Cybersecurity Analyst

Job Profile:

Reporting to the Director of I.T., the successful applicant will be responsible and accountable to provide comprehensive cybersecurity analyses and risk mitigation strategies and improvement solutions in support of the overarching protection of our organizations’ digital architecture.

Job Responsibilities / Duties:

1. Leading the ongoing risk assessment, incident response, and cybersecurity infrastructure upgrades to keep our organization protected from evolving threats by:

• Mapping and validating the existing cybersecurity controls and assisting in the design and implementation of authorized upgrades and improvements on a scalable project-based basis, including for virus protections, remote access control strategies, intrusion detections, cloud technology protections, etc.;
• Conducting regular and thorough risk and threat assessments to identify potential internal and external vulnerabilities on an ongoing basis and recommending relevant solutions to improve the overall security infrastructure;
• Implementing, testing and supporting all security solutions on an evolving basis;
• Ensuring that all systems are running optimally and proactively anticipating and addressing/mitigating system threats or cybersecurity incidents before they occur;
• Keeping up-to-date with the latest industry news pertaining to cybersecurity or infrastructure problems and flagging any identified issues to the Director of I.T. for resolution;
• Performing server security audits, and ensuring appropriate system backup procedures and recovery processes are in place and adhered to as one mitigation strategy against ransomware attacks;
• Acting as a high-level resource to the Director of I.T. and executive leadership pertaining to disaster recovery and continuity planning for all in-house cybersecurity and digital threat response solutions;
• Developing, implementing, and maintaining a comprehensive disaster recovery plan to ensure business continuity in the event of a natural or man-made disaster;
• Conducting regular tests and drills to assess the effectiveness of the disaster recovery plan;
• Conducting ongoing research on the latest technologies relating to cybersecurity and threat detection and prevention in order to make recommendations to the Director of I.T. in support of keeping the overarching in-house infrastructure up-to-date and cutting edge relative to evolving risks and technologies;
• Implementing and managing security monitoring systems to detect and respond to security incidents in real-time;
• Regularly auditing the businesses emails and cloud-based services, ensuring industry best practices surrounding data protections and cybersecurity measures are in place;
• Monitoring and analyzing all networks and computers/devices for unusual activity or suspicious behaviours and notifying the Director of I.T. of the same;
• Providing timely and accurate updates to the Director of I.T.

2. To provide high-level cybersecurity reporting and user support by:

• Maintaining accurate and up-to-date documentation related to security processes, incident response plans, and configurations;
• In collaboration with the Network Systems Administrator, proactively working to ensure all end user devices are kept up to date with the latest operating systems and security updates and overseeing the deployment of company-wide software and critical updates in support of security protections;
• Identifying and reporting any compliance failures to the Director of I.T. for immediate remediation;
• Conducting regular user competency testing related to cybersecurity compliance, for example by sending fake internal phishing emails, etc. to staff to determine end-user response and identify weaknesses related to individual data/system protection behaviours;
• Conducting cybersecurity awareness training for employees and providing guidance and expertise to educate staff on security best practices;
• Ensuring compliance with industry standards, regulations and best-practices;
• Conducting regular security audits of all user accounts to ensure staff compliance with regulations, standards and internal policy;
• Documenting incident details, root cause analysis and lessons learned for continuous improvement;
• Coordinating any government/regulatory body cybersecurity compliance reporting required of the organizations in accordance with applicable deadlines and requirements, and under the overarching directions of the Director of I.T..

3. Other job duties and special projects as may be assigned by the Business Manager, Director of I.T. and/or the Human Resources Department.

Job Requirements:

• Post-secondary education in Computer Engineering, Cybersecurity Engineering, or a related field;
• Certification/designation specific to cybersecurity credentials such as CISSP, CISM, CRISC, etc.;
• 5+ years experience in a comparable cybersecurity or digital threat assessment role;
• A strong technical background with direct experience in the protection of data and I.T. systems;
• Must have advanced security knowledge and experience with respect to enterprise architecture, network, infrastructure and other applications;
• Critical troubleshooting skills with experience in outage management and recovery;
• Proven experience in the design, implementation and support of network security solutions aligned with industry best practices;
• Ability to work in a hands-on capacity to diagnose and resolve complex technical issues;
• Solid understanding of networking, switches, VMware/ESXi Host Service Infrastructure;
• Extensive experience in Microsoft Servers, Active Directory, Azure Active Directory, and Office 365;
• Experience working with Cisco Firewall Switches, Wireless Access Points, and VPN;
• Experience working with Cisco Meraki dashboard, configuration of switches, firewalls, content filtering and threat protection, and wireless access points;
• Experience with both Microsoft and Apple systems;
• Proven ability to meet deadlines;
• Excellent written, oral and telephone communication skills;
• Able to communicate in user-friendly language to provide guidance to end-users on cybersecurity processes, procedures, and issues;
• Exceptional multi-tasking abilities and prioritization skills;
• A team player who is able to work effectively under pressure;
• A high level of confidentiality and professionalism at all times;
• Able to thrive in a fast-paced environment;
• Willing and able to travel between offices as needed;
• Must have a valid license and regular access to a vehicle.

Work Conditions:

• This is an in-person role with no remote work available;
• Manual dexterity required to operate computer and peripherals;
• Interacts with employees and various management levels.

If you are qualified and interested in this position, please submit your resume via email to the attention of Human Resources.

IUOE Local 793 welcomes applications from persons with disabilities and, in accordance with the Accessibility for Ontarians with Disabilities Act, 2005 (AODA), accommodations are available on request for those who require disability supports while taking part in all aspects of the selection process.

Job Type: Full-time

Benefits:

• Casual dress
• Company events
• Company pension
• Dental care
• Extended health care
• Life insurance
• On-site parking
• Paid time off
• Vision care

Schedule:

• Day shift
• Monday to Friday

Application question(s):

• This is an in-person role with no remote work available. Are you willing and able to come into the office everyday?

Experience:

• Cybersecurity: 5 years (preferred)

Licence/Certification:

• Cybersecurity designation (e.g. CISSP, CISM, etc.) (preferred)

Work Location: In person