Information Security Analyst

Agilus Work Solutions • Toronto, Ontario, Canada • 11h ago

About the Company - Agilus client is a leader in the insurance industry and is currently adding an Information Security Analyst to their team.

About the Role - In this role, you will be part of the first line of cyber defense team, working with IT and business partners to help them understand and manage information security risks and comply with the organizational information security policies. The role also supports the delivery of analysis-based cyber security services including a security assurance assessment, responding to security inquiries from stakeholders and clients, assessing security controls, and more.

Responsibilities -

Focused on providing information security consultation to business and IT stakeholders.
Provide security consultations on security requirements in contracts and engage with Legal and Business teams to assist with negotiating client contracts and response to client RFPs.
Provide expert security guidance to implement appropriate controls in projects and initiatives. Ensure the safeguarding and protection of our clients confidential information, preventing accidental disclosure, modification, or destruction, and enhancing the organization's overall security posture.
Conducting information security risk assessments (e.g. threat risk assessment) as needed.
Research evolving threats and provide recommendations.
Develops and conducts vulnerability assessments, and documenting findings in reports.
Strong desire to work collaboratively in an unconventional and non/linear way to problem solve unique solutions.
Be customer focused and delivery oriented to drive change in ambiguous situations.
Work proactively with internal clients to understand their needs and deliver creative solutions.
Strive for continuous learning and can influence others.
Review vulnerability reports to identify security weaknesses on systems and help stakeholders prioritize their remediation based on risk. Examples of these types of reports include:
Static Application Security Testing (SAST)
Dynamic Application Security Testing (DAST)
Interactive Application Security Testing (IAST)
Software Composition Analysis (SCA)
Penetration Testing
Infrastructure and endpoint Vulnerability Testing

Qualifications -

Post-secondary degree in Business, Technology or related discipline or an equivalent combination of education and related experience.
At least 7 years of experience in Information Security and/or Information Technology (IT), with a focus on Information Security Risk Management.
Preferred professional designations include CISSP, CCSP, CISM, CISA, and other similar certifications.
Proven experience in interpreting and consulting on Information Security and IT principles, protocols, practices, and industry standards.
Extensive knowledge of security assessments, including understanding various attack/threat vectors and determining corresponding security controls to mitigate risks.
Strong technical background with exposure to multiple aspects of information technology, such as networks, servers, application development, architecture, storage, and cloud technologies.
In-depth understanding of existing and emerging Information Security technologies, which relate to encryption, network/web application firewalls, IDS/IPS, advanced malware protection, DDoS, DLP, and SIEM.
Strong knowledge of cloud security and cloud-based technologies, particularly AWS and Azure.
Familiarity with IT control frameworks such as SOC, ISO 27001, and the NIST Cybersecurity Framework.
Working knowledge of IT audit and testing processes.
Strong presentation and data visualization skills using Power Point, Power BI etc. at minimum.
A proactive self-starter who excels with minimal supervision, possesses strategic thinking abilities, and is skilled in negotiation and consensus building.