Job Description: SeniorCybersecurity Analyst

THE ROLE

Weare seeking a motivated SeniorCybersecurity Analyst with expertise in multiple cloud platforms, solidsecurity acumen, proficiency in operational excellence, and a proven background of improving an organization's security posture and operational efficiency while contributing to the evolution of business capabilities.

Reporting directly to the Director, Technology & Security Operations, the Senior Cybersecurity Analyst will interact with business leaders and teams to ensure security best practices are embedded within all business solutions.

This role is based in downtown Torontounder a hybrid work policy,allowing employees the flexibility to work remotely and in-office (approximately two days per week in-office).

KEY ACCOUNTABILITIES:

The Senior Cybersecurity Analyst will need to perform a variety of cybersecurity responsibilities including but not limited to the following:

• Provide both cyber and information security consulting to business partnersand deliver robustsecurity solutions
• Define, verify and monitor the configuration and rollout of Data Loss Prevention controlsand monitoring
• Define and conduct security assessments to test the effectiveness of security controls for continuously improvement of the organization's security risk profile
• Influence behaviour to reduce organizational risk, foster a strong securityand risk management culture
• Identify and recommendpotential areas where existing data security policiesand procedures require change, or where a supplement is required to mitigate key security risks
• Evolve the development of Threat Risk Assessments (TRA)for managing securityrisks by validating the needed safeguards
• Create and maintaindata security documentation, repository of operational controls, IT standards and procedures
• Provide governance oversight and accountability for activities managed by third party providers
• Work with businesspartners to providesecurity requirements for new projectinitiatives
• Serve as subjectmatter expert with level 2 support for analysis of security breachesto identify the root cause and provide solutions
• Drive incident resolution as Incident Manager in a rotational schedule for major incidents for critical systems running 24x7
• Identificationof gaps that are causingreoccurring issues and adviseon procedures or tools to solve them
• Lead the definingof and promote standards for encrypting data at rest and in transit
• Accountable for the design and execution of vulnerability assessments, patch management, penetration tests, and security audits
• Consult on regulatory compliance requirements, reporting and questions
• Document and share operational details with team members as new security controls or capabilities are implemented

QUALIFICATIONS & EXPERIENCE

• 5+ years of cybersecurity experience in a fast paced and growing organization
• Demonstrated ability to participate in medium to complex security related projects and help drive security projects through to completion meeting project timelines
• Demonstrated ability to own the execution of the incident management process and drive incident resolution with internal and external stakeholders
• Undergraduate degreein Information Technology
• CCSK, CISA, or GICSP Security Certification is an asset
• Experience collaborating across various business units to ensure that information security requirements are included in contracts by liaising with vendor compliance and finance/procurement teams
• Solid/Sound Knowledge in cyber security, firewalls, zero trust networksecurity, DLP, and application security
• Advanced knowledge of security frameworks and regulatory requirements CSA, NIST, CIS, GDPR, OWASP, etc.
• Solid experience definingand tuning O365 security controlsusing Intune policies, Defender ATP, and Sentinel SIEM
• Experience with developing XDR, SOAR and security automation policies
• Experience with securitycontrols for workloadshosted on GCP cloud platform
• Continuously researches emergingtopics to stay up to date with information securitybest practices, concepts, and protocols
• Developed and maintained security incident responseplans and conducted tabletop exercises
• Proven experience estimating duration of initiatives

ATTRIBUTES:

• High degreeof initiative and dependability with the abilityto work with little supervision
• Excellent writtenand verbal communications
• Ability to design and execute repeatable processes
• Ability to organize and driveresults from different contributors
• Pro-active problemsolver
• Strong analyticskills
• Self-motivated with a hands-on attitude
• Strong commitment to innovation and continuous improvement
• Ability to effectively identifyemerging technologies, trends, threats, standards, and products that have a

strong potential to improve the organization's security posture