Information Security Analyst

Security and Compliance is the name of your game and you play to win. Inside and out, you're all about protection and continuous improvement. You understand that at the core of security is the need to maintain the confidentiality, integrity, and availability of information and that means implementing the right protective measures. From administering the employee security education and awareness program to checking PCI requirements you’ve got it covered.

WHAT MOVES YOU

• You’re a comfortable and confident communicator, highly skilled in researching and interviewing, and able to adjust your approach depending on your audience. You know what questions to ask and what to look for when problems arise.
• You have the words, “Document everything!” tattooed on your forearm. (Okay, you probably don’t but you know you’ve thought about it!)
• You manage your time as expertly as you manage your projects — prioritizing, planning and organizing are part of your DNA.
• You excel at client relations, able to build and maintain effective relationships with management, business partners, regulators, customers, and team members.
• You are a lifelong learner, you know that growing your cybersecurity skillset and remaining up to date on industry trends, given the ever-evolving security landscape, is imperative to professional success.
• You’re the complete package : you have strong judgment, planning, analytical and problem-solving skills, and the ability to influence decision-makers, and we like that about you.

WHAT YOU'LL DO

• Reporting to the Senior Manager, IT Security and Compliance, you’ll be supporting the team with your expert knowledge on all things compliance.
• Participate in the development and documentation of security policies, standards, and procedures for protecting the organization. Recommend enhancements to management as needed.
• Provide analysis and recommendations on compliance with internal and external policies, standards, controls, and regulations.
• Coordinate the enterprise-wide role-based information security awareness and training program.
• Assist in the coordination, facilitation, and consolidation of internal and external audits and related remediation efforts.
• Perform threat and security risk assessments of both third-party and internal applications.
• Support and assist in the maintenance of the vulnerability management program.
• Research and maintain an awareness of emerging or escalating security risks.
• Assist with and actively participate in incident response activities to minimize the impact to the organization.
• Produce detailed incident reports and technical briefs for management, administrators, and end-users.

WHAT YOU'VE DONE

• You have a post-secondary degree or diploma in an appropriate field like Information Technology, Information Security or Computer Science.
• You have a minimum of 3-4 years of progressive experience in the IT Security industry.
• You have demonstrated knowledge and understanding of Information Security concepts.
• You’ll get bonus points if you have security certifications such as CISM, CRISC, PCI ISA, ITIL, and / or COBIT.
• You have demonstrated knowledge and understanding of IT Security regulations and frameworks such as NIST CSF, NIST 800 : 53, PCI DSS, OSFI.
• You have strong writing and presentation skills, for both technical and business issues.

WHAT YOU'LL GET

• Outstanding employer-paid Retirement Savings Program.
• Great AMA discounts.
• Unlimited learning opportunities.
• Paid Vacation and other paid time off including a Volunteer Day and Me-Day

We thank all applicants for their interest; however, only those selected for an interview will be contacted.