Information Security Analyst
Full-time + Permanent
Hybrid 2x a week in office
Scarborough, Ontario
This is a full-time permanent role and will report to the Manager, Enterprise Information Security. The successful candidate will have the opportunity to monitor security alerts, investigate potential incidents, coordinate with IT teams to implement corrective actions, maintain security documentation and assist in remediation efforts.
The role offers an opportunity to work with business and technical teams, within a culture that values innovation and teamwork.
Security Operations
- Monitor and respond to security alerts, investigate potential security incidents, and coordinate with IT teams to resolve incidents
- Monitor and address security alerts within defined timeframes, ensuring compliance with security policies, and minimizing the impact of security incidents on business processes and decision-making
- Make recommendations towards overall cybersecurity roadmaps and guidelines, contributing to the maturity of the practice across IT
- Coordinate and deliver security training programs to enhance awareness and skills among associates, promoting a security-conscious culture within the organization
- Provide insight and input into reports for senior leaders and stakeholders, to support decision-making and visibility into security posture Compliance
- Conduct regular security assessments and audits to ensure compliance with industry standards and regulatory requirements and support remediation plans based on findings
- Perform thorough security assessments and audits to identify vulnerabilities and compliance gaps
- Coordinate and maintain security policies, procedures, and standards to ensure robust information security practices
What You’ll Bring:
- University Degree or College Diploma in Cybersecurity, or relevant discipline
- 3+ years of progressive experience in information security roles, with a focus on security operations, incident response & performing vulnerability assessments
- Cybersecurity Industry certifications including SANS, Comp-TIA Security+, ISC2, etc. are an asset
- Knowledge of cybersecurity concepts, methodologies, and best practices, with a strong understanding of emerging threats and attack vectors
- Proficient in a wide range of cybersecurity technologies and tools, including but not limited to:
- Security monitoring tools including SIEM & EDR
- Firewall rules configuration and management, Internet protocols and network security fundamentals
- Vulnerability assessment tools (e.g., Nessus, Qualys)
- Antivirus and endpoint protection solutions, malware detection and intrusion prevention systems o Encryption technologies (e.g., SSL/TLS, AES)
- Multi-factor authentication mechanisms, wireless security protocols and best practices
- Cloud security principles and practices in various cloud platforms
- Understanding of industry-standard frameworks, compliance requirements and frameworks, including: ISF, NIST CSF, SOX (Sarbanes-Oxley), ITIL
- Familiarity with application security principles, including secure coding practices, penetration testing methodologies, phishing & security awareness training
- Excellent interpersonal skills, with the ability to communicate effectively with technical and non-technical stakeholders, collaborate with cross-functional teams, and provide leadership in security initiatives
Full-time, Permanent
Hybrid: 2 days on site per week
Scarborough, Ontario