SENIOR INFORMATION SECURITY ANALYST (HYBRID)

WHO WE ARE
When it comes to health, we’re always looking for ways to push for better. It’s why we were founded in the first place. In 1957, our founder, pharmacist William Wilkinson, witnessed a mother sacrifice her health by forgoing her own medicine to pay for her sick daughter’s prescription. He knew there had to be a better way. So, he introduced North America’s first prepaid drug plan, and GreenShield was born as a not-for-profit with a mission to support better health for all Canadians.

We aren’t just a health and benefits company. We’re the only not-for-profit social enterprise that brings worlds of coverage and care together, all in one place.
We’re noble challengers, purposefully building a better way, and we need the best people to help us create a more holistic approach that takes care of the mind and body.

Our mission is to create better health for all Canadians, and we know that starts with our employees.

THE ROLE IN A NUTSHELL

• Manages the enforcement of corporate, regulatory, and risk management policies and assists in developing, maintaining, and publishing corporate information security standards, procedures, and guidelines for enterprise and cloud computing platforms.
• Provides subject matter expertise to departments on issues of Information Security, including technical guidance.
• Creates and maintains logical security reporting that facilitates logical security monitoring. Provides guidance to user security administrators responsible for specific application security.
• Designs, implements, and maintains robust security measures to safeguard cloud environments in Microsoft Azure Cloud, Google Cloud Platform (GCP), and Amazon Web Services (AWS).
• Performs technical lead functions for security projects, applications, and systems, and manages and investigates local security incidents. Implements upgrades, repairs, modifications, and replacements of information security devices or software.
• Plans and implements security and integrity controls over applications including Microsoft and Google Cloud Platform.
• Provisions access to internally developed and cloud-based applications through the enterprise IAM tool, enforcing enterprise ITSM practices.
• Analyzes SOC-related alerts and owns the relationship with the SOCaaS Provider.
• Analyzes application security needs based on the sensitivity or proprietary nature of the data, ensuring all systems are used for management-approved purposes only.
• Provides technical expertise and guides the administration of security tools that control and monitor information security.
• Supports disaster recovery activities to recover critical services in the event of a declared disaster, providing direction and in-house consulting in these areas.
• Researches, evaluates, designs, tests, recommends, and plans implementation of new or improved information security software or devices.
• Participates in audit reviews for organizational compliance, including artifact gathering and deficiency remediation.
• Trains information owners and officers in implementing necessary computer security controls or new/upgraded security software and devices. Develops and implements information security educational programs, conducting awareness seminars and workshops as appropriate.
• Provides mentorship and support to other security team members.

WHO WE'RE LOOKING FOR

• Bachelor’s degree in Computer Science, Engineering, or related discipline.
• This role will have exposure to Protected B data as per Public Service and Procurement Canada requirements. The successful candidate must acquire and maintain Reliability Status to be eligible for this position.
• 8 or more years in IT Security.
• Solid multi-platform knowledge including operational and security considerations. Experience in UNIX, Windows, Linux, and network security environments including firewalls, intrusion detection, incident response, IAM, PAM, SOC, vulnerability testing, OS hardening, regulatory compliance, and data classification. Knowledge of SIEM and EDR/XDR platforms.
• Highly desirable certifications include CCSK, CCSP, CISSP, CSSLP, SSCP, CEH, Google, Microsoft Azure, M365, Security, Nessus, Tenable.io, SC-300, SC-200, SC-400, SC-900, and SC-100.
• Google Cloud Security Analyst certification is mandatory.
• Demonstrated strategic thinking, relationship management, and successful technology implementation skills.
• Ability to analyze technical and business risks and recommend security controls or corrective actions.
• Deep knowledge of security tools including firewalls, IDS, IPS, SIEM, IAM, PAM, and their management.
• Experience with Saviynt, BeyondTrust Bomgar, Azure Sentinel, Microsoft Defender, and Google Security Command Center is an asset.
• Experience with security solutions for transactional websites and penetration testing is an asset.
• Self-starter with minimal supervision, strong analytical and problem-solving skills, and excellent communication skills.
• Strong team-oriented interpersonal skills and ability to interface effectively with various stakeholders.

THE CULTURE

We believe a career should be meaningful, not just a means to earn a living. Our culture values every voice, challenges the status quo, and empowers employees to be their best. We foster an inclusive environment that enhances our organization and supports our communities. A career at GreenShield is about making a difference together.

A FEW MORE DETAILS

Proficiency in English is required. We support diversity, equity, and inclusion and encourage applications from all candidates. Accommodations are available upon request at requestforaccommodation@greenshield.ca. Your information will be kept confidential and used solely for the purpose of assessing your suitability for this role or future opportunities.