VTRAC Consulting Corporation
Thank you for applying to VTRAC opportunities. Please e-mail your resume as a MS-WORD document in confidence Subject:Sr. Security ComplianceAnalyst, position number: 9532,Attention:email@example.com call: 416-366-2600 Ext. 239
Position No.: 9532
Title: Sr. Security ComplianceAnalyst
No. of Positions: 1
Location: GTA, ON
This innovative organization is seeking a Sr. Security ComplianceAnalyst to join the Security Architect team and work alongside of Sr. Manager Information Security Team. This group works in an environment built on teamwork, flexibility and respect.
Noted for its great company culture, the organization offers professional growth and development programs to help advance your career and competitive benefits that include fitness reimbursement and discount programs.
We are on the lookout for aSr. Security Compliance Analyst to work with the Security team to develop and deliver IT security standards, best practices and systems to ensure information system security. The selected candidate will also manage and participate in the planning and implementation of security administration for all IT projects as well as enforce security policies and procedures by administering and monitoring security profiles, reviews security violation reports and investigates possible security exceptions, updates, and maintains and documents security controls. Finally, this individual will provide direct support to the business and IT staff for security related issues.
- Lead the development and implementation of security policies and procedures (e.g., user log-on and authentication rules, security breach escalation procedures, security auditing procedures and use of firewalls and encryption routines).
- Coordinate/facilitate internal audit, SOC2, ISO 27001 and client audits. Including, but not limited to, arrange interviews, prepare supporting documentations, design audit action plan and follow ups.
- Prepares status reports on security matters to develop security risk analysis scenarios and response procedures.
- Responsible for the tracking and monitoring of software viruses and malware
- Support the product evaluation and/or procedures to enhance productivity and effectiveness
- Anticipating the security needs of the organization by providing expertise and assistance in all IT projects with regard to security issues
- Makes recommendations and assists in the implementation of changes to work methods and procedures to make them more effective or to strengthen security measures.
- Perform daily, weekly, monthly, quarterly and ad-hoc Sarbanes Oxley (SOX) control activities to meet SOX compliance including Vulnerability Scanning, Access Reviews, Audit Log Monitoring, Patch Management, Technical Security and Auditing Standards compliance
- Review various audit and securities feeds from software vendors and news agencies and assess for relevance and risk and notify the Security Architect and IS Management of any risks identified that may impact the company
- Assess new software application requests by the business against pre-defined security and audit standards and develop security and audit user requirements to be included in system and software selection
- Interface with internal and external auditors and coordinate the collection of audit deliverables
- Provide metrics and reporting for the management processes
- University Degree in Computer Science or a related field, or equivalent experience in Information Security
- 10+ years’ experience in an Information Security field
- Knowledge of commonly-used concepts, practices, and procedures within the Information Security field
- In-depth knowledge of remote access concepts, firewall configuration, internet protocols, vulnerability assessments, anti-virus, encryption technologies, PKI, two factor authentication, wireless security, malware and intrusion detection practices
- Familiar with common encryption technologies including SSL/TLS, 3DES, AES, Blowfish
- Good knowledge of industry standard frameworks (eg. ITIL, COBIT, PMBOK, CMMI)
- Strong working knowledge of SOX compliance requirements and impact on Information Security
- Exposure to DRP/BCP planning and testing
- Strong hands-on experince with Security vulnerability assessment tools such as SNORT, NMAP, NESSUS or Acunetix.
- CISA Certification
- CISSP/CISM is an asset
We thank all candidates in advance. Only selected candidates for interviews will be contacted. For other exciting opportunities, please visit us at www.vtrac.com. VTRAC is an equal opportunity employer.
Toronto . New York . Houston . Palo Alto