IT Security Analyst

This is a unique opportunity for creative problem solver who wants to not only make recommendations on security risks and assessments but to see them through to implementation and execution. 

Toronto, ON

Chartered Professional Accountants of Ontario

CPA Ontario protects the public interest by ensuring its members meet the highest standards of integrity and expertise. CPA Ontario serves and supports its more than 89,000 members and 19,000 students in their qualification and professional development in a wide range of senior positions in public accounting, business, finance, government, not-for-profits and academe. Chartered Professional Accountants are valued by organizations of all types and sizes for their financial expertise, strategic thinking, business insight, management skills and leadership. http://www.cpaontario.ca

keywords: who we are,the opportunity,who you are,what's in it for you,risk assement,analysis,collaboration,management,support,compliance,the education,the experience,the technical skills,the additional technical knowledge,the drive,the interpersonal capabilities

Experienced

Overview: <p><strong>The opportunity</strong></p> <p>CPA Ontario is currently in search of an<strong>&nbsp;IT Security Analyst</strong>&nbsp;to support organizational initiatives and strategic goals through the delivery of reliable and efficient security and technology solutions. We need an IT Security Analyst to be accountable for all facets of IT Security and ensure a highly productive and reliable service offering. This is an opportunity to be a contributing team member that helps carry out the vision, strategy and structure of the Information Security and Technology department.</p> <p><strong>Who you are</strong></p> <p>You have a passion for security, technology and process improvement. You want a role where in conjunction with IT Leadership and the IT security team, you can work on security across all systems and infrastructure. A place where you can drive IT issues across audit, compliance and risk management to resolution. An organization where you can be a champion of best practices.</p> <p><strong>What&rsquo;s in it for you</strong></p> <p><em>The chance to make an impact.&nbsp;</em>This is a change-focused environment and a chance to be part of a team that shaping the technology of CPA Ontario.</p> <p><em>The opportunity to work with an elite team.</em>&nbsp;We are on the &ldquo;smaller-side&rdquo; of a mid-sized organization. That means a chance to work closely and collaboratively across teams and develop a deep understanding of our processes, our tools, our infrastructure and our technical requirements of our people.</p> <p><em>The ability to introduce best practices.&nbsp;</em>This is an opportunity to step up and make an impact. You will be able to not only make recommendations but to also see them through to implementation.</p>
Responsibilities: <p><strong>What you will do:</strong></p> <ul> <li>Conduct security threat and risk assessments for CPAO&rsquo;s services and systems in accordance with industry recognized standards and which support appropriate security risk response, including the identification of administrative, procedural and technical control remediation items as required.</li> <li>Help coordinate and conduct efforts to analyze business impact and exposure based on emerging security threats, vulnerabilities and risks.</li> <li>Collaborate with and support other departments to identify security risks within their respective operational areas, make recommendations for appropriate security control remediation items and support the development of security process control improvements within those portfolios suitable for risk mitigation.</li> <li>Monitor, review and respond on security events received and track through to resolution. Escalate issues that cannot be resolved within acceptable time frames.</li> <li>Support the ongoing design, implementation and operation of CPAO&rsquo;s Information Security and Privacy Programs.</li> <li>Actively participate in patching program reviews and approvals across the organization.</li> <li>Coordinate and perform both network and web application vulnerability assessments.</li> <li>Perform ongoing day-to-day security device administration, including firewall, VPN, anti-virus, spam protection, vulnerability and patch management tools etc.</li> <li>Perform security scans on newly developed applications and ensure that applications being launched to the production environment are compliant.</li> <li>Perform PCI compliance scans and ensure that compliance is maintained across the organization.</li> <li>Manage security awareness training programs and report on key findings and recommendations.</li> <li>Participate in forensic activities, leveraging best in class tools to help drive investigations.</li> <li>Manage the security and business continuity portion of all vendors; ensure they comply with management and security policies.</li> </ul>
Requirements: <p><strong>So, how do we know you are the new IT Security Analyst for us? You have:</strong></p> <ul> <li>The education. You have a Bachelor's degree, preferably in Business Administration, Computer Science or Engineering. Preference is given for IT Security certification such as CISSP, SANS Certified Intrusion Analyst (GCIA), CompTIA Security+, CEH, GSEC or CISM.</li> <li>The experience. You have 5 or more years of Information Security hands-on administration experience across a variety of security products. You are a champion of IT Security best practices.</li> <li>The technical skills. You have hands-on expertise with Compliance Standards (PCI, DISA, CIS, NIST) Threat Hunting, SIEM (AlienVault, Splunk, ELK, QRadar, LogRhythm), Vulnerability Management, Vulnerability Scanners (Tenable Nessus, Qualys, Rapid 7 Nexpose, OpenVAS), Anti-Virus (Mcafee, CrowdStrike, SentinelOne, Carbon Black, Cylance, TrendMicro), Email Security (Barracuda, Mimecast, Proofpoint, IronPort).</li> <li>The additional technical knowledge. Ideally, you are also familiar with Web Application Scanners (Acunetix, Burp Suite, Netsparker, IBM AppScan), Next-Gen Firewalls (Palo Alto, Juniper, Fortinet, Check Point, ASA with Firepower, Meraki), Web Application Firewalls (A10, F5, Barracuda, CloudFlare, Radware, Imperva), Risk Frameworks (FAIR, NIST SP 800-30, OCTAVE, ISO 27005), Routing/Switching (Cisco, Juniper, Arista, HP, Dell), Wireless (Aruba, AreoHive, Ruckus, Cisco, Meraki). Digital forensics, Malware analysis, Memory analysis, Penetration testing are considered assets but not required.</li> <li>The drive. You are self-motivated and analytical. You have excellent troubleshooting, creative problem solving, critical thinking skills. You are logical, detail oriented and you have sound judgement.</li> <li>The interpersonal capabilities. Your communication skills, both written and verbal as well as your presentation skills are outstanding. You can build and nurture internal and external relationships, prioritizing customer service. You have the patience and language to translate complex technical terms for a non-technical audience.</li> </ul> <p><strong>About the Chartered Professional Accountants of Ontario</strong></p> <p>CPA Ontario protects the public interest by ensuring its members meet the highest standards of integrity and expertise. CPA Ontario serves and supports its more than 89,000 members and 19,000 students in their qualification and professional development in a wide range of positions in public accounting, business, finance, government, not-for-profits and academe. Chartered Professional Accountants are valued by organizations of all types and sizes for their financial expertise, strategic thinking, business insight, management skills and leadership. For information on the CPA profession, visit&nbsp;<a href="https://www.cpaontario.ca/">cpaontario.ca</a>.</p> <p>To express your interest in this opportunity, apply now.</p> <p>CPA Ontario is an inclusive employer. Accommodation is available under the Ontario Human Rights Code. If you require a disability-related accommodation to participate in the recruitment process, please email&nbsp;<a href="http://accessibility@cpaontario.ca/">accessibility@cpaontario.ca</a>&nbsp;with &ldquo;Accommodation Required&rdquo; in the subject line to provide your contact information.</p>