Information Security Analyst

Twitter Facebook
Apply
Location
Toronto, ON
Salary
$60,000 - $90,000
Job Type
Direct Hire
Date
Aug 28, 2018
Job ID
2622446
The Information Security Analyst reports to the Manager, Security for this Credit Card / Payments firm.  The position is responsible for ensuring that G+D Canada (Markham and Dorval locations) is in compliance with all applicable industry, client and company Information Security requirements, policies and procedures.  The Information Security Analyst will work collaboratively with other members of the local Security department, with all other colleagues at G+D Canada and with colleagues in the Americas region and Munich head office.
 
Primary Responsibilities
  • The Information Security Analyst will perform Risk Assessments as required for existing lines of business, new products and services and when required for special projects.  The Information Security Analyst serves as a local Information Security Subject Matter Expert (SME) and consultant to the business.
  • Perform internal Information Security audits utilizing G&D’s assessment and risk reporting methodology.  In a collaborative manner assist the managers and supervisors of affected departments regarding security concerns and opportunities for continual improvement.
  • Coordinate external audits including the completion of security questionnaires and related pre-audit and post-audit activities.  Manage the maintenance of facility security certifications and related compliance and governance activities. Maintain G&D Canada’s Security Risk Register, tracking security requirements and nonconformance’s while working with the appropriate stakeholders to track progress and close audit findings.
  • Monitor the output of SIEM and DLP systems and develop local reports as necessary to keep management apprised of information security threats and active attacks, incident response and follow-up activities.  Provide constructive feedback to the global SIEM team to support their efforts in producing effective and accurate alerting and reporting.
  • Ensure that the company’s Information Security controls are relevant, properly documented and maintained for ongoing recertification and governance activities with a primary focus on Payment Card Industry (PCI) Card Production and Provisioning Logical Security Requirements, G+D guidelines and policies and the security requirements of G&D’s clients.   Ensure the business maintains appropriate, demonstrable, auditable and coordinated security procedures and practices that are compliant with related laws, regulations, policies and professional standards. 
  • Perform Information Security investigations as required.  Serve as primary Information Security Investigator. Assist local Head of Security and other management in performing internal investigations pertaining to discrepancies and other breaches of security, including identifying root causes, necessary remediation and any other opportunities for improvement.
  • Maintain and administer the Physical Access Control System, CCTV and DVR / NVR systems ensuring that the systems are functional and patched. Update / create documented procedures for the infrastructure as required in order to support compliance requirements and end users.

Secondary Responsibilities
 
  • Perform internal network vulnerability scanning, including wireless scanning in accordance with payment industry and G&D requirements. 
  •  Monitor and review firewall configurations to ensure ongoing compliance with network architecture and change management security requirements.
  • Actively contribute to the preparation and delivery of Security and Privacy Awareness Training and other Security related communication and awareness programs.
 
 
Qualifications, Experience and Educational Requirements
  • One or more relevant industry certifications – e.g. CISSP, CISA, CISM, CRISC, CEH. 
  • Minimum 2 yrs. post-secondary education (e.g. Community College) in the field of Information Technology or Information Security and/or 5 years’ experience in an Information Security role. 
  • Experience in the administration of Information Technology infrastructure such as servers and firewalls
  • Strong Microsoft Office skills including Excel, Word, PowerPoint and Visio
  • Strong English communication skills required (written and verbal) with French an asset