Information Security Analyst
- Ontario Securities Commission
- Toronto, Ontario, Canada
- Job ID : 30125
- Category : Information Technology
- Job Type : Full-Time
- Salary : $ Annually
- Anticipated Start Date : As soon as possible
- Posting Date : 31 Aug 2021
- Expiry Date : 30 Sep 2021
Information Security Office
Grow your career and make a difference working at the OSC!
The Ontario Securities Commission (OSC) is the statutory body responsible for regulating Ontario’s capital markets in accordance with the mandate established in the provincial Securities Act and the Commodity Futures Act. The mandate of the OSC is to provide protection to investors from unfair, improper or fraudulent practices, to foster fair, efficient and competitive capital markets and confidence in the capital markets, to foster capital formation, and to contribute to the stability of the financial system and the reduction of systemic risk. This mandate is performed through policy, operational, adjudication and enforcement work. The OSC also contributes to national and global securities regulation development.
We offer a diverse, fair and flexible work environment and take pride in our challenging and rewarding work.
The Information Security Office is responsible for the design, implementation and ongoing maintenance of the OSC’s information security program to achieve and sustain the organization’s security posture.
The Information Security Analyst will design and implement security systems to protect the OSC’s computer networks and systems from cyber-attacks, and help set and maintain security standards. They will monitor networks and systems, detect security threats ('events'), analyze, and assess alarms, and report on threats, intrusion attempts and false alarms, either resolving them or escalating them, depending on the severity. This role supports the Chief Information Security Officer in performing operational work required to implement the OSC Information Security Program.
What will you do?
- Work collaboratively with OSC staff and stakeholders to proactively identify system vulnerabilities, using advanced analytical tools, and investigate unauthorized security activity/breaches. Provide appropriate recommendations to respond to, and manage, issues.
- Develop and maintain security standards/procedures documentation for security systems, applications and recovery plans through the monitoring of industry developments.
- Work closely with Information Services, leading and overseeing projects to implement new information security systems and upgrades.
- Assist with the creation, maintenance, and delivery of information security awareness training campaigns.
- Work closely with the Chief Information Security Officer on the procurement process to evaluate vendors and assess products based on defined requirements.
- Test and evaluate new security products for alignment with the OSC ecosystem to make recommendations to the Chief Information Security Officer.
- Maintain an information security risk register, produce qualitative reports and assist with information security audits.
What do you need to be successful in this role?
- A relevant degree in Computer Science or a comparable field of study, or a certificate in Information Technology, or equivalent.
- Industry certifications such as CISSP, GISP, or GIAC are preferred.
- A minimum of 5 years of relevant experience in IT.
- Strong knowledge of technology and security topics, including network and application security, infrastructure hardening, security baselines, web server, and database security.
- Solid understanding of general networking principles and common protocols.
- Familiarity with the ISO/IEC 27000 family of standards for Information Security Management, the NIST series of standards related to Information Security and Risk Management, and other best practices for information security.
- Good working knowledge of various security technologies such as network and application firewalls, segmentation, policy management, proxies, web filtering, SIEM, end point protection, secure remote access solutions (VPN, SSO & MFA), anti-virus and security operations.
- Experience in vulnerability assessment scanning, secure code and infrastructure security reviews for internal and external facing (web) applications.
- Experience in implementing information security systems, system development lifecycles (SDLC) and embedding security assurance into the planning, implementation, testing and deployment of solutions.
- Experience with cloud security & integration (preferably Azure Cloud).
- Familiarity with Microsoft 365 Security Stack set of products.
- Familiarity with ITIL Change and Release Management process.
- Analytical and problem-solving skills to identify and assess risks, threats, patterns and trends.
- Strong oral and written communication skills.
- Integrity and a passionate commitment to IT security as a profession.
How to be considered for this opportunity:
Apply online (https://www.osc.ca/en/about-us/careers-osc) by Friday, September 3, 2021.
We thank all applicants for their interest in the Ontario Securities Commission. We will contact those selected for an interview.
The OSC is committed to diversity and providing an inclusive workplace. It is our priority to ensure employment opportunities are visible and barrier-free to all under-represented groups, including, but not limited to, Indigenous, Black and racialized groups, people with disabilities, women and people from the LGBTQ2S community, to achieve an employee demographic profile reflective of the demographic profile of Ontarians.
The OSC is a proud partner with the following organizations: BlackNorth Initiative < https://blacknorth.ca/ >, Canadian Centre for Diversity and Inclusion < https://ccdi.ca/ >, and Pride at Work Canada < https://prideatwork.ca/ >.
If you require an accommodation during the recruitment process, please let us know by contacting our confidential inbox HRRecruitment@osc.gov.on.ca. Visit Accessibility at the OSC < https://www.osc.ca/en/accessibility-osc >to review the OSC’s policies on accessibility and accommodation in the workplace.
How to Apply
No views yet