Information Services Security Analyst Jobs

Working knowledge of industry reports, certifications (ISO, SOC, etc.), and ability to interpret standards, policies, and supporting materials.

Job Location: We have requirements in Toronto, ON / London, ON / Winnipeg, MB; locations.

Remote-Work Options: Fully remote – unless attending in-office meetings.

Experience in third-party risk assessments and methodologies.

Experience with security and privacy risk assessments and audit processes.

Excellent knowledge of security technologies and tools.

Excellent communication and collaboration skills.

University degree/college diploma in related discipline(s) or equivalent work experience, and/or 3+ years in security IT industry experience

Strong knowledge of cloud computing platforms, such as AWS, Azure, or Google Cloud, and their security features

Work experience in Financial Industry preferred

Ensure the Cyber Security capabilities and protection mechanisms are running well.

Provide technical skills as Subject Matter Expert in various security technologies

Security policy and process management

Excellent knowledge and experience with risk assessment, threat detection, SIEM, SAAS security, endpoint protection, and malware analysis

Knowledge and experience with AWS or GCP

Bachelor's degree, preferably in a technology related field, or equivalent work experience.

Minimum 3 years of IT security experience

Security certification (CISSP, CISM, or similar)

Demonstrate specialized expertise and knowledge in the assigned field

• Experience with creating and implementing Cybersecurity Awareness Training programs

• Experience with Phishing protection and simulations tools

• Knowledge of relevant Enterprise Security Solutions

• Effective verbal, written, presentation and interpersonal communication skills

• Requires sound knowledge of Information Technology security principles, practices, technologies, programs and procedures.

You’re digitally savvy. You seek out innovative solutions and embrace evolving technologies. You can easily adapt to new tools and trends.

You’re a certified professional. It’s an asset if you have your CISSP, CIA, or CISM designation.

Values matter to you. You bring your real self to work and you live our values - trust, teamwork, and accountability.

What You Need To Know

Understanding of lifecycle data management (collection, use, transmission, disclosure, and retention of personal and/or confidential business information)

Knowledge of e-learning applications and methodologies, student information systems and corporate applications (finance, payroll, etc…) while not required, is highly desirable.

CISSP, or related security or IT certifications and/or courses are an asset

Highly developed written and verbal communication skills, as well as analytical and problem-solving skills

Actively ensure appropriate administrative, physical and technical safeguards are in place to protect member’s information assets from internal threats

Provide training to School Board IT staff on data and information security

Experience interpreting and consulting around meeting the requirements of the Information Security Policies and Standards for a large organization

Bachelor’s degree from an accredited college or university or equivalent experience

Holds at least one information security certification or actively working towards at least one security certification (e.g. CISSP, CISM, CASP+))

Strong working knowledge of threat risk assessment methodologies NIST, ISO, IRAM2, etc.

Excellent communicator including demonstrated presentation and negotiation skills

Experience with security solutions for multi-tier cloud-based applications (Microsoft Azure, GCP, AWS, etc.)

Excellent time management, task planning, and prioritization skills.

Strong proactive project management skills.

Working with clients to Implement Information Security Risk Management programs.

Bachelor’s degree in any subject area or equivalent experience.

Information Security certifications such as CISM, CISSP, CRISC, CDPSE, GRCP are considered an asset but not required.

Minimum 1 year of leading and implementing information security programs experience.

Experience in developing enterprise dashboard and creating reports to the proper level of management (operational, tactical & strategic)

Experience with compliance programs as well as their technical and security requirements

Manage remediation efforts and track completion status of deficiencies.

Five years of experience working within the technical arena, with 2 or more years of information security work experience

Extensive knowledge of security technology and risk assessment methodologies, policies and processes

Excellent analytical, evaluative, problem-solving and innovation abilities to ensure effective mitigation measures and risk treatment are in place

Knowledge of information security risks in supply chain management.

Knowledge of information security and risk frameworks such as ISO27001, NIST 800-53 and COBIT.

Good ability to build relationships and manage information flows

Professional Information Security qualifications such as CISA or SSCP

Knowledge of auditing frameworks such as ISAE3402 and SOC2

Communicate security risks and issues to FNZ business areas

Post-secondary education in a related field such as Business, Engineering, IT, Healthcare or related field, or equivalent experience.

