Security Analyst (Security Operations)

Summary

Posting Date: 

Position Title: Security Analyst (Security Operations)

Department: Privacy & Security, Risk Management Compliance and Procurement

Report to: Senior Director Security

Location: Toronto

Overview

Position Purpose

The Security Analyst serves as a leader for the growth and continuous improvement of the Canada Health Infoway security program.  This position is responsible for maintaining the security of Infoway IT assets.

Major Responsibilities

  • Manage and execute the Vulnerability Management program, reporting to stakeholders and tracking remediation activities
  • Provides ongoing monitoring of compliance to security standards, policies and procedures
  • Perform security reviews and health checks of vendors and software prior to broader deployments
  • Manage the daily operations, health and maintenance of Canada Health Infoway’s cybersecurity technology portfolio
  • Maintains a deep understanding of the cyber threat landscape and ensures cybersecurity technology is effectively configured to detect threats
  • Provide security technical leadership for the Security Incident Response Program
  • Perform or support forensics across Windows and Linux platforms
  • As applicable, evaluate, engage and liaise with Managed Security Service providers, on an ongoing basis
  • Working with a Managed Service Provider, use SIEM (Security Information and Event Management) tools, and Endpoint Detection and Response to investigate and respond to issues
  • Identify gaps in security coverage and make appropriate recommendations to fill the gaps. Assist in the deployment of security mitigations and enhancements
  • Provide expert level advice and consultation to a variety of internal stakeholders, including developers, privacy and security team, technical support and the business
  • Partner with designates from the technology teams to ensure new IT systems are designed, configured and implemented in a secure manner
  • Identify appropriate security metrics. Prepare system security reports by collecting, analyzing, and summarizing data and trends
  • Understand and evaluate business goals, strategies, requirements and initiatives and derive appropriate security requirements
  • Coordinate external Threat Risk Assessments and other key security assessment functions including overseeing required follow-up and remediation of security risks
  • Support Security Awareness training to ensure that users are knowledgeable about security best-practices related to their position and can take appropriate action on that knowledge
  • Executes phishing simulations as part of the Enterprise Security Awareness program
  • Document security configurations, procedures, changes, use and test cases
  • Assist the development teams in automating security testing and compliance monitoring in support of a continuous delivery model

Education

  • Have a natural curiosity in solving problems and advancing the Cybersecurity profession
  • Are interested in keeping up with the latest vulnerabilities and breaches
  • Are motivated to learn and grow via formal and informal training opportunities
  • Are self-motivated, and have great inter-personal skills

While not a requirement for the position, preference may be given to those who have relevant industry certifications including Certified Information Systems Security Professional (CISSP) Certification, Cloud certifications such as CCSP (Cloud Certified Security Professional), CompTIA Security+, and/or Certified Ethical Hacker training.

Qualifications & Skills

  • 3 - 5 years work experience in a security operations or similar role
  • Undergraduate degree or certificate in Information Management, Computer Science, Computer Engineering, Information Security or a related field
  • A very good understanding of operating systems (Windows and Linux) and security controls
  • An understanding of security risk management and working within an Enterprise Risk Management and Compliance Framework, ability to understand security risks, threats, and vulnerabilities and the judgement to assess and articulate security risks effectively
  • Experience working with IT, business and external stakeholders
  • Experience working with a variety of ticketing systems, e.g. Jira
  • Foundational knowledge working within a security framework such as ISO 27001 and NIST (National Institute for Standards and Technology)
  • Experience working with digital health solutions in Canada is beneficial
  • Excellent written and oral communication – bilingual French and English is a bonus!

Our commitment

If you are interested in the position, please submit your resume.

We thank you for your interest in this opportunity at Infoway however, only those applicants who most closely meet the qualifications for this position will be contacted.

Infoway is committed to employing a diverse workforce and is proud to be an equal opportunity employer. Infoway provides reasonable accommodations to employees as well as candidates taking part in the recruitment process, upon request.

View other Infoway websites

PrescribeIT®
View the site
InfoCentral
View the site
Insights
View the site