Information Security Analyst
Description:
JOB PURPOSE
Reporting to the Information Security Officer, the Information Security Analyst will possess a strong background in managing infrastructure, coupled with significant experience and expertise in cybersecurity. This role will involve analyzing threats, implementing security controls, responding to incidents, and supporting cybersecurity initiatives and projects.
PRIMARY RESPONSIBILITIES
Oversee and create all Information Security-related tasks within CanDeal environments and new projects.
Conduct in-depth security assessments of infrastructure components to identify vulnerabilities, assess risks, and recommend mitigation strategies.
Monitor security alerts and events, investigate incidents, and lead incident response efforts to contain and remediate security breaches.
Provide level 3 support to the Security Operations teams, particularly in conducting investigations derived from threat intelligence.
Develop and implement security policies, standards, and procedures to ensure compliance with regulatory requirements and industry best practices.
Manage and maintain security technologies and tools, including firewalls, intrusion detection/prevention systems (IDS/IPS), antivirus, and endpoint security solutions.
Proficiency in conducting penetration tests, including planning, executing, and analyzing results to identify vulnerabilities and enhance security measures.
Collaborate with cross-functional teams to integrate security requirements into the design and deployment of IT systems and applications.
Provide guidance and support to IT teams on security-related matters, including security awareness training and adherence to security policies.
Stay abreast of the latest cybersecurity threats, trends, and technologies through continuous learning and participation in industry events and training programs.
Assist in the development and implementation of cybersecurity initiatives and projects to enhance the organization's security posture.
Read, analyze, and design process and procedure, also, be able to identify enhancements opportunities, prepare supporting data and present to management for approval.
Conducting audit meetings, summarizing the discussions, defining action items, and follow up until completion.
Participate in on-call rotation to provide after-hours support for security incidents and emergencies.
QUALIFICATIONS
Education & Experience
Bachelor’s degree in computer science, technology or related field is required.
Certification(s) in cybersecurity (e.g. CISSP, CCSP, CySA+, GSEC, OSCP, AWS Security Specialty, Azure Security Engineer) preferred.
Minimum of four (4) years of experience in IT security-related projects, including working with security controls and processes, with a preference for experience in the financial services industry.
Knowledge, Skills & Abilities
Demonstrated proficiency in technology troubleshooting and exceptional analytical abilities, capable of thinking creatively to resolve issues.
Experience with security technologies and tools, such as firewalls, IDS/IPS, antivirus, and endpoint security solutions.
Strong technical knowledge of networking, operating systems, and cloud environments.
Robust experience in cloud security to enhance organization's resilience in an increasingly cloud-centric environment.
Familiarity with security frameworks and standards, including NIST Cybersecurity Framework and ISO 27001/27002.
Excellent verbal and written communication skills, with the ability to effectively clarify complex technical issues and concepts in a business-friendly manner to various audiences.
Strong organizational skills, with the abilities to manage multiple deliverables in a demanding, time-sensitive environment, adapt to frequently changing priorities by prioritizing tasks and escalate / communicate issues or seek assistance to overcome obstacles.
Ability to work effectively within a team, as well as independently.
Key Qualities for Success
Have a deep interest in computing and cybersecurity.
Self-motivated and driven.
Highly attentive to detail and committed to quality.
Enthusiastic, service oriented.
DECISION MAKING
Recommends IT security tools to the ISO based on current industry knowledge and best practice and provides input to IT Security policies.
Collaborate with teams to align security measures with organizational goals and continuously improve security posture through proactive initiatives.