Information Technology, Security Analyst

Job content

Reporting to the Manager, IT Infrastructure, the incumbent takes a lead role in information security related technical planning, architecture design, installation and integration, monitoring and maintenance of IT Information Security systems including networking, computing, software and external SaaS components. The incumbent takes a lead role in critical and complex intra and inter-organizational projects requiring high levels of coordination and an extreme breadth of knowledge. Overall responsible for the efficiency, effectiveness, evaluation, utilization, modernization and interoperability of security systems with existing networking and computing environments. Specific duties include, but are not limited to:

• Designs, builds and maintains a Security Information and Event Management (SIEM) system in accordance with industry and chosen vendor best practices
• Identifies and implements key monitoring security metrics, develops SIEM macros and alerts, and continuously monitors network, system and application vulnerabilities and threats
• Works with threat intelligence service providers to monitor intelligence and to optimize SIEM and security technologies capabilities, efficiencies and effectiveness
• Monitors and continually fine-tunes advanced threat detection technology policies and practices in accordance with current threats and best practices
• Maintains system baseline security configurations and then coordinates, schedules, and undertakes ongoing vulnerability assessment (VA) to ensure that all systems (e.g. PCI systems, application servers, web farms) receive regular and routine security assessment and remediation as required
• Coordinates, schedules, and undertakes an ongoing technical penetration testing (PT) program to ensure that all high value and high risk systems receive regular and routine penetration testing assessment and remediation as required, particularly to meet mandatory compliance requirements
• Tracks, reports on and remediates vulnerabilities and system weaknesses by working collaboratively with IT Infrastructure and other technical staff
• Maintains VA and PT technologies with current configurations and makes enhancement acquisition recommendations
• Provides regular status reports related to SIEM, VA and PT activity to the Manager, Information Technology Security, system owners, management and other stakeholders
• Develops and maintains cyber incident response practices and procedures
• In the event of network/system breach or compromise, policy violation, or unlawful act, and working under the guidance and direction of the Manager, undertakes cyber incident response activities and coordinates technical forensic analysis, to support investigative processes, investigations, litigation or criminal proceedings; and
• Maintains cyber forensic technologies with current configurations and makes enhancement acquisition recommendations
• Assists with security programs, projects and other initiatives as required

QUALIFICATIONS:

• Successfully completed a four-year degree in Information Technology, Information Systems, or Engineering
• Certified Information System Security Professional (CISSP) or Systems Security Certified Practitioner (SSCP) or Certified Cyber Forensics Professional (CCFP) certification is required
• Additional certification in Vulnerability Assessment, Advanced Penetration Testing and Digital Forensic Assessment is considered an asset
• Five years’ experience in a similar position where duties included participating in threat and risk assessment and privacy impact assessment processes
• Experience applying PCI DSS standards as well as related payment card environments, security architecture and compliance process
• Excellent understanding of and experience with networking principles, standards and technology, and common protocols
• Solid experience managing operating systems
• Communication skills (written and oral) to liaise with various stakeholders and document processes
• Demonstrated analytical, problem solving, and evaluation skills to analyze and translate clients’ business requirements
• Proven ability to work independently as well as within a team environment

Georgian College supports diversity, equity and a workplace free from harassment and discrimination. Georgian College is committed to an inclusive, barrier-free recruitment and selection process and workplace. If you are contacted to participate in the recruitment, selection and/or assessment process, please advise the interview coordinator of any accommodations needed with respect to any materials or processes used to ensure you have access to a fair and equitable process.

Alternate formats will be provided upon request throughout the recruitment and selection process.

APPLY NOW:

To be considered for this position, please visit our website at www.GeorgianCollege.ca and apply by navigating to About Us and then to Career Opportunities.

This position is open until filled. While we thank all applicants, only those contacted for an interview will be acknowledged.