INFORMATION SECURITY ANALYST
THE TEAM
IC Group builds powerful digital engagement solutions that connect brands with people through promotions, live events, mobile messaging, and gamified experiences. We work with leading brands and event operators to create experiences that drive participation, loyalty, and measurable results.
Our teams are responsible for the secure delivery and execution of all client programs and projects. ICG aims to act as a trusted partner and strives to deepen client relationships based on trust, security, integrity, commitment, accountability, and delivery. We are continuously evolving our solutions and are further modernizing our IT practices through various initiatives, inclusive of use AI in strategic ways, and adopting a platform foundation.
Who are we looking for?
We are hiring an Information Security Analyst Associate (term) to work in our Information Security team.
Reporting to the Manager - Information Security, you will support the organization’s security operations and governance activities in close collaboration with the InfoSec Team. Your responsibilities will include active involvement in ISO 27001 and PCI DSS compliance initiatives, administration of company-wide IT and security policies, execution of internal IT audits, delivery of security awareness programs, and coordination of vulnerability assessments. You will report, investigate and help resolve security incidents with internal teams and also educate and communicate security requirements and procedures to all users and new employees. In addition, you should have competence in researching emerging security threats and attacker techniques to proactively reduce the risk of system compromise. Other responsibilities include ensuring compliance with our internal standards, client requirements, applicable regulations and privacy laws and completing and managing InfoSec questionnaires across our company and clients. You will support our Vendor and Supplier management ecosystem.
Is this role right for you?
To do well in this role you should have a related degree or diploma in computer science, cybersecurity or IT Security, have a passion for documentation, and you pay attention to the details. You’re naturally cautious and enjoy the meticulous work of auditing logs and testing defenses to ensure nothing is left to chance.
YOUR RESPONSIBILITIES
Security Operations & Incident Management
- Support day-to-day security operations and governance activities.
- Support security incident handling, including reporting, triage, investigation, escalation, and closure activities.
- Research security trends and adversary techniques to strengthen preventative controls and reduce breach likelihood.
Compliance, Risk & Governance
- Contribute to ISO 27001 and PCI DSS compliance initiatives, including evidence collection, reviews, and control support.
- Assist in the development and maintenance of IT and Security governance documentation (policies, standards, and procedures).
- Participate in and support internal audits, including planning, testing, documentation, and remediation follow-up.
Vulnerability & Security Testing Management
- Perform vulnerability assessments and coordinate remediation tracking with technical teams to ensure timely risk reduction.
- Assist in the setup and management of penetration testing engagements with external partners.
Vendor & Client Security Assurance
- Support vendor/supplier security management processes, including due diligence, onboarding, and ongoing assurance activities.
- Respond to and complete information security questionnaires and onboarding requirements for key clients.
Security Awareness & Training
- Deliver and coordinate security awareness initiatives, including education programs, phishing simulations, and security communications/newsletters.
REQUIREMENTS
The successful candidate will possess the following:
- Strong English communication (verbal/written/presentation) skills with both business and technical stakeholders.
- Strong knowledge of MS Office suite of products
- Understanding of firewalls, proxies, antivirus, and IDPS concepts.
- Understanding of security controls to protect information systems consistent within the industry.
- Excellent attention to detail and documentation
EXPERIENCE REQUIREMENTS;
Diploma or Bachelor's degree in Computer Science, Cybersecurity, IT security, a related field, or a diploma/certificate/degree in Information Systems, Information Technology or related
Excellent attention to detail and documentation
Understanding of:
- Incident identification/analysis and escalation procedures an asset
- PCI DSS, ISO 27001 or related security frameworks considered an asset.
- Firewalls, proxies, antivirus, and IDPS concepts.
- Security controls to protect information systems consistent within the industry
EXPERIENCE REQUIREMENTS;
- Minimum of 1 Co-Op term in a working IT Security environment
CAN YOU DEMONSTRATE EXPERIENCE PROVING;
- Ability to work under tight timelines and competing priorities.
- Critical thinking & thought leadership on project and/or program management.
GREAT ASSETS TO HAVE WOULD BE;
- Prior experience in incident identification/analysis and escalation procedures an asset
- Understanding of PCI, ISO 27001 and 27701 or related security frameworks considered an asset.
- At least one security or IT certification would be an asset or working towards certification.
This is an in-office at our Winnipeg head office. No remote opportunities at this time.
Job Type: Full-time
Pay: $45,500.00-$57,000.00 per year
Benefits:
- Casual dress
- On-site parking
Location:
Work Location: In person
