IT Security Analyst

Summary

The GraceKennedy Financial Group seeks to identify an individual looking for an excellent opportunity to progress his/her career; and who possesses the vision and energy to help drive dynamic changes across the group

Responsibilities

• General Responsibilities:

  • • Executes the administration of corporate information security technologies (SIEM, MDM, EDR, etc).
  • • Submit status reports and timely escalate problems/identified risks to IT management.
  • • Ensure that IT security policies and procedures employed by GKFG are used and adhered to.
  • • Participates in the development of the IT department’s security policies, procedures, and resources.
  • • Participate in the acquisition and implementation of new IT security processes/technology.

• IT Security:

  • • Ensure that GKFG computing systems and networks maintain a strong information security posture that safeguards against varying cyber threats and attacks including but not limited to, Trojans, malware, and ransomware.
  • • Ensure the ongoing security monitoring of LANs, WANs, network segments, Internet, and intranet systems.
  • • Complete review of user and server environment, directories, and other security parameters for systems in accordance with standardized procedures.
  • • Support the deployment, maintenance, and administration of all enterprise security systems (on-prem and cloud based) and their corresponding or associated software, including firewalls, intrusion detection systems, cryptography systems, and anti-virus software.
  • • Assist with security planning to achieve business goals by prioritizing defence initiatives and coordinating the evaluation, deployment, and management of current and future security technologies.
  • • Develop, implement, maintain, and oversee enforcement of policies, procedures, and associated plans for system security administration and user system access based on industry-standard best practices.
  • • Creatively and independently provide resolution to security problems in a cost-effective manner.

• IT Vulnerability Management:

  • • Configure vulnerability scans and ensure appropriate hardening for mission critical technology assets, and core devices to minimize threats on the network and systems.
  • • Oversee vulnerability management procedures in the collecting, assessing, and cataloguing threat indicators, scan reports and remediation log progress. c. Coordinate with technical administrators to apply critical security patches and upgrades within the prescribed schedule.
  • • Conduct research on Common vulnerabilities and exposures (CVE) and Common Vulnerability Scoring System (CVSS), to evaluate the threat level of a vulnerability and risk exposure within GKFG computing environment.

• Incident Management:

  • • Monitors and analyses networks and critical server alert tickets to detect security incidents.
  • • Act as primary contact for incident notification and escalation by internal stakeholders, technology team and Managed Security Provider (MSP).
  • • Serves as an active member of the Cyber Security Incident Response Team (CSIRT) and participates in security incident response efforts by directing first responders to triage an event and performing advanced response actions for escalated events.
  • • Provides technical expertise regarding security-related concepts (as needed) to operational teams within the Information Technology Department and the business.

• Security Assurance/Audits:

  • • Supports technical team members to ensure the timely coordination, scheduling, and execution of security assurance tests.
  • • Perform and provide support for penetration testing of relevant technology focus areas (i.e., local computing environment, servers, network, web-facing applications and infrastructure) along with progression tracking and execution of recommendations.
  • • Provide IT security audit support and ensures control processes are implemented to prevent repeat findings.
  • • Execute routine security baseline self-audits to ensure controls are maintained to minimize unauthorized access to system.

Qualifications

• • University degree in Computer Science/Engineering/Information Security or related area.
• • Must have at least four (4) years’ work experience in a similar role.
• • Possess a general understanding of security technologies, which may include: SIEM, DLP, EDR, WAF, IDS/IPS, MDM, and other security compliance controls.
• • Knowledge in various operating system administration (e.g. AIX, Linux, and Windows servers), physical and virtual environments with specific emphasis on vulnerability management, system hardening, and building security defence solutions.
• • In-depth knowledge of applicable laws and regulations as they relate to cyber security.
• • PENTEST+, SECURITY+, CISSP certifications or equivalent are required; CEH, CHFI, OSCP, SSCP certifications are desirable.
• • Capable of interacting with individuals of differing levels of experience and expertise.
• • Strong analytical, problem solving and decision-making skills.
• • Excellent presentation and communication skills, both written and verbal.
• • Excellent interpersonal, negotiation and mediation skills.
• • High level of initiative and flexibility.
• • Must be highly team oriented.
• • Strong analytical ability with well-developed planning, decision-making and coordinating skills.
• • Must be highly motivated, responsible, possess initiative and have above average problem determination skills.

Share This Job