Information Security Policy Analyst (03-1969)
Reporting to the Director of Information Security, the Information Security Policy Analyst performs two core functions for ALC. They are responsible for developing, interpreting, and driving adoption of Information Security policies, standards, and guidelines. Secondary tasks may include participation in the day-to-day monitoring of the in-place security solutions for the identification, investigation and resolution of security breaches identified by the security solutions.
Assist the Director of Information Security to maintain the integrity, confidentiality, and availability of information by designing, implementing, monitoring, and enforcing overall information security policies, processes, and guidelines.
Direct the development, implementation, communication, monitoring and maintenance of the Information Security guidelines, policies and procedures.
Drive consensus with various stakeholders to determine policy application and impact, establishing a balance of necessary security protection, business need, and culture.
Provide guidance and consulting assistance to management and staff, and project teams by recommending and enforcing security controls for new and existing technologies and applications.
Execute the key processes/functions that support delivery of the department's threat monitoring and response service.
Execute the key processes/functions that support delivery of the department's vulnerability monitoring and response service.
Execute the security review function, within Change Management, to ensure changes are not introducing unacceptable risks to ALC.
Service requests made for Information Security consulting. This will include such things as support to forensic investigations and ad-hoc requests for Information Security services.
Define, use, and continuously improve the processes and steps required for the consistent delivery of our Technology & Information Security services.
Collect and report on operational security metrics, and vulnerability management baselines.
Ensure Disaster Recovery Plans and practices are in accordance with security guidelines.
Provide on-call support for all in-place security solutions.
- University degree in Computer Information Systems, Computer Science or equivalent experience required.
- 5 years of practical working experience in a security position.
- Experience documenting security process, policies, standards and guidelines.
- Experience working in process oriented IT environments. Knowledge of the IT infrastructure library (ITIL) framework.
- Intrusion analysis experience.
- Security incident response experience.
- Experience in security risk evaluation and assessment of complex business systems.
- Experience working with security testing tools, methodologies and analysis.
- Experience working with IT security tools and technologies.
- Preferred but not required:
- Certified Information System Security Professional (CISSP)
- Certified Information System Auditor (CISA)
- Certified Information Security Manager (CISM)
- SANS GIAC certifications
Work With Us
There are many reasons why we choose to work at Atlantic Lottery (AL) and one of the most important is feeling a sense of belonging and pride in being part of a company that exists to make Atlantic Canada a better place. AL wants to give back by investing in you through career development and growth that enhances your skills and leaves you feeling energized to come to work each day. We believe our most important asset is our people and we want you to progress at the pace of your talent and to the degree of your commitment. Does this opportunity fit within your development interests?