Collaborate with the Client Services department to review privacy and security requirements in product and implementations.

Define Security baselines and work with Security Operations to implement report and alerting requirements.

Perform security and access reviews for our managed services customer on an as needed basis.

Create and maintain policies, procedures, standards, and processes as needed for our managed services customer.

Manage vendor assessments including questionnaires and RFPs as they relate to existing and prospective clients, vendors, and suppliers.

Post secondary education security experience preferred.

Management and Staff Careers website

Previous related security, service, or law enforcement experience accepted.

Experience with Perspective report writing software is beneficial.

Knowledge of the University and academic processes are an asset.

Candidates are highly organized with demonstrated problem solving, leadership, and communication skills.

Project Management Skills an asset

Maintains inventory of relevant suppliers/vendors, controls, and risks for ongoing vendor risk management activities

Assists other staff in the management and oversight of security program functions

Ability to interface effectively and significantly with all levels of management, departments, business units across global time zones and outside vendors

Responsible for analyzing and advising on regulatory and audit controls and requirements:

Articulates results of the final assessments to business collaborators, program managers, and other internal parties.

Endpoint Protection (Anti-virus/Anti-Malware), Privilege Access Management, Data Loss Prevention solutions.

Extensive working knowledge of information security and vulnerabilities/threats, security best practices, tools, and techniques, including encryption

Excellent analytical skills, ability to manage multiple projects under strict timelines, as well as the

College diploma or University degree in the field of computer science and relevant work experience as an Information Security Analyst

Experience in public cloud information security, such as AWS, or Azure Associate of (ISC)2 is required

Certifications desired are: CISSP, Security+, CompTIA Security are all assets

Desired Skills and Experience *

- 3-5 years of experience working within Risk Advisory and/or Data Governance

- Experience with technology risk assessments and advisory

- Experience writing risk reports and presenting them to C-suite executives

- Experience with Azure Cloud

- Experience with PCI, and P.I.I data

Knowledge and experience with Palo Alto Cortex, Cisco Umbrella and CES, Manage Engine products is an asset

Advanced experience in vulnerability management program including scanning solutions (preferably Rapid7)

Understanding of Active Directory, ADFS, is a must including privileged access management concepts.

Knowledge of security event logs, log collection and SIEM is a desired skill

Minimum 5 years of experience working in a information security function

Experience in information security risk and controls frameworks such as NIST, ISO 27K, CIS)

Provide technical, hands-on incident investigation and support and serve as a primary point of contact with management.

Ability to leverage multiple forms of communication to articulate complex concepts to both technical and non-technical staff, including senior management.

Evaluates projects to ensure proper security requirements and work actively with stakeholders on corporate-wide information security project planning and documentation

Manage operational activities for security operations team.

In-depth knowledge of security monitoring and incident response.

Experience in performing digital forensics in various OS.

Develops and updates information systems security documentation. Ensures that Authority to Operate (ATO) are obtained in a timely manner.

Works closely with Security Operations to provide assistance with tool configuration and operation

Prepares documentation from information obtained from customers using accepted guidelines such as RMF.

Assists with development and implementation of system security plans and contingency plans.

Completes documentation in support of project / sponsor activities (e.g., checklists, questionnaires, et

5+ years experience in Information Security or related field Experience with the ISO 27001certification process and management of ISMS

Familiarity with cloud-hosted media management systems, preferably on AWS

Ability to work fully remote

Knowledge of security frameworks and standards, such as NIST and CIS

Strong analytical and problem-solving skills Excellent communication and interpersonal skills

Bachelor’s degree in Computer Science, Information Technology, or related field

SOC/NOC experience desired. Working knowledge of information security control technologies including access control, cryptography, vulnerability management, SIEM/log management, ID/IPS.

Strong organization and time-management skills

Work with different teams including network operations and R&D to protect management information system and FortiGuard infrastructure.

Knowledge and experience working with various information security frameworks (ISO/IEC 27001, NIST 800-53, etc.) and regulatory frameworks (HIPAA, GDPR, etc.)

3+ years of experience in information security analyst/penetration tester role.

Hands-on experience on FortiSIEM, FortiSOAR, and FortiAnalyzer is desirable.