Information Security, responsibilities include but are not limited to :

• Lead the security compliance and design, implement and monitor controls to ensure adherence to PCI, ISO, NIST and other required company requirements.
• Lead and participate in assessment of technology risk, and conduct security assessments and audits.
• Assess information risk and facilitate remediation of identified vulnerabilities for IT security across the enterprise.
• Resolve security incidents in a timely and effective manner, ensuring minimal impact to the organization and learning from incidents to prevent future occurrences.
• Assist in design and execution of vulnerability assessments, penetration tests and threat assessments.
• Work with cross-functional teams to develop and implement incident response plans, including documenting procedures and conducting training exercises.
• Research, assess and provide gap analysis of current processes leading to the completion of documenting current processes and identifying opportunities for process improvements.
• Evaluate internal and external environment for threats related to Information Security and perform the role of Information Security subject matter expert to ensure these are properly addressed and controlled.
• Ongoing management of the organization’s security awareness program; ensure that organizational processes adhere to regulatory compliance requirements.
• Conduct studies that evaluate, recommend, and implement security solutions to enhance core security capabilities in the areas of security infrastructure, access management, identity management, networking, databases, and servers.
• Conduct research on emerging security threats and trends, and develop strategies to mitigate risks.
• Provide reporting and data-driven insights on the organization’s security posture, including vulnerabilities, incidents, and remediation efforts to senior management.

Minimum Requirements :

• 8+ years of work experience in Information Security or equivalent combination of transferrable experience and education through university or college degree in an IT related field.
• Proven leadership abilities including effective knowledge sharing, conflict resolution, facilitation of open discussions, fairness and displaying appropriate levels of assertiveness.
• Proven ability to work under stress in emergencies with flexibility to handle multiple high-pressure situations simultaneously.
• Thorough knowledge and hands-on experience on Information security principles and framework (PCI, ISO, NIST, ZTNA, etc.).
• Thorough knowledge and hands-on experience in assessing and mitigating security controls and risk for on-prem infrastructure, Google Cloud and Azure.
• Thorough knowledge and hands-on experience in security incident investigation and resolution.
• Thorough knowledge and adequate experience on Microsoft security tools and processes.
• Adequate knowledge on technologies like : firewalls (Palo Alto), DNS, Cloudflare, Switches, Citrix, etc.
• Ability to communicate highly complex technical information clearly and articulately for all levels and audiences.
• Ability to manage tasks independently and take ownership of responsibilities.
• Strong customer focus with ability to manage customer expectations and experience and build long-term relationships.
• Strong team-oriented interpersonal skills with the ability to interface with a broad range of people and roles including vendors and IT-business personnel.
• Ability to adapt to a rapidly changing environment.
• High critical thinking skills to evaluate alternatives and present solutions that are consistent with business objectives and strategy.
• Thorough knowledge of patching and deployment technologies for Windows platforms.
• Strong technical knowledge of current systems, software, protocols and standards including TCP / IP and network administration / protocols.
• Experience developing, documenting and maintaining procedures.
• Ability to learn from mistakes and apply constructive feedback to improve performance.
• Any one or more security certifications (CISSP, CISA, CEH, GIAC, SANS).

Why members of our Corporate team love working at Sleep Country Canada / Dormez-vous?

• This is not a job but a CAREER with opportunities for growth and advancement.
• Diverse and inclusive work environment.
• We will invest in you and provide extensive training, mentoring and continuous development.
• Access to training and development platforms.
• Full medical, dental benefits and a Deferred Profit Sharing Program.
• Annual Wellness Credit of up to $250.00 for any products / services that improve your health and well-being.
• Associate Discount Program where you will be able to enjoy some of the world’s best sleep products.
• Maternity / Parental leave top-up benefits.
• Tuition Reimbursement Program that covers professional AND personal development.
• Long service awards, celebrations and other social events.
• Associate Referral Program.
• Paid day off to volunteer at your local charity of choice.
• Recognized as one of Canada’s Most Admired Corporate Cultures in 2023 by Waterstone Human Capital.

Commitment to Equity, Diversity, Inclusion & Belonging (EDI&B)

At SCC / DV, we are committed to building a company culture of inclusion and diversity where differences are embraced and valued, allowing us to better understand and meet the needs of our customers and the communities we serve.

We want to ensure every job applicant is treated fairly and with respect regarding race, national or ethnic origin, religion, age, gender, sexual orientation, or disability.

About Sleep Country Canada / Dormez-vous?

Sleep Country is Canada’s leading specialty sleep retailer with a purpose to transform lives by awakening Canadians to the power of sleep.

Sleep Country Canada operates under the retailer banners : Sleep Country, Dormez-vous, the rest, Endy, Hush, Silk & Snow and most recently acquired, Casper Canada .

The Company has omnichannel and ecommerce operations including over 300 corporate-owned stores and 18 distribution centers across Canada.

Recognized as one of Canada’s Most Admired Corporate Cultures in 2023 by Waterstone Human Capital, Sleep Country is committed to building a company culture of inclusion and diversity where differences are embraced and valued.

The Company actively invests in its sleep ecosystem, innovative products, world-class customer experience, communities and its people.

For more information about Sleep Country, please visit www.sleepcountry.ca .

J-18808-Ljbffr