Job Summary:Under the general direction of the Director of Information Technology and working hand on hand with the Cybersecurity Lead, the successful applicant will play a vital role in safeguarding the organization's digital assets and protecting sensitive information from unauthorized access, threats, and vulnerabilities.
Job duties and responsibilities:- Operate and support core security controls, including vulnerability management, secure configuration, patching, and remediation tracking.
- Collaborate with IT and engineering teams to provide security best-practice guidance and support secure system design.
- Participate in security monitoring, incident investigation, and response, including root cause analysis and coordination with SOC partners.
- Support email security, phishing, and user security awareness initiatives, including analysis and containment of reported threats.
- Support data security and privacy controls, including encryption, DLP, access governance, and business continuity/disaster recovery readiness.
- Maintain and improve security processes, documentation, and automation, leveraging scripting where appropriate.
- Assist with internal security assessments, third-party risk activities, and remediation tracking.
- Support identity, access, and privilege management, including RBAC, MFA, PAM, and least-privilege enforcement.
- Assist in securing cloud and infrastructure environments (AWS) in alignment with industry frameworks such as NIST and CIS.
- Monitor emerging threats and security advisories and take appropriate action to reduce risk.
- Support coordination with third-party cybersecurity service providers, including threat monitoring and cyber insurance partners.
Job requirements and qualifications:- Post-secondary degree or diploma in Information Technology from an accredited institution
- 5 years of progressive experience in Cybersecurity and Information Security roles
- Relevant certifications such as CEH/Security+, AWS Certified Security - Specialty, GCSA
- Nice to have certifications such as CISSP/CISM, CISA, GIAC
- Hands-on experience in conducting Threat Risk Assessments, Vulnerability Assessments, Penetration Testing, Incident Response
- Deep experience in the application and management of frameworks like NIST, ISO 27001, SANS 20
- Proven leadership and collaboration skills, and ability to communicate complex concepts at all levels
- Hands-on experience in the implementation and management of technologies and processes used to safeguard information assets
