IT Security Analyst

About The Position

Requirements

• 3+ years’ experience as an IT Security Analyst is an asset
• Experience with maintaining IT security across a multi-location, multi-DC environment
• Experience with vulnerability management and scanning tools, including Qualys and BitSight
• Experience maintaining endpoint protection, network and application firewalls, web proxies, email security and data loss prevention systems, both on premises and in the cloud
• Experience implementing strategies and technology to maintain compliance with IT Security best practice, including ISO27001 and the ASD Essential Eight.
• A two year college diploma in a technology focused program.
• Troubleshooting Windows Server
• Windows Desktop
• Business and functional analysis experience
• Able to cope with conflicting demands and meet deadlines
• Attention to detail with a high level of accuracy
• Remains calm under pressure
• Ability to present new ideas
• Self-motivated and self-managed
• Communicates effectively at all levels, both verbally and written
• Takes personal responsibility for getting things done
• Team player
• Written and spoken English is required

Nice To Haves

• Legal industry knowledge is a strong asset
• Bilingual French is an asset
• Achieved or pursuing ITIL Foundation and AZ-900 certifications
• Relevant security certifications such as Security+, SC-900, Qualys VMDR Specialist, and Qualys Policy Compliance Specialist are an asset

Responsibilities

• Assist the Infrastructure, End User Computing and Applications teams in maintaining a current security posture across all aspects of the IT environment, (hardware, operating system, application, cloud and mobile)
• Work with the global IT Security team to identify risks and vulnerabilities in the Canada region.
• Work with Canada IT to identify gaps in Asset management relating to security applications / controls missing from the endpoint.
• Audit patch deployment processes to resolve root cause of failed installations.
• Lifecycle management; understand end of life dates for in region builds and products, creating visibility and proactive action.
• Proactive use of BitSight to highlight priority vulnerabilities in region.
• Follow up with users who failed phishing simulations.
• Follow up with users who have not attended cyber training ensuring 100% compliance
• Assist the business in documenting IT Security guidelines and policies;
• Assist the business in responding to IT Security questionnaires, audits and client requirements;
• Work with the global IT Security team and regional Learning and Development team to prepare and deliver targeted IT Security training to the business;
• Conduct IT security audits of suppliers, products and services, including coordinating the security aspects of vendor health checks;
• Actively manage and monitor IT security systems;
• Coordinate execution of external penetration tests, analysis of penetration test reports and work with operational teams on implementation of any required actions;
• Work with operational teams and the wider business to ensure principles of password hygiene and least privilege are maintained;
• Adhere to set standards and procedures around change, problem and incident management;
• Be prepared to work after-hours;
• Liaise with other IT teams and employees to resolve issues;
• Comply with the in-house Information Technology procedures and protocols to ensure a high level of service to all users;
• Document all security procedures and guidelines for IT and the user community to ensure adherence to national and global IT standards.

Benefits

• Retirement savings plan with employer contribution
• Benefit premiums paid by the firm
• Telemedicine services
• Flexible health and wellness allowance that covers much more than gym memberships!
• Training and development programs based on your interests and needs