Sr. IT Security Analyst

Start Date ASAP

PositionPermanent

Hybrid Work Environment (3 days in office, 2 days remote with flexible hours)

Dress Code Business Casual

Location Downtown Toronto, Outside of Union Station (TTC & GO accessible)

A Great Place to Work

Kinross is a Canadian-based global senior gold mining company with operations and projects in the United States, Brazil, Mauritania, Chile and Canada. Our focus on delivering value is based on our four core values of Putting People First, Outstanding Corporate Citizenship, High Performance Culture, and Rigorous Financial Discipline. Kinross maintains listings on the Toronto Stock Exchange (symbol:K) and the New York Stock Exchange (symbol:KGC).

Mining responsibly is a priority for Kinross, and we foster a culture that makes responsible mining and operational success inseparable. In 2021, Kinross committed to a greenhouse gas reduction action plan as part of its Climate Change strategy, reached approximately 1 million beneficiaries through its community programs, and recycled 80% of the water used at our sites. We also achieved record high levels of local employment, with 99% of total workforce from within host countries, and advanced inclusion and diversity targets, including instituting a Global Inclusion and Diversity Leadership Council.

Eager to know more about us? Visit Home - Kinross Gold Corporation

The Senior IT Security Analyst will be responsible for leading cybersecurity initiatives with a focus on incident response, endpoint protection, security event monitoring, and identity & access management. This role plays a critical part in safeguarding the organization’s IT infrastructure, detecting and mitigating threats, and ensuring compliance with security standards.

• Incident Response: Lead investigations of cybersecurity incidents, perform root cause analyses, and recommend corrective actions. Develop and maintain incident response playbooks.
• Endpoint Security: Manage and optimize endpoint protection platforms (e.g., EDR, antivirus, DLP) across the enterprise.
• Security Monitoring: Configure, monitor, and analyze logs from SIEM tools such as Splunk to detect suspicious activity and generate reports.
• Identity and Access Management (IAM): Oversee IAM processes, enforce access controls, and ensure proper provisioning and deprovisioning of user accounts.
• Risk Assessment: Conduct security risk assessments and vulnerability scans and assist in remediation efforts.
• Policy and Compliance: Develop and enforce IT security policies, standards, and procedures in alignment with industry best practices and regulatory requirements.
• Collaboration: Work closely with IT operations, infrastructure, and application teams to ensure security is embedded throughout the organization.

• Bachelor’s or Master’s degree in Computer Science, Information Security, or a related field
• 7+ years of experience in information security, with a strong background in:
  • Cybersecurity incident detection and response
  • Endpoint security technologies (e.g., Cisco Secure Endpoint, Forcepoint SSL Decryption, Sophos, Trellix EDR)
  • SIEM tools, specifically Splunk
  • Identity and Access Management systems (e.g., EntraID, Saviynt, Sale Point)
• Deep understanding of cybersecurity frameworks (NIST, ISO 27001, CIS Controls)
• Experience with scripting and automation (e.g., Python, PowerShell, Regex) is a plus

• A certificate from (ISC)2
  • Preferred: CISSP - Certified Information Systems Security Professional
• A certificate from SANS
  • Preferred: GCIH - GIAC Certified Incident Handler
• CEH - Certified Ethical Hacker
• OSCP - OffSec Certified Professional

Bonus: Splunk certifications (e.g., Splunk Certified Power User)

• Strong analytical and problem-solving skills
• High attention to detail and critical thinking
• Excellent communication skills (written and verbal)
• Ability to work independently and manage multiple priorities
• Leadership and mentoring abilities