Information Security Operations Analyst

About Us:

Cassels Brock & Blackwell LLP is a leading national law firm focused on serving the transaction, advocacy and advisory needs of Canada’s most dynamic business sectors. We have one of the largest business law practices in the country, serving multinational, national and mid-market clients from our offices in Toronto, Vancouver and Calgary.

Our Culture:

At Cassels, our mission is to attract, retain and promote individuals of exceptional ability and talent from as broad a range of backgrounds as possible. We offer meaningful career opportunities, invest in professional growth, and foster an inclusive environment. Our Firm’s success is built on the unique skills, perspectives, experiences and values of each individual. We encourage a corporate culture that respects and celebrates the dignity, value and diversity of all.

Role Overview:

Our Toronto office is currently recruiting for an Information Security Operations Analyst in our Information Technology Department, reporting to Senior Manager, IT Security. This role requires a candidate who is responsible for supporting and managing compliance with approved security policies and controls and providing day to day security operations support by monitoring the various logs, security events and other duties as set forth by the Senior Manager, Information Security and the CIO.

The successful candidate will be responsible for:

• Liaise with the Security Operations Center to identify, investigate, and address possible incidents
• Respond to security alerts, incidents, advisories, and security related queries
• Oversee the cybersecurity awareness and communication program, including employee training and phishing simulations
• Promote security best practices by providing appropriate information security guidance to Firm members
• Provide guidance to other members of the IT team on security control selection and configuration
• Maintain situational awareness by identifying, reporting on, and responding to, emerging threats and vulnerabilities
• Track security KPIs and develop dashboards and reports for management
• Develop and follow-up on time-based risk remediation plans in consultation with relevant stakeholders
• Conduct assessments on third party suppliers and vendors to ensure compliance with firm policies and standards
• Respond to client information security and data protection questionnaires
• Assist with Threat and Risk Assessments as a part of the firm’s change management processes
• Engage with technology vendors to understand capabilities and limitations to drive improvements in the security posture of current products, and assist in the selection of the right partners
• Collaborate with CIO, Director of Information Technology, Senior Manager, IT Security, and relevant stakeholders to understand business direction and the consequent impact on the firm’s security posture and risk tolerance
• Support the development of solutions for automating and streamlining information security risk management practices
• Support the development and maintenance of security policies, standards, and guidelines in alignment with applicable laws, regulations, security frameworks and compliance requirements
• Participate in periodic audits of firm processes and technology to ensure compliance with firm policies and standards
• Other duties as assigned

The successful candidate must have the following education, experience and/or demonstrated skills:

• University degree in computer science, information security, information technology or in a related field of study, or an equivalent combination of studies and experience
• Certified professional in information security or risk management (CISSP, CISM, CISA, Security+, etc.)
• Three (3) years of experience in a similar position with one (1) year of experience in any of the following areas: internal IT audit; governance/risk and compliance, information security awareness and training, third-party risk assessments, privacy compliance assessments/risk analysis
• Expertise in security technologies including networking, encryption, multi-factor authentication, cloud and web security applications, data loss prevention, firewalls, anti-malware, identity and access management, privileged access management, network access control, email hygiene
• Working knowledge of information security and risk management standards, frameworks, and methodologies, including:
• ISO 2700x
• NIST CSF, SP 800-53
• CIS Critical Security Controls
• ITSG-33
• Canadian Centre for Cyber Security Harmonized TRA Methodology
• CSA-CCM
• Excellent analytical skills, keen sense of judgment, highly organized, with high attention to detail and accuracy when completing tasks.
• Strong oral and written communication skills, and adept at making technical concepts easier to understand
• Strong interpersonal skills, and ability to interact with different stakeholders with professionalism
• Positive attitude focused on finding solutions and a desire to provide outstanding customer service
• Excellent problem-solving skills and the ability to be resourceful and work with minimal instruction or supervision.
• Can work within tight timelines to meet deadlines, reassessing priorities as needed.
• Proactive and takes initiative in anticipation of next steps
• Be on-call on an as needed basis

Employment Type: Permanent, Full-Time

What we offer:

• Competitive compensation + Extended Health & Dental Care
• RRSP Matching Program
• Education/tuition allowance
• Fitness Reimbursement Program
• Diversity and Inclusion Centric Culture
• A Culture of Wellness: Cassels recognizes the importance of wellness and provides a comprehensive program that addresses the mental and physical well-being of our employees by providing resources, services, training and support on an ongoing basis.
• A fully stocked kitchen with healthy snacks, plus coffee, tea, and drinks throughout the year.
• A business casual dress code (client/day specific)
• Employee referral bonus.
• A hybrid work environment

Cassels is an equal opportunity employer with a strong commitment to diversity, inclusion, equity and an accessible environment. It is our priority to remove barriers to provide equal access to employment. We strongly encourage applications from Indigenous peoples, racialized people, people with disabilities, people from gender and sexually diverse communities and/or people with intersectional identities. All qualified candidates are encouraged to apply, and we will provide appropriate accommodation for candidates with disabilities or accessibility needs throughout the recruitment process, upon request. Please contact our recruiter for any questions, accommodations or specific requests.

We wish to thank all applicants for their interest, however, only candidates selected for interviews will be contacted. We regret that we are unable to respond to individual inquiries about application status, unless required for accommodation purposes.