Senior Information Security Analyst

Job Title: Senior Information Security Analyst

Role description

The Information Security Analyst III is part of the first line of cyber defense team, working with IT and business partners to help them understand and manage information security risks and comply with the organizational information security policies. The role also supports the delivery of analysis-based cyber security services to our internal clients across Canada including a security assurance assessment, responding to security inquiries from stakeholders and clients, assessing security controls, and more.

What you will do

• Focused on providing information security consultation to business and IT clients
• Conducting information security threat risk assessments and third-party security assessments
• Strive for continuous learning and can influence others
• Conducts threat analysis, including researching evolving threats and providing recommendations
• Strong desire to work collaboratively in an unconventional and non/linear way to problem solve unique solutions
• Be customer focused and delivery oriented to drive change in ambiguous situations
• Working with project teams to identify required security controls, and ensuring controls have been implemented prior to transitioning technology platforms to production
• Develops and conducts vulnerability assessments, and documenting findings in reports
• Work proactively with internal clients to understand their needs and deliver creative solutions

What you will bring

• Experience interpreting and consulting around meeting the requirements of the Information Security Policies and Standards for a large organization
• Experience in risk assessment methodologies
• Experience with security solutions for multi-tier cloud-based applications (Microsoft Azure, GCP, AWS, etc.)
• Minimum five years’ experience as an information technology professional with at least three of those in information security demonstrating the accountabilities as listed above
• Demonstrated ability to foster relationships and build trust
• Strong technical background with exposure to multiple aspects of information technology, networks, server, application dev, architecture, storage, cloud etc.
• Holds at least one information security certification or actively working towards at least one security certification (e.g. CISSP, CISM, CASP+))
• Experience with DevSecOps and/or Agile would be an asset
• Bachelor’s degree from an accredited college or university or equivalent experience
• Strong working knowledge of threat risk assessment methodologies NIST, ISO, IRAM2, etc.
• Strong analytical and problem-solving skills
• Strong knowledge of IT control frameworks such as COBIT, ISO 27001, and the NIST cyber security framework
• Working knowledge of IT Audit processes, including design of control test procedures
• Excellent communicator including demonstrated presentation and negotiation skills
• Ability to work independently and deliver on commitments