Information Security Analyst

Our client in the public health sector is looking for an Information Security Analyst. The role will support security policies, standards, practices, procedures, and technologies in order to ensure the protection of networks, systems, applications, and data. In addition, the successful candidates will support day-to-day security operations in collaboration with third party vendors, to monitor security events, respond to incidents, and ensure the overall security posture.

Location: Hybrid (primarily remote) - North Bay

Responsibilities

Security Risk Assessment and Incident Response:

• Responsible for proactively auditing, monitoring security alerts and incidents, analyzing patterns, and responding to security events promptly.
• Conduct risk and vulnerability assessments to identify potential security threats and vulnerabilities; recommend mitigation strategies; facilitate remediation planning; and, report on mitigation status.
• Investigate and resolve security incidents, coordinating with relevant teams to implement corrective actions while ensuring appropriate documentation.
• Create reports on cyber security activities.
• Perform third party risk assessments for vendors and collaborate as required to manage security operations and ensure timely patching and mitigation of vulnerabilities.

Security Infrastructure Support and Management

• Install, configure, and maintain security hardware and software, including firewalls, antivirus, intrusion detection/prevention systems, and encryption tools.
• Collaborate with appropriate stakeholders to implement and configure security solutions.
• Responsible for the management and maintenance of security infrastructure, including firewalls, antivirus, intrusion detection/prevention systems, and encryption tools, including conducting routine checks and updates to ensure the proper functioning of security systems.

Access, Policy, Compliance, and Training

• Implement user access permissions and ensure adherence to the principle of least privilege; monitor and respond to access-related security incidents.
• Assist in the development, implementation, and enforcement of information security policies and procedures, ensuring compliance with relevant regulatory requirements and industry best practices.
• Develop and deliver security awareness programs to educate employees on security best practices; provide training sessions to staff on emerging threats and security protocols.

Requirements:

• 5+ years of work experience in IT, of which at least 2 years of work should be in cyber security.
• Experience in vulnerability assessments, incident management and security operations.
• Experience with security incident log collection platforms (SIEM).
• Experience with cloud-based security technologies, specifically Microsoft Security platform.
• Knowledge of information-based security standards such as NIST.
• Exceptional analytical skills, meticulous attention to detail, and problem-solving abilities.
• Exceptional organizational and time management abilities.
• High degree of confidentiality and integrity.
• Excellent communication and collaboration abilities.
• Highly adaptive, resilient, and responsive to changing circumstance.
• Certification: CISSP (certified information systems security professional), CISM (certified information security manager) preferred.