IT & Cyber Security Specialist

About The Position

Requirements

• Bachelor’s degree in: Information Technology; Computer Science; Cyber Security; Data Science; Information Systems; Network Administration; Digital Forensics; or a related field.
• Minimum two (2) years of recent related experience in information technology, cyber security operations, systems administration, network administration, infrastructure support, or information security environments.
• Knowledge of cyber security principles, threat mitigation practices, and information protection standards.
• Knowledge of network infrastructure, systems administration, cloud technologies, and enterprise technology environments.
• Ability to assess technology risks and recommend operational safeguards.
• Ability to maintain confidentiality and manage sensitive organizational information.
• Ability to coordinate multiple priorities in a dynamic operational environment.
• Ability to prepare technical documentation, reports, and operational procedures.
• Ability to communicate technical concepts effectively to non-technical users.
• Ability to exercise sound judgment and discretion in technology and security-related matters.
• Strong analytical, troubleshooting, and problem-solving skills.

Nice To Haves

• ITIL Fundamentals v4
• Security for MS SharePoint
• MS Dynamics and Office 365 suite
• Azure
• Power Platform
• MS Power Automate
• PowerShell Scripting & Automation
• Data Integration
• System Process Mapping
• Network+ or equivalent infrastructure certifications
• Experience supporting cloud platforms, enterprise systems, security monitoring tools, endpoint protection platforms, or network infrastructure is preferred.
• Equivalent combinations of education, training, certifications, and experience may be considered.

Responsibilities

• Maintain all data points within all systems across the organization.
• Restrict and allow access to critical and confidential data within all systems across the organization.
• Implement and monitor security controls to prevent unauthorized access, modification or corruption of confidential organizational data.
• Create and maintain Conditional Access policies to restrict user access to confidential information.
• Ensure that confidential information is safely stored, encrypted, and protected from unauthorized access by users or applications.
• Develop and implement comprehensive cybersecurity policies, standards, and operational protocols to protect organizational data and digital assets.
• Conduct regular risk assessments, vulnerability scans, and system audits to identify potential security gaps and recommend remediation strategies.
• Lead the development of business continuity and disaster recovery plans, specifically focusing on data integrity and system availability during security incidents.
• Ensure organizational compliance with federal and provincial privacy laws (such as BC PIPA or FIPPA) and international security frameworks.
• Design, configure, and administer advanced security safeguards, including the current Sophos security infrastructure for the network perimeter, LAN, servers, and workstations.
• Manage Enterprise Identity and Access Management (IAM) protocols, including Multi-Factor Authentication (MFA), Single Sign-On (SSO), and Role-Based Access Control to ensure the principle of least privilege.
• Implement and maintain encryption standards for data at rest and data in transit across all organizational platforms and communication channels.
• Monitor system logs and network traffic using Sophos Central, MS Entra logs, and interfaces for all the different network devices to detect, analyze, and respond to unauthorized access or malicious activity.
• Lead incident response activities, including the investigation, containment, and eradication of security threats, followed by detailed post-incident forensic reporting.
• Research and stay current on emerging cyber threats, vulnerabilities, and industry trends to proactively harden the organization’s security posture.
• Coordinate with external cybersecurity partners, to perform regular external network penetration tests, and vulnerability assessments.
• Access organizational data in relation to threats, ensuring integrity of data.
• Provide technical guidance on the security implications of new hardware, software, and cloud integrations during the procurement and planning phases.
• Develop and deliver cybersecurity awareness training for staff, focusing on phishing defense, social engineering, and secure data handling practices.
• Oversee secure lifecycle management for all IT assets, ensuring that security patching and firmware updates are prioritized to mitigate known exploits.
• Work with the Information Systems Manager to develop, implement and maintain: cyber security operations, information protection practices, Information access and security, systems administration, access management, operational technology risk, infrastructure reliability, technology continuity, confidential information management, implementation of organizational security controls, prioritization of cyber security responses and remediation activities.
• Exercise a significant amount of independent decision making in relation to the management and use of critical and confidential organizational data and information.
• Access all critical and confidential organizational, personnel, operational, technological, and security-related information and participates in matters involving organizational security governance and risk management related to this information.

Benefits

• Annual salary of $63,700 (An hourly rate of $35.00)