Sr. IT Security Analyst

Start Date: ASAP

Position: Permanent

Work Environment: Hybrid (3 days in office, 2 days remote, flexible hours)

Dress Code: Business Casual

Location: Downtown Toronto, outside of Union Station (TTC & GO accessible)

Kinross is a Canadian-based global senior gold mining company with operations and projects across the US, Brazil, Mauritania, Chile, and Canada. We prioritize delivering value based on our core values: Putting People First, Outstanding Corporate Citizenship, High Performance Culture, and Rigorous Financial Discipline. Listed on the Toronto and New York Stock Exchanges (symbols: K and KGC), we are committed to responsible mining, environmental sustainability, and community engagement.

The Senior IT Security Analyst will lead cybersecurity initiatives focusing on incident response, endpoint protection, security event monitoring, and identity & access management. This role is crucial in safeguarding our IT infrastructure, detecting threats, and ensuring compliance with security standards.

1. Incident Response: Lead investigations, perform root cause analyses, develop incident response playbooks, and recommend corrective actions.
2. Endpoint Security: Manage endpoint protection platforms (e.g., EDR, antivirus, DLP).
3. Security Monitoring: Configure and analyze logs from SIEM tools like Splunk to detect suspicious activities.
4. Identity and Access Management: Oversee IAM processes, enforce access controls, and manage user account provisioning.
5. Risk Assessment: Conduct security risk assessments and vulnerability scans, assisting in remediation.
6. Policy and Compliance: Develop and enforce security policies and procedures aligned with best practices and regulations.
7. Collaboration: Work with IT teams to embed security throughout the organization.

• Bachelor’s or Master’s in Computer Science, Information Security, or related field.
• 7+ years in information security, with expertise in:
• Cybersecurity incident detection and response
• Endpoint security technologies (e.g., Cisco Secure Endpoint, Sophos)
• SIEM tools, especially Splunk
• Identity and Access Management systems (e.g., EntraID, Saviynt)
• Cybersecurity frameworks (NIST, ISO 27001, CIS Controls)
• Scripting and automation (Python, PowerShell, Regex) is a plus.

• One of the following certifications is required:
• (ISC)2 certifications (e.g., CISSP)
• SANS certifications (e.g., GCIH, CEH, OSCP)
• Bonus: Splunk certifications (e.g., Splunk Certified Power User)

• Strong analytical and problem-solving skills
• High attention to detail and critical thinking
• Excellent communication skills (written and verbal)
• Ability to work independently and manage multiple priorities
• Leadership and mentoring abilities