Job Description
SENIOR INFORMATION SECURITY ANALYST (SISA)
POSITION DESCRIPTION:
Key member of the technology Security Operations Team the Senior Information Security Analyst (SISA is responsible for supporting the company in the implementation and the operation of its information technology security roadmap focused on safeguarding the organization’s data, computer networks, on premise and cloud systems through risk management processes. The SISA will contribute to technology Security Operations continual improvement efforts focused on maturing information technology security standards and best practices.
Candidates will be required to participate in outside of business hour solution delivery activities and provide outside of business hour support for issues escalated by the company’s IT Operations and Security Operations teams.
KEY RESPONSIBILITIES:
- Carry out information technology security plans and policies.
- Guide and advise business units, technology solution delivery, other technology teams and business partners on information technology security best practices.
- Identify and assess technology system security requirements at time of procurement, development and implementation of technology projects, identifying risks and implementing controls to mitigate operational risk at launch.
- Recommend, design, develop, test and implement technology security platforms, tools and controls for on premise and cloud - based solutions.
- Lead and execute risk treatment remediation plans / tasks.
- Lead incident response, including steps to minimize the impact, identifying how a breach happened, the extent of the damage.
- Maintain information technology security platforms, tools and controls.
- Participate in information technology security control assessments and audits, on premise and cloud -based solutions.
- Participate in audits of partners, vendors, others in the supply chain.
- Monitoring regulatory PCI, PIPEDA, internal policy and other compliance.
- Support information technology security awareness training program.
- Develop and maintain incident response playbooks and standard operating procedures.
QUALIFICATIONS:
Education and Experience:
- Degree or diploma in Information Technology Security or Computer Science.
- Ten years technology operations experience with progressive responsibilities.
- Five years’ experience developing and implementing technology security standards, controls and best practices.
- CISSP or CISM designation is an asset.
- CCSP or similar cloud security certification(s) is an asset.
TECHNICAL EXPERIENCE:
- Common information security tools and platforms.
- Information security standards including NIST, CIS, OWASP and CSA.
- PCI, PIPEDA, CASL and PHIPA standards and regulations.
- Understanding of information security infrastructure and controls including:
- IaaS, PaaS, SaaS security controls and best practices.
- SIEM.
- EDR/XDR/EPP.
- Firewall/WAF.
- IDPS.
- VPN.
- IAM.
- DLP.
- CASB.
- AD, AAD, Microsoft Conditional Access.
- Securing Windows and Linux servers.
- Networking protocols.
- Virtualized environments.
DESIRED SKILLS:
- Exceptional customer service orientation.
- Excellent verbal and written communication skills.
- Outstanding listening skills.
- Building and maintaining positive relationships.
- Proactively looking for improvements and efficiencies.
- Organized with the ability prioritize and multitask.
- Ability to absorb and retain information quickly.
- Self-motivated, self-directed and keen attention to detail.
- Proven analytical, troubleshooting, and problem-solving abilities.