IT Security Analyst

Join to apply for the IT Security Analyst role at The Royal Conservatory of Music

Join to apply for the IT Security Analyst role at The Royal Conservatory of Music

The Royal Conservatory of Music provided pay range

This range is provided by The Royal Conservatory of Music. Your actual pay will be based on your skills and experience — talk with your recruiter to learn more.

Base pay range

CA$75,000.00 / yr - CA$85,000.00 / yr

The Royal Conservatory (RCM) is one of the largest and most respected music education institutions in the world, providing the definitive standard of excellence in curriculum design, assessment, performance training, and teacher certification. It is also a leader in the development of early childhood education programs and arts-based social programs, and presents a diverse range of concerts featuring the finest Canadian and international artists in its magnificent performance space, Koerner Hall. Please visit www.rcmusic.com for more information.

About the Opportunity

The IT Security Analyst plays a key role in strengthening the security posture of the Royal Conservatory of Music (RCM) by proactively implementing and managing security technologies. This role is responsible for monitoring the computing environment, analyzing and responding to cyber threats, and supporting vulnerability management efforts. It includes developing and maintaining scripts to streamline incident response and security analysis.

The Analyst ensures the secure operation of infrastructure and networks, identifies requirements for new security tools, and defines use cases to enhance security monitoring capabilities. Additionally, the role supports and maintains RCM’s compliance with PCI standards and manages responsibilities related to PIPEDA privacy compliance.

Main Duties & Responsibilities

Threat and Vulnerability Management and SecOps

• Responsible for analyzing our current IT ecosystem for areas of improvement, attack vectors, and potential risks, including the thorough documentation of all failure points.
• Proactively monitor the network for potential risks, security breaches and threats, investigating violations as needed, leveraging XDR / Enterprise Immune System capabilities
• Maintain a good operational security posture through incident management and responsiveness, vulnerability management and assessment, system patching, backup, access provisioning, upgrade planning, and policy configuration.
• Monitor email traffic for security threats, spam, and phishing attempts, implementing necessary countermeasures.
• Monitor IDS / IPS solutions, ensuring real-time detection and prevention of security threats
• Investigate and respond to endpoint security incidents, coordinating with other IT, business teams, and staff as necessary.
• Perform other duties related to the role as required.
• Administer and secure cloud environments, including Azure, Intune and AWS platforms.
• Implement cloud security best practices, including data encryption, access controls, and network security.
• Audit cloud environments for security compliance and risk management.
• Develop and enforce IAM policies, ensuring proper user authentication, authorization, and access control.
• Implement and manage SSO solutions, ensuring seamless and secure user access to multiple applications.
• Regularly review and audit access controls, ensuring compliance with security policies and regulatory requirements.
• Implement and manage DLP solutions to prevent unauthorized access and exfiltration of sensitive data.
• Prepare for and participate in security audits, providing necessary documentation and support when needed.

Security Operations

• Be responsible for the administration of the following : Active Directory (AD Connect, GPO implementation, etc.); Windows Server (DHCP, DNS); VMware (VM setup, monitoring, etc.); and SSL setup and configuration (new, renewals, wildcard)
• Ensure that PCs, servers, and other devices are patched in a timely fashion and contain up-to-date software.
• Ensure all endpoints are encrypted and MFA protected.
• Develop and support organizational security standards, best practices, preventative measures, and disaster recovery plans, especially SOC2.
• Performing risk assessments on projects from a technical security perspective to ensure that the security safeguards and controls are in line with RCM’s Security policy and standards.
• Stay updated on the latest cybersecurity trends and technologies, recommending enhancements to the existing security posture.
• Assist with maintaining organization-wide cybersecurity policy and governance.

