Information Security Analyst

About The Position

Requirements

• College or University level education or equivalent level of experience in the industry.
• Completion of a Security related certification is mandatory and considered an asset (CISSP, CISA, GIAC, etc.).
• Minimum 3 years’ experience in a technical security consultant or analyst role.
• Demonstrates expert knowledge of network security control environments and architecture, including, system administration, intrusion detection, network architecture, enterprise threat management, perimeter controls.
• Knowledge of network security controls, appliances, including next generation perimeter security controls and web application firewalls.
• Systems administration experience, in Networks and Windows is considered a strong asset.
• Knowledge of traditional and cloud Architecture, experience of AWS or other public and private cloud technologies a plus.
• Ability to work independently with minimal supervision.
• Strong verbal and written communication skills are essential.
• Ability to work effectively and collaboratively with internal staff, external partners and stakeholders.
• Demonstrates solid analysis skills.
• Displays high ethics and trust values.

Nice To Haves

• Systems administration experience, in Networks and Windows is considered a strong asset
• Knowledge of traditional and cloud Architecture, experience of AWS or other public and private cloud technologies a plus

Responsibilities

• Support security operations by analyzing event data from multiple sources to detect unusual activities and swiftly address any security breaches or incidents. Carry out root cause analyses and implement necessary corrective measures.
• Evaluate and analyze vulnerability management reports, coordinating remediation efforts with relevant teams.
• Help maintain auditing programs to ensure compliance with Information Security policies.
• Update the risk register by conducting risk and impact assessments related to information security; collaborate with stakeholders and management to communicate risks and remediation actions.
• Oversee system security administration for designated technology platforms, which include operating systems, applications, and security systems.
• Manage the Security Exception Process to assist Security teams in tracking exceptions, managing approvals, and enhancing automation.
• Develop and implement security policies, procedures, and protocols to safeguard the organization’s data and network infrastructures.
• Aid in Information System audit and compliance efforts.
• Conduct research and report on various technologies and current attack trends.
• Compile security operations metrics and provide updates to management team.
• Identify opportunities for process improvements or efficiency gains, which may involve creating tools, workflows, or playbooks to automate routine tasks for better security effectiveness.
• Assist the team in maintaining up-to-date documentation and drafting new procedures as necessary.
• Lead Bayshore’s Information Security & Privacy Awareness program.
• Engage in small to medium-sized projects to integrate information security and privacy requirements for proactive information protection.
• Coordinate web assessments and penetration testing with external vendors, followed by remediation efforts.
• Complete additional security-related tasks as assigned.
• Act as a backup for the Information Security Officer.
• Be available for overtime work outside regular business hours or on weekends when needed.