Information Security Analyst

FSET is currently seeking an experienced Information Security Analyst to join our team. As an Information Security Analyst, you will be responsible for developing, implementing, and maintaining the company's Information Security program. You will play a crucial role in identifying security risks and developing strategies to mitigate these risks. Additionally, you will be responsible for monitoring and analyzing security logs, conducting vulnerability assessments, and responding to security incidents. The ideal candidate will have a strong understanding of Information Security principles and best practices, as well as experience with security frameworks and regulatory compliance requirements.

Requirements

RESPONSIBILITIES

1. ISO 27001 Compliance Management:

• Lead the oversight and management of FSET's ISO 27001 Information Security Management System (ISMS).
• Conduct routine risk assessments, vulnerability analyses, and gap assessments to identify and mitigate potential security risks.
• Sustain security controls in alignment with ITSG-33 and ISO 27001 standards.
• Develop, review, and update Information Security policies, procedures, and guidelines to ensure alignment with ISO 27001 requirements.

2. Security Policy Development and Documentation:

• Contribute to the development, review, and enforcement of Information Security policies and procedures.
• Collaborate with stakeholders to communicate and enforce security policies across FSET.

3. Risk Assessment and Incident Response Management:

• Conduct risk assessments to identify, prioritize, and mitigate potential security risks.
• Maintain our incident response plan to efficiently address and resolve security incidents.
• Work with stakeholders to implement security controls and measures to reduce overall risk.
• Coordinate with relevant teams to investigate and respond to security incidents, ensuring a prompt and thorough resolution.

4. Security Awareness and Training:

• Manage our security awareness delivery platform and conduct regular training sessions for FSET employees, fostering a culture of security within the organization.
• Provide guidance and support to staff on security best practices.

5. Continuous Improvement:

• Proactively identify opportunities for improvement in FSET's security posture.
• Lead initiatives to enhance security processes and technologies in line with evolving threats and industry best practices.

6. Security Audits and Compliance:

• Plan, execute, and participate in internal and external security audits to evaluate compliance with ISO 27001 standards and other relevant regulations, standards, and frameworks.
• Collaborate with external auditors during certification audits.
• Manage the resolution of any Non-Conformances that may arise from Internal or External Audits.
• Develop and implement the company's Information Security program, including policies, procedures, and controls.
• Conduct risk assessments and vulnerability assessments to identify and mitigate security risks.
• Monitor and analyze security logs to detect and respond to security incidents.
• Stay up-to-date with the latest security threats, trends, and technologies.
• Collaborate with cross-functional teams to ensure security best practices are implemented.
• Provide guidance and support to employees regarding Information Security policies and procedures.
• Assist with regulatory compliance efforts, including conducting audits and assessments.
• Participate in incident response activities and perform forensic investigations when necessary.
• Document and maintain security-related documentation, such as security incident reports and risk assessments.
• Conduct security awareness training for employees.

QUALIFICATIONS & SKILLS

• Bachelor's degree in Computer Science, Information Security, or a related field.
• Professional certifications, such as CISSP, CISM, or CISA, are highly desired.
• Minimum of 3 years of experience in Information Security, preferably in a corporate environment.
• Strong understanding of Information Security principles and best practices.
• Experience with security frameworks, such as ISO 27001 or NIST Cybersecurity Framework.
• Knowledge of regulatory compliance requirements, such as GDPR or CCPA.
• Experience with security tools and technologies, such as SIEM, IDS/IPS, and vulnerability scanners.
• Strong analytical and problem-solving skills.
• Excellent communication and interpersonal skills.
• Ability to work independently and as part of a team.
• Strong attention to detail and organizational skills.
• Ability to prioritize and manage multiple tasks and projects.
• Flexibility to adapt to changing priorities and deadlines.
• Experience with incident response and forensic investigations.

Benefits

• Dental care
• Disability insurance
• Employee Assistance Program (EAP)
• Extended health care
• Life insurance
• Paid time off
• RRSP match
• Vision care

Language Requirement:

Native/Fluent English
French not required but considered an asset.

Schedule:

• 4 DAY WORK WEEK PILOT*
• 8 Hour Day Shift
• Rotational On Call

• https://www.newswire.ca/news-releases/canadian-it-...
• https://fset.inc/canadian-it-company-fset-moving-t..