What We're Looking For

• A University degree in computer science or related discipline, or combination of skills and experience – five (5) years of progressive security experience is required.
• Proficient in security operations and threat hunting, including assessing systems for risk, investigating security threats and implementing current IT-industry security standards.
• Strong knowledge of Windows and Linux operating systems.
• Strong understanding of security incident management, malware management, and vulnerability management processes.
• Ability to oversee penetration testing provided by third parties.
• Ability to perform vulnerability assessments on various systems, taking remedial action as needed.
• Knowledge of common scripting languages like Shell and PowerShell.
• Familiarity with PCI Data Security Standards and SOC2.
• Familiarity with PIPEDA and any other Canadian privacy regulations.
• Self-starter, works independently, and adjusts to changing priorities, a critical and strategic thinker, negotiator, and consensus builder.
• Proficiency in creating reports, presentations, architecture, workflow diagrams, and documentation.
• Strong verbal and written communication skills, including the ability to communicate and interact effectively with technical professionals as well as non-technical individuals.
• Strong customer service orientation, with a demonstrated ability to listen and understand and to establish and maintain effective relationships with users.

Experience with the following technologies is a must :

• Microsoft 365 (Security and Purview)
• Microsoft Windows Servers, Windows 11 and Ubuntu
• Microsoft DLP
• Active Directories - DNS, DHCP and GPO
• Cloudflare
• Firewalls, preferably Palo Alto

Experience with the following technologies is an asset :

• Qualys VMDR and WAS
• Sophos XDR and Email gateway
• Wazuh SEIM solution or similar
• Zoho / Managed Engine Endpoint Central

Certification Requirements :

• CCNA
• CEH or CompTIA Pentest+
• Microsoft Security Operations Analyst Associate (SC-200) or higher.
• Microsoft Azure Security Engineer Associate is an asset.
• AWS Certified Security – Specialty is an asset.
• CISSP or CCSP is an asset.

Salary Range

• 75,000 – 85,000 per annum

Additional Information

• Hybrid work arrangement, working at the office at least 2 days a week or as required / requested, inclusive of all staff Community Days.
• Regular office hours, though occasionally additional hours will be required.
• Works with confidential issues and data.
• A criminal records check is required for this position.
• Requires participation in meetings, conference calls and in-office work as needed.

How to Apply

Interested candidates are asked to submit a cover letter and current résumé online (please upload a single file combining both documents) at https : / / www.rcmusic.com / about-us / careers-royal-conservatory . Applications will be accepted until a suitable candidate has been identified.

The RCM thanks all applicants for their interest in this position; however, only those selected for an interview will be contacted.

The RCM is committed to fostering an inclusive, equitable and accessible workplace. In accordance with the Ontario Human Rights Code, the Accessibility for Ontarians with Disabilities Act, 2005, and the RCM’s Anti-Racism, Access and Equity Policy, accommodation will be provided at any stage of in the recruitment and selection process. Applicants are asked to make their accommodation needs known when they have been contacted for an interview.

Seniority level

Seniority level

Associate

Employment type

Employment type

Full-time

Job function

Job function

Information Technology, General Business, and Other

Technology, Information and Media, Computer and Network Security, and IT System Operations and Maintenance

Referrals increase your chances of interviewing at The Royal Conservatory of Music by 2x

Get notified about new Information Technology Security Analyst jobs in Toronto, Ontario, Canada .

Senior Support Specialist, IT Security Solutions

Senior Manager, IT - Infrastructure Security & Data Protection

Senior Manager, IT - Infrastructure Security & Data Protection

Security Analyst – Project REACH - Temporary Full-Time 2025-13849 (2025-13849)

Information Security Analyst, Data Loss Prevention

Cyber Controls Assurance Analyst (Global Security)

Governance Risk and Compliance Security Analyst

Scarborough, Ontario, Canada 2 months ago

Business Systems Analyst (Cyber Security) - (Hybrid - Toronto)

Senior Information Security Analyst (Data Loss Prevention)

Global Security Intelligence & Travel Risk Analyst

Bilingual GSOC Analyst, Physical Security (English and French)

We’re unlocking community knowledge in a new way. Experts add insights directly into each article, started with the help of AI.

J-18808-Ljbffr

It Security Analyst • Toronto, ON, Canada