Sustainable Commodity Solutions For a World in Transition

Reporting to the Manager- IT Infrastructure, the Senior Information Security Analyst is responsible for ensuring technology controls are sufficiently protecting business risk, and overseeing security standards, policies, and procedures. He / She will be playing a key role in threat monitoring, security data analysis and maintenance of EDR platform, DLP, VPN, SIEM and other security tools/solutions as well as analysis and promotion of best practices around server/application security and system log management.

Responsibilities

1. Develop and maintain employee security training program.
2. Manage and Maintain Cyber Secure Canada Certification including its renewal.
3. Implement vulnerability management policies.
4. Select and advise on applicable security standards and appropriate security technology.
5. Evaluate new security products and services and advise on their suitability and feasibility to meet Targray requirements.
6. Interface with technology vendors, to ensure that Targray acquires products and services that protect the confidentiality, integrity, and availability of Targray informational assets.
7. Monitor and manage security events.
8. Analyze and respond to security incidents.
9. Follow on newly discovered risks and identify risk owners and risk remediation options.
10. Conduct Threat and Risk Assessments of technology systems that support business units operation.
11. Conduct risk assessments of 3rd party vendors and solutions.
12. Support the transition of projects from development to production.
13. Policy review, SOPs creation for various process related to information security.

Requirements

• University or college degree in Computer Science or IT Engineering with focus on information security.
• 7+ years of IT experience, with a minimum of 5 years are in information security.
• Good Knowledge on ISO 27001, NIST Framework and privacy regulations like PIPEDA GDPR
• Sound Understanding of M365 Security Compliance Centre like DLP Rules, Sensitivity Labels, and Safe Links/Safe Attachments
• Previous hands-on experience with seven or more of the following security domains:
  • Security Policies and Standards
  • Security Risk Management
  • Identity and Access Management
  • Privilege Access Management
  • Anti-Virus platform hardening
  • Database hardening
  • Network and Web Application Firewalls
  • Application security
  • Secure code development practices
  • Remote access security / security tokens / multi-factor authentication
  • Digital certificates
  • Vulnerability Management (networks scans and patching)
  • Intrusion Detection and Intrusion Prevention (IDS, IPS)
  • Logging and Monitoring
  • Encryption solutions and Key Management
  • File and system integrity monitoring
  • Web content filtering
  • Email security
  • Wi-Fi security
  • Mobile devices security
  • Security Incident Response

• Good written and oral communication is required to describe technical concepts to both technical and non-technical audiences that may include staff from: project teams, project managers, engineering, architecture, IT operations, security, finance, third party vendors and others.
• Work well under pressure and time constraints and can prioritize competing priorities appropriately.
• Can work independently with limited supervision and direction.
• Can support the business when security questions or issues arise.
• Experience with monitoring tools.

Assets

• CISSP, CCSP, CISA, CISM, ISO 27001, or similar certification
• Knowledge of leading security standards, with a focus on NIST Cybersecurity Framework, ISO27001, ISO27002
• Comfortable with the security concepts of cloud computing environments
• skills with programming languages such as PowerShell, Python.
• Knowledge of Fortinet ecosystem

Benefits

• A competitive remuneration plan and an excellent working environment in a growing multinational organization.
• Beautiful, spacious and modern workplace environment.
• Flexible work arrangement policy.
• Generous company-wide profit-sharing plan.
• Off-site Team Building and experiential development.
• Life Insurance and Accidental Insurance for Self.
• Free Medical Insurance for Self and Family.
• Weekly Team Lunches.
• Gym Benefits.
• Corporate Team Fun Activities.