Lead Analyst – IT Security Risk & Compliance (Application Security)

University of Ottawa•Lexington, MA

7d•Hybrid

About The Position

Information Technology is a dynamic and collaborative environment. We are focused on prioritizing and optimizing technological investments that facilitate the best student experience, as well as the activities of faculty, researchers and staff. Our greatest strength are the people working with us. People like you, professionals eager to flex their intellectual muscle and achieve new heights in their career. Working here gives you access to a great IT environment, rich with a diverse range of platforms, products, and services. This is a place where innovative ideas are welcome. In a nutshell: working here is challenging and rewarding. It’ll bring out the best of you. We want people that have the drive to advance IT in higher education. We have the technologies to keep your inner fires burning, and benefits that can help you sustain a better lifestyle. And all this minutes away from gyms, the Byward Market, downtown, and the Rideau Canal at lunch time for runners and skaters. Position Purpose Reporting to the Senior Manager, IT Security, the incumbent directs the design, development, implementation, integration, testing, and ongoing management of application security across all University systems. This includes mission-critical applications such as Oracle PeopleSoft, containerized environments (Kubernetes), cloud platforms (Microsoft Azure), and application delivery systems (F5). The incumbent works with minimal supervision and acts as a subject matter expert in application security, ensuring secure development practices and compliance with industry standards. The role also provides security education to the University community and leads monitoring, investigation, and resolution of application-related security issues.

Requirements

University degree in Computer Science or Information Technology or a related field or an equivalent combination of education and experience.
Minimum of 7 years’ experience in design, development, implementation and management of applications/systems related to Information Security in a complex and diverse IT environment.
Proven experience designing and securing large-scale enterprise applications in a multi-platform environment, including Oracle PeopleSoft, Kubernetes, F5 BIG-IP, and Microsoft Azure.
Advanced knowledge of application security principles, secure SDLC, and DevSecOps practices.
Strong expertise in ERP security (PeopleSoft), container security (Kubernetes), and cloud-native security (Azure).
Experience with security technologies such as SIEM platforms (Splunk is an asset), vulnerability scanners, penetration testing frameworks, and application firewalls.
Proficiency in programming and scripting languages for automation and security integration within CI/CD pipelines.
Leadership skills with the ability to coach, mentor, and influence development and operations teams on secure practices.
In-depth analytical skills for complex problem solving, including threat modeling and risk assessment.
Excellent communication skills to interact with technical and non-technical stakeholders and provide expert guidance.
Ability to work a flexible schedule, including occasional weekends and evenings.
Bilingual: French and English (spoken and written).

Nice To Haves

Knowledge of the University’s IT and security policies, procedures, and standards is an asset.
Experience managing security projects and meeting strict deadlines.
Professional certifications such as CISSP, CSSLP, or cloud security certifications (Azure Security Engineer) are preferred.

Responsibilities

Application Security Planning, Design and Deployment: Develop plans and approaches to designing and configuring security system requirements for University enterprise systems. Responsible for establishing and/or implementing frameworks and templates to standardize information security solutions and application integration activities.
Application Security Administration and Platforms: Assess security configuration, lead system security administration and recommend process improvements on select University enterprise Systems. Lead the implementation, operationalization, customization, configuration, programming, testing, and maintenance of complex security platforms/solutions using multiple technologies.
Development: Develop program code/scripts according to technical standards and security policies. Build/develop use cases for Security Operations Centre. Responsible for ensuring all code is properly versioned, maintained and reviewed within enterprise code repositories and SDLC practices.
Problem Resolution: Analyze operational/complex problems and implement solutions to resolve these problems. Communicate with vendors’ technical representatives to resolve complex problems by providing detailed information and following up with documentation. Investigate and analyze security incidents, risks and breaches to security policy/procedures. Conduct and document root cause analysis. Participate in the design of solutions to IT Security problems.
Knowledge and Enforcement: Maintain a solid working knowledge of Information Security principles and practices. Conduct research of the current trends of information security and event monitoring and keep up-to-date with issues and technologies. Participate in knowledge sharing with other team members to advance the security monitoring program. Enforce IT security policies, procedures and specific security standards that govern various level of security.

Benefits

The University of Ottawa offers a generous pay and benefits package that includes a competitive salary, a defined benefit pension plan, group insurance coverage and an employee and family assistance program.

Stand Out From the Crowd

Upload your resume and get instant feedback on how well it matches this job.

Upload and Match Resume