Information Security Analyst

Banff Centre for Arts and Creativity • Full-time • Banff, AB, CA • 19h ago

Banff Centre for Arts and Creativity aims to inspire everyone who attends our campus – artists, leaders, and thinkers – to unleash their creative potential.

We acknowledge, with deep respect and gratitude, our home on the side of Sacred Buffalo Guardian Mountain. In the spirit of respect and truth, we honour and acknowledge the Banff area, known as “Minhrpa” (translated in Stoney Nakoda as “the waterfalls”) and the Treaty 7 territory and oral practices of the Îyârhe Nakoda (Stoney Nakoda) – comprised of the Bearspaw, Chiniki, and Goodstoney Nations – as well as the Tsuut’ina First Nation and the Blackfoot Confederacy comprised of the Siksika, Piikani, Kainai. We acknowledge that this territory is home to the Shuswap Nations, Ktunaxa Nations, and Metis Nation of Alberta, Rockyview District 4. We acknowledge all Nations who live, work, and play, help us steward this land, and honour and celebrate this place.

The Opportunity

The primary purpose of the Information Security Analyst role is to help reduce the risk of a major cyber incident at Banff Centre while significantly shortening the detection and containment time of any cyber incidents that occur.

To support this overall goal, the incumbent will work closely with the Manager to recommend policy and standard components, conduct research on best practices, develop staff awareness of cyber security through the cyber security program, manage and monitor technical threat detection, analysis, and control systems, and act quickly to contain breaches when they occur.

A critical success factor for this role will be responding to security incidents by conducting thorough investigations and implementing incident response plans, in coordination with the Manager and cross-functional teams.

This is a technical hands-on role, supporting day-to-day security operations in collaboration with the IT/S team and third-party vendors.

Roles And Responsibilities

Reporting to Manager, Information Security, below are some key accountabilities:

Monitor applications, devices, and network infrastructure for significant threats and work with service owners to patch and mitigate risks.
Conduct forensic examination of equipment suspected of breach or infection, working closely with the ITS team in responding to security incidents, including investigation, containment, and remediation.
Work independently and with other teams to manage and support remediation projects to resolve identified risks. This includes reviewing, investigating and escalating security incidents such as phishing, malware, infections, etc.
Actively participate in cross-functional teams to provide security guidance and advice for all information technology projects, acquisitions and services, including an assessment of the software security controls to be implemented for system architecture and applications. This may take the form of engaging with various stakeholders and application owners and work through the tasks required to ensure that access to an application in the scope is only limited to relevant users.
Prepare and provide written and verbal recommendations for assessing information technology risks and compliance across a wide array of technologies, advising the Manager, Information Security of mitigations and solutions recommended.
Stay current on the latest cyber threats, malware and attack methods to anticipate and defend against them.
Be a champion for cybersecurity awareness by contributing to the following security goals for Banff Centre:
- Help to design and deliver cybersecurity awareness training that is designed to help protect employees and stakeholders from identity theft, fraud and reputational harm;
- Contribute to overall security goals designed to protect Banff Centre’s operational infrastructure including computers, servers, network, building management systems,
Help to design and deliver cybersecurity awareness training.
Recommend to the Manager, Information Security, additional security solutions or enhancements to improve overall enterprise security, to reduce identified risks based on their impact and likelihood of occurrence,
Contribute to and maintain security documentation and the supporting knowledge base.
Conduct risk and vulnerability assessments and analysis using industry frameworks (ISO 27001, NIST CSFT) and CIS controls for new projects, applications, and 3rd party vendors.
Assist in internal and external security audits and risk assessments, ensuring evidence collection and control verification.

Qualifications and Educational Requirements

Minimum 5 years’ Information Technology experience in a mid-to-large company, including at least one to two years with some experience in cyber security.
Knowledge specific to the academic sector would be an asset.
Possessing or working toward a post-secondary education in Information Technology or with certifications in cyber security.
Some experience in identifying, analyzing, containing and documenting security incidents.
Good knowledge of server and workstation operating systems.
Knowledge of general networking concepts, technologies and tools.
Proficient understanding of core Microsoft technologies such as Microsoft Defender, Intune, Active Directory, Group Policies, DNS, and DHCP.
Practical understanding of patch and vulnerability management.
Design, implement and enforce Role-Based Access Control policies and maintain Identity and Access Management(IAM) controls across enterprise systems and cloud platforms.
Excellent communication skills, both verbal and written, with the ability to convey technical information to non-technical stakeholders.
Working knowledge of OWASP & NIST CyberSecurity Framework.
Strong team player.
Strong analytical and critical thinking skills and the ability to meet multiple demands and deadlines in high-pressure environments.
High level of professionalism and ethics.
Ability to manage tasks independently and take ownership of responsibilities.
Enthusiastic about learning new security tools and technologies and stay current with cybersecurity trends and certifications.

Employment Terms and Benefits

In accordance with CUPE 4318, this is a unionized, salaried support staff position, subject to a 6 month probation period.
The annual salary for this position is between $72,654.40 and $85,196.80, depending on experience, based on working 40 hours per week.
The successful candidate will have access to a range of benefits through Alberta Blue Cross and will be eligible to participate in our defined benefit pension plan.
Benefits of working at Banff Centre are:
- Transitional staff housing options (based on availability)
- Professional development
- Employee Assistance Program
- Hybrid work environment (3 days in the office, 2 days remote)
- Health care spending account
- Staff cafeteria and restaurant discounts
- Onsite fitness facility at a discounted rate – first month free for new staff!

Application Process

We are accepting applications for the Information Security Analyst position until a suitable candidate is found.
Candidates offered a position with Banff Centre, in this capacity, will be required to obtain a criminal record check verifying a clear record before a final job offer can be finalized.
Visa Requirements: Candidates must be legally eligible to work in Canada. Banff Centre is unable to assist candidates in obtaining Canadian work authorization.

Commitment to Diversity

Banff Centre for Arts and Creativity is committed to creating an equitable, diverse, and inclusive campus for students, faculty, staff and visitors. Guided by our values, Banff Centre is rooted in Alberta with provincial, national and global impact. Our strength arises from inclusion; the diversity of people, ideas, perspectives, and cultural backgrounds in our work and team. We encourage women; First Nations, Métis and Inuit persons; members of visible minority groups; persons with disabilities; persons of any sexual orientation or gender identity and expression to apply.

Privacy Statement

Banff Centre is a public body pursuant to the Protection of Privacy Act (Alberta) (“POPA”) and the Access to Information Act (“ATIA”). All of your personal information collected by Banff Centre, including personal information collected through third-party contractors or platforms, in relation to the creation of your candidate profile and submission of a job application, is collected pursuant to section 4(c) of POPA for the purpose of administering your candidate profile, evaluating your eligibility for a position(s) at Banff Centre, and communicating with you about your application. Your personal information may be disclosed, as required, pursuant to ATIA or other applicable law, to satisfy reporting requirements, or for statistical, funding, planning or research purposes.

If you have any questions about the collection, use or protection of this information, please contact the Privacy Coordinator at privacy@banffcentre.ca, 107 Tunnel Mountain Drive, Box 1200, Banff Alberta, T1L 1H5, 403.762.6100.