Security Analyst

Key Responsibilities

Under the direction of the Supervisor of the IT infrastructure Unit, the Security Analyst manages the day-to-day operations of the in-place security solutions to identify, investigate and prevent security breaches detected by those systems. Secondary tasks include assisting and guiding the Information Technology team in the implementation of new security solutions, participation in the creation and or maintenance of policies and procedures as well as conducting vulnerability audits and assessments. The Security Analyst is expected to be fully aware of the enterprise’s security goals as established by its policies and procedures to actively work towards upholding those goals.  

1.     Responsible to develop and monitor Identity Management/User Access policy and procedures.
2.     Review and analyze log management system to detect security irregularities and investigate as warranted.
3.     Provide support for security products (Intrusion Prevention, Antivirus, Log Management, network authentication, etc.).
4.     Recommend audit thresholds, standards and tools as required, for manual or automated alarm triggering for investigative purposes.
5.     Works as part of the IT team to update, maintain and manage the security architecture infrastructure and manage regulatory compliance.
6.     Investigates and develops contingency plans by undertaking risk analysis, security investigations, and threat assessments.
7.     Researches and performs viability studies on new security measures, techniques, and technologies.
8.     Works with management and technical teams to improve technology and business security policies and initiatives.
9.     Investigates internal and external technical security threats and advises the IT teams on the prevention of malicious activity.
10.   Investigate member and staff security and human resource issues with a high degree of confidentiality and integrity.
11.   Other related duties as required. 

Competencies

1.     Bachelor’s Degree in Computer Science or a 2 year certificate in Computer Science from a recognized University or a 2 year Diploma in a related field from a recognized technical institute with progressively responsible experience in an enterprise computing environment. Working towards a SSCP, (ISC2), GSEC (SANS), or equivalent.
2.     Expert knowledge of network, desktop and telecommunication technologies including experience with Microsoft Windows Server Operating Systems, knowledge of security applications and platforms including firewalls, intrusion prevention, content filtering, anti-virus, anti-spam, data encryption, virtual private networking, endpoint security, patch management, email security, unified threat management, multi-factor authentication, wireless security, document security, instant messaging security, and biometrics.
3.     Awareness of various Security Industry Best Practices (NIST, COBIT, ISO 27001/27002, HTRA, PCI, etc.) and privacy legislations (i.e., FIPPA, PIPEDA, etc.)
4.     Ability to troubleshoot and solve complex technical problems.
5.     Strong customer service skills and the ability to establish and maintain user expectations, trust and confidence.
6.     Clear and effective oral and written communications in both technical and non-technical formats.
7.     Valid Class 5 Novice 1 (minimum) drivers’ license
8.     Adaptable to continual change in a dynamic environment.