The Senior Information Security Analyst, under the direction of the Director, Information Security & Compliance assists with the planning and implementing of security measures to protect the firms information computing systems and data that supports the company’s Security program and objectives. The role’s main activities include system monitoring, technical review of company initiatives and enhancements, risk analysis, policy review and development, implementation of various security roadmap projects and activities, awareness training programs, security assessments and remediation activities.
DUTIES AND RESPONSIBILITIES
- Educate, communicate, participate and lead projects, ensuring security policies, standards and procedures of technology and configuration are applied to new system implementations and that other IT and security risks are adequately mitigated
- Performs threat risk and/or privacy risk assessments on projects and other IT initiatives and propose solutions to mitigate risk.
- Participate in the SDLC process on projects in order to design and implement the required Information Security measures for new and upgraded systems.
- Collaborates with application development teams to ensure security requirements are satisfied within the company's applications
- Identify, coordinate and lead the execution of adhoc application assessments and penetration testing.
- Drive the remediation of issues identified through internal and external security testing (penetration testing, annual corporate testing).
- Supports and drives the secure implementation, delivery and operation of new and existing business applications, platforms and services projects of IT and across Business functions
- Understand, deploy and document solutions to comply with company’s security directives;
- Reviews and approves security configuration and installation of firewall, VPN, routers, IDS scanning technologies, and servers;
- Provides security consulting and expertise on threat mitigation, prevention, and counter measures;
- Acts as a Subject Matter Expert in one or more of the other security domains ( Data Protection, Application Security, Endpoint Security, Network & Infrastructure Security, Threat & Fraud Management, SIEM/Auditing/Analytics, Identity and Access Management)
- Plans security systems by evaluating network and security technologies; developing requirements for local area networks (LANs), wide area networks (WANs), virtual private networks (VPNs), routers, firewalls, and related security and network devices; designs public key infrastructures (PKIs), including use of certification authorities (CAs) and digital signatures as well as hardware and software; adhering to industry standards
- Leads the Information Security Awareness Program
- Working knowledge in Identity Access Management, Privileged Account Management and Key Management solutions
- Manage day-to-day security operations, ensuring the identification and remediation of information security risks, threats and vulnerabilities.
- Monitor and respond to security alerts generated from Security Incident Event Management (SIEM), Traps (Anti-virus), Firewall, IDS/IPS, VPN, etc. and escalate to the appropriate team for resolution;
- Manage the vulnerability management program by reviewing vulnerability scans, interpreting results, coordinating remediation efforts, reporting status and metrics to demonstrate improvement;
- Completes other security related tasks as requested
- Backup to the Information Security Officer
- Monitors industry security updates, technologies and best practices to improve security across the infrastructure and application development domains.
- College or University level education or equivalent level of experience in the industry.
- Completion of a Security related certification is mandatory (CISSP, CISA, GIAC, etc.).
- Minimum 5 years’ experience in a technical security consultant or analyst role.
- Demonstrates expert knowledge of network security control environments and architecture, including, system administration, intrusion detection, network architecture, enterprise threat management, perimeter controls.
- Knowledge of network security controls, appliances, including next generation perimeter security controls and web application firewalls.
- Systems administration experience, in Networks and Windows is considered a strong asset;
- Strong Knowledge of traditional and cloud Architecture, experience of AWS, Azure or other public and private cloud technologies is required.
Other Skills and Abilities
- Ability to work independently with minimal supervision;
- Strong verbal and written communication skills are essential;
- Ability to work effectively and collaboratively with internal staff, external partners and stakeholders.
- Demonstrates solid analysis skills
- Displays high ethics and trust values