$80K — $100K *
About the role
Reporting directly to the Senior Manager, IT Risk & Compliance Governance, the Information Security Analyst is responsible for ensuring the security and compliance throughout eStruxture enterprise, ensuring consistent and effective information security practices, policies and procedures, while providing guidance, direction and development of information security related initiatives. The incumbent of this position must be a motivated self-starter who is information security-obsessed and results-oriented, possessing the skills and flexibility necessary to build solid relationships with internal customers and operational counterparts
Maintain information security posture at eStruxture (60%)
Safeguards information system assets by identifying and solving potential vulnerabilities and actual security problems.
Recognizes problems by identifying abnormalities, reporting violations.
Implements security improvements by assessing current situation; evaluating trends; anticipating requirements.
Developing and implementing a comprehensive plan to secure our computing network.
Monitoring network usage to ensure compliance with security policies.
Performing penetration tests to find any flaws.
Monitoring and maintaining network security servers and performing upgrades.
Performing system/network administration tasks and ensuring network security.
Remaining informed of organizational strategies, initiatives and policies and communicating information security guidelines, best practices, or procedural changes to impacted parties with a focus on information security legislation. Ensure monitoring oversight of information security within eStruxture locations
Protects system by defining access privileges, control structures, and resources.
Upgrades system by implementing and maintaining security controls.
Develop, analyze, document, and validate information security requirements and/or specifications for new initiatives, processes, or enhancements/upgrades to existing systems to support core compliance and security requirements.
Support the development and delivery information security documentation (customer inquiries, RFIs, business requirements (compliance, security, functional, and non-functional), business process issues and risks (ensuring that necessary certification and audit controls are addressed). Investigate and recommend solutions using sound business judgment.
Keeping up to date with developments in IT security standards and threats
Accountable for managing the information security evidence, meetings, and walkthroughs of the SOC 2, PCI DSS, and ISO 27001 annual audits.
Support the timely remediation of Information security audit findings.
Securitu Collaboration 10%
Support and collaborate with Physical Security Manager on security related incidents
Coordinate the documentation, recommendations, and implementation of corrective security measures.
Collaborating with management and the IT department to improve security.
Educating colleagues about security software and best practices for information security.
Maintains technical knowledge by attending educational workshops, reviewing publications.
Contributes to team effort by accomplishing related results as needed.
An intermediate level, along with demonstrated extensive experience at team lead level in a similar environment, or a strong background in compliance, or related fields.
minimum 4-year related network/information security/operations experience.
Specialised knowledge and experience in the operational aspects of information security management controls and implementation of policies relating to these areas.
Bachelor’s degree in Computer Science, Information Systems, or equivalent education or work experience
Advanced certifications such as SANS GIAC/GCIA/GCIH, CISSP or CASP and/or SIEM-specific training and certification
Hold DoD-8570 IAT Level 2 baseline certification (Security+ CE or equivalent) at start date
Advanced understanding of TCP/IP, common networking ports and protocols, traffic flow, system administration, OSI model, defense-in-depth, and common security elements.
Hands-on experience analyzing high volumes of logs, network data (e.g., Netflow, FPC), and other attack artifacts in support of incident investigations
Experience with vulnerability scanning solutions
Proficiency with any of the following: Anti-Virus, HIPS, ID/PS, Full Packet Capture, Host-Based Forensics, Network Forensics, and RSA Security
In-depth knowledge of architecture, engineering, and operations of enterprise SIEM platform(s).
Experience developing and deploying signatures
Understanding of mobile technology and OS (i.e. Android, iOS, Windows), VMware technology, and Unix and basic Unix commands.
Extensive information security experience including governance.
Proficiency in French/English
Valid through: 12/8/2021