Information Security Analyst
About The Position
Thinking about a change? We recognize that the construction industry is changing at a rapid pace and we continually strive to be at the forefront. Our core values empower people to deliver great careers to one another and develop creative solutions for complex problems on some of the most exciting projects. It doesn’t matter what your expertise and craft is – there are no boundaries. We are a group of professionals with a variety of expertise within pre-construction, construction, and post-construction. To learn more, check out our Cradle to Grave services and hear from our team directly about what a career at EllisDon could look like for you. As you can see, we are a diverse bunch. Above all, we are a group of individuals with unique experiences and at EllisDon, we choose to celebrate the strength in our differences, every day. EllisDon’s commitment to Inclusive Diversity is to work together to create an environment where every employee feels safe to be their true and authentic self. Ultimately, EllisDon’s purpose is to provide people with similar values the opportunity to achieve to their full potential; to deliver that opportunity for great careers to one another; and to contribute meaningfully to the community we share with others. In case you’re curious, here’s what the industry thinks of us and some of the impacts we've made to the communities we work in and our latest Impact Report, highlighting how we're putting our values into practice in areas such as the climate & environment, inclusive diversity, indigenous relations, and health and safety.
Requirements
- Strong interpersonal, oral, and written communication skills
- Post-secondary education in IT, Information/Cyber Security, or relevant experience
- Experience in Information/Cyber Security, GRC, or Risk Management
- Hands-on experience supporting risk assessments, audits, compliance, or vendor reviews
- Strong analytical and technical problem-solving skills
- Ability to work independently, self-start, and quickly learn new tools and systems
- Working knowledge of NIST Cybersecurity Frameworks
- Familiarity with industry standards (CIS, SOC2 Type II, ISO) and CMMC / CPCSC or similar frameworks
Nice To Haves
- Industry certifications (e.g., CISSP, CEH, CISA, Security+) considered an asset
Responsibilities
- Conduct IT audits, collect and validate evidence to support GRC program and audit readiness
- Support identification, assessment, and tracking of IT/cyber risks; maintain the enterprise risk register and remediation lifecycle
- Perform risk assessments for systems, projects, and vendors; support ongoing third-party compliance activities
- Contribute to GRC program operations (policies, standards, procedures, exception tracking, evidence workflows)
- Support remediation of risks, control gaps, and audit findings across teams
- Partner with IT (Service Delivery, Operations, DevOps) to enable secure system and solution implementation
- Support security awareness program, including training, reporting, and modern threat simulations (phishing, social engineering, AI-driven attacks)
- Support compliance across SOC 2, NIST, ISO 27001, and CMMC / CPCSC / ITSP, ensuring consistent control implementation
- Contribute to key GRC initiatives, including risk maturity, audit readiness, vendor compliance, and standardization of security requirements across the organization
Benefits
- continuous learning
- opportunity for growth
- competitive compensation package
Stand Out From the Crowd
Upload your resume and get instant feedback on how well it matches this job.
What This Job Offers
Job Type
Full-time
Career Level
Mid Level
Education Level
Associate degree
