Sr. Cybersecurity Analyst
Department: Information Systems
Type of Position: Full Time, Permanent
Reporting to: Manager, Cybersecurity
Work Model: Hybrid – flexible work schedule (All remote work must be completed from your home office within the province of Ontario.)
About the Role
The Senior Cybersecurity Analyst is responsible for protecting the company's hardware, software, users, network, and overall organization from cybercriminals. The primary role involves thoroughly understanding the company's IT infrastructure and technology landscape, continuously monitoring it, and evaluating potential threats that could breach the company's defenses.
The Senior Cybersecurity Analyst is dedicated to enhancing the company’s security posture and safeguarding sensitive information by implementing solutions and managing vendor relationships.
What you will be doing:
Identify
• Identify, evaluate, and report on advanced threats and vulnerabilities, considering enterprise-level IT controls and technologies.
• Responsible for the assessment of security requirements and controls during application development and acquisition processes as defined in the organization's security policies and standards.
• Oversee and conduct comprehensive vulnerability testing on a broad spectrum of IT systems, identify security gaps, and recommend strategic actions to mitigate risks and enhance operational security.
Monitor
• Oversee the monitoring of vulnerability business metrics and ensure the production of detailed security reports and dashboards.
• Execute, oversee, and enhance activities within the Proactive Threat Management program to maintain high security standards.
Report
• Maintain and analyze key business metrics for cybersecurity throughout the organization, producing detailed security reports.
• Report to senior management on residual risks, vulnerabilities, and other security exposures, including the misuse of information assets and noncompliance.
• Responsible for incident response activities and produce comprehensive security reports.
Vendor Management
• Perform and oversee security risk assessments of third-party vendors, escalating issues that impact business objectives and priorities involving vendor selection.
• Responsible for the execution of information security risk and control identification, evaluation, documentation, analysis, and reporting using advanced analytical tools.
• Partner with cross-functional stakeholders (Finance, Legal, CIO, Business Unit Security teams, etc.) to ensure comprehensive vendor risk management.
Projects
• Accountable for support of external and internal audits and audit remediation on information technology, generating strategic technical recommendations.
• Design and oversee the implementation of information security controls and develop standard security configurations for new and existing information systems and processes.
• Responsible for the review, analysis, and documentation of system, network, and application security vulnerabilities. Recommend and implement remedial actions in coordination with system owners, custodians, and business partners.
• Develop, oversee, and deliver effective implementation of the Cyber Security Program, ensuring alignment with organizational goals.
• Perform and oversee vulnerability assessments and tests, assisting technical teams in remediating identified vulnerabilities to maintain high security standards.
• Provide in-depth risk analysis for configurations and procedures for existing and newly introduced systems, third-party providers, and processes.
• Develop and maintain the organization’s Information Security Incident Response capability, procedures, and processes.
• Develop and review Information Security related standards, procedures, and documented controls, identifying gaps and recommending process improvements.
• Coordinate activities to mitigate and respond to identified risks.
• Ensure corporate information security policies, standards, and practices are integrated into projects, new implementations, and operational tasks.
• Create and maintain security playbooks for various scenarios. Research New Technologies
• Conduct advanced security research to stay abreast of the latest security threat landscape and current information technology trends.
• Lead initiatives to evaluate and implement new security technologies and methodologies within the organization.
What you will need to succeed:
The Ideal candidate for this position will have experience in Enterprise Network & Systems and Cloud Architectures, Information Security & Risk Management Security Frameworks, Incident response lifecycle, Vulnerability Management and Security Awareness. While leading
advanced threat identification, vulnerability assessments, and incident management. Ensure compliance with frameworks like ISO 27001 and NIST and drive the development of robust security policies and architectures. Proficient in risk analysis, performing comprehensive
evaluations to mitigate risks and enhance security posture. Lead strategic planning, provide leadership to junior analysts, and foster a security-conscious culture through training and awareness programs. Staying abreast of the latest trends and technologies, they innovate and continuously improve the organization's cybersecurity defenses while effectively communicating with all levels of personnel.
Must Have:
• Minimum Community College Diploma in Cyber Security, Cybersecurity and Business Continuity Incident Response or equivalent
• Minimum 6-10 years of experience working in an IT security function, specifically related to industry best practice compliance frameworks.
• Security and privacy first mindset
• Strong analytical skills to analyze security requirements and relate them to appropriate security controls.
• Experience in ITIL, NIST or a comparable set of best practices for Information Technology Service Management
• Working knowledge of the incident response lifecycle and MITRE ATT&CK Framework
• Relevant accreditations/certifications and experience with ERM/GRC platforms an
asset.
• Bachelor's degree in information systems or equivalent experience
• Experience with Enterprise Cybersecurity, Networks, Systems & Cloud Architectures
• Experience with Information Security & Risk Management Security Frameworks
• Relevant accreditations/certifications and experience with ERM/GRC platforms an asset.
• Vulnerability Management and Security Awareness
Nice to Have:
• Experience with Azure and Cloud Microsoft 365 Security Architectures
Interested?
If you’re available and interested in this role, please reply to Nicole.Grisell@Hays.com as soon as you can attaching your updated resume.