Security Analyst (14 month Term)

About The Position

Requirements

• Post-secondary education in Computer Science, Information Systems or related field, or equivalent work experience.
• Minimum of three (3) years of experience in an information security or information risk management capacity.
• Experience in the field of Information Security, including cryptographic controls, authentication, security policies and practices, security reviews and vulnerability assessments, and threat and risk assessments.
• Ability to work outside of regular working hours based on operational requirements.
• Ability to participate in on-call rotation.
• Government of Canada Reliability Clearance or eligibility to obtain.
• Ability to work in person at the Payments Canada Ottawa office as needed.
• Knowledge of cryptographic, authentication, and access controls for network, database, application, and operating systems.
• Knowledge of industry security standards, laws, and regulations including PIPEDA, NIST/CSE, and CICA Evaluation standards.
• Experience in the use of ISO 27001 control framework and the software development and maintenance process.
• Energetic, self-motivated, quick-learner and able to assume responsibility with minimal supervision.
• High degree of initiative and flexibility.
• Strong communication and organizational skills.
• Strong relationship management skills.
• Strong interpersonal and teamwork skills

Nice To Haves

• Bilingualism (English and French) is considered an asset.
• Industry certification (CISSP, CISA, PSP, ISO 27001) is considered an asset.

Responsibilities

• Develop, deliver and maintain the Payments Canada Information Security Awareness Programs, which includes: developing bulletins, alerts, and awareness material to advise Payments Canada employees of their role and responsibility for information security; developing and delivering security training.
• Ensure Information Security Awareness compliance requirements for Payments Canada are met.
• Develop, deliver and maintain security awareness material relevant to new and ongoing security threats affecting Payments Canada, including its assets, infrastructure, personnel resources and members.
• Mitigate insider threat risk through security awareness and education, including role-based training based on threats, privileged users and other targeted user groups.
• Implementation and operating of Payments Canada personnel security and screening program, including: requirements dissemination, compliance audits, operational support (check/clearance processing and validation), stakeholder support (internal and contractor), service provider liaising and insider threat analysis/mitigation.
• Engagement with the Government of Canada Industry Security Program as a service provider in support of the Clearance program and operational requirements.
• Conducting comprehensive risk assessments as part of the personnel screening process to identify and mitigate potential security vulnerabilities.
• Participate in project teams by performing the information security functions of assigned projects, provide advisory services to internal and external stakeholders for the implementations of security requirements, and attend project meetings.
• Assist in the maintenance of Payments Canada’s Information Security policies, standards and procedures, and maintain related documentation.
• Perform and/or coordinate information security audits for the Information Security. Management Program, develop associated reports and findings, and participate in third party audits.
• Protect and safeguard sensitive information.
• Categorize systems based on pre-established criteria.
• Assign impact levels to the systems and to the information stored in and processed by those systems (classification of assets).
• Select and implement appropriate security controls, and test for effectiveness.
• Respond appropriately when security breaches are discovered.
• Attend various meetings (e.g. daily problem change control meetings, project meetings) as a representative of the Security team.
• Communicate and collaborate with employees of other Payments Canada divisions as well as Payments Canada members and user groups (such as security officers and special interest groups) to provide information, advice and solutions on various information security and risk management issues (e.g. access, security events and incidents, policies, procedures, vulnerabilities etc.)
• The incumbent can expect to spend approximately 5 days annually attending courses and seminars, webinars, following in-house self-study courses, and pursuing technical reading and research in order to maintain the skills required in the performance of the duties associated with this position.
• Remain current with security trends, threats and vulnerabilities, mitigation practices, and new products.

Benefits

• Flexible, hybrid (remote/office) environment.
• Competitive compensation package, including annual variable bonus and defined contribution pension plan with employer matching percentage (if eligible).
• Comprehensive health and dental benefit coverage, including mental health coverage, life insurance and a health spending account for you and your dependents (Permanent and temporary employees with contracts 12 months and over).
• Paid time off: minimum four weeks paid vacation, sick and personal days, December holiday shutdown and cultural holiday observance days.
• 26 weeks of paid maternity and parental leave top-up (if eligible)
• Rewards and recognition program.
• Access to office gym facilities.
• Internal and external professional development opportunities.
• Fun team and organizational events.
• Monthly all staff forums led by our Executive Leadership Team.