Job Specifications
Job Title: Cybersecurity Analyst
Vacancies: This posting is for (1) current vacancy
Location: Toronto, ON | Vancouver, BC | Victoria, BC | Ottawa, ON | Calgary, AB | Halifax, NS | St John's, NL | Kelowna, BC| Prince George, BC | Montreal, QC (Detailed office location information can be found by visiting this link: https://cancer.ca/en/contact-us)
Work Model: Hybrid Work Model
Salary Band: 5 ($65,000 - $75,000 CAD)
HELP SHAPE THE FUTURE OF CANCER CARE IN CANADA
The Canadian Cancer Society works tirelessly to save lives, improve lives and drive collective action against cancer. Together with patients, volunteers, donors and communities across the country, we raise funds to invest in transformative cancer research, we provide a caring support system for everyone affected by cancer and we advocate to governments to create a healthier future for all. It takes a society to take on cancer – and the Canadian Cancer Society is leading the way
MAKING AN IMPACT
Reporting to the Sr. Manager, Enterprise Infrastructure, Cloud and Security, the Cybersecurity Analyst is in charge of ensuring the cybersecurity posture of the Canadian Cancer Society (CCS) is comprehensive, up-to-date, robust, regularly tested, and monitored. In addition to supporting the Sr. Manager with security planning, this role requires a deep and broad technical background in configuring, implementing, managing and monitoring a wide range of cybersecurity solutions. This role sits within the Digital Strategy and Technology department and works closely with Infrastructure, Cloud, and external security partners.
Ensuring cybersecurity best practices are documented and followed, and CCS’s user community is well coached and provided with a robust cybersecurity awareness program, all while continually assessing and improving CCS’s nationwide cybersecurity posture, will be key to the success of this role.
What You’ll Be Doing
Security Operations & Incident Response
Maintain, update, test, and monitor security solutions, including daily checks and rapid action to security alerts
Actively monitor and research cybersecurity threats and take appropriate remedial action
Maintain and update IT security policies, documentation, and best practices
Actively review cybersecurity incidents, tickets, and tools to identify and mitigate trends and threats
Participate in vulnerability management process
Security Governance & Awareness
Maintain and improve an organization-wide cybersecurity awareness program with measurable KPIs
Produce ongoing security reporting including KPI benchmarks, threat assessment and remediation measures taken
Regularly stay informed of emerging threats, discovered vulnerabilities, and advancements in threat detection, mitigation, and defence, and proactively communicate these developments to ensure the organization adapts to the evolving threat environment
Advisory, Support (tier 2-3) & Continuous Improvement
Provide advanced technical investigation, escalation handling, and resolution for cybersecurity related incidents and tickets, ensuring timely remediation and alignment with security best practices
Evaluate and assess potential new technology solutions for compliance with cybersecurity guidelines
Collaborate with Digital Strategy and Technology teams to investigate and/or remediate cybersecurity vulnerabilities and incidents in a timely manner
Actively monitor for cybersecurity incidents and threats, generate tickets for and contribute to remediation as required
Support end users on their daily Cybersecurity request including evaluating anew applications and provide feedback on user’s security scores and reports
Contribute to our culture of diversity, inclusion, belonging and equity (DIBE) by ensuring that all staff feel represented, valued, and heard across all aspects of their identity, including gender, age, religion, ethnicity, nationality, race, and sexuality.
Other duties as assigned
Qualifications
A technology university degree (bachelor) with equivalent experience or an equivalent combination of education, training and experience or equivalent professional valid certificate.
Minimum of 3 years of experience in developing, implementing, managing, and monitoring IT security solutions in a complex, geographically distributed environment.
Broad and deep knowledge of various Cisco, Microsoft, Meraki and Fortinet products and solutions, including Firewalls, email content and spam filtering, DNS filtering, secure authentication and remote access solutions (VPN, SSO, and MFA), endpoint patch management, EDR/XDR, SIEM, SOC, DMZs, pen tests, vulnerability assessments and securing O365 internally and externally.
Exposure to and knowledge of; IT security solutions, concepts, and trends including IPS/IDS, NAC, incident response plan development, endpoint encryption, cloud security, CASB, ethical hacking and mobile device security solutions.
Exposure to and knowledge of; cybersecurity solutions, concepts, and trends including I