Position Title: Senior Information Security Analyst
Position Type: Regular - Full-Time
Position Location: Toronto HQ
Requisition ID: 4865
Reporting to the Manager of Information Security, the Senior Information Security Analyst is responsible for leading and developing McCain’s vulnerability and threat management practices, assessing cyber risk utilizing current corporate processes, ensuring compliance of current standards and policies, and recommending and design of mitigating security controls. The Security Analyst must work with business partners as well as IT professionals in evaluating Information Security risks and implementing security controls across the organization.
JOB RESPONSIBILITIES: Leading McCain’s threat and vulnerability practices by managing operational activities and maturing current practices. Developing and operationalizing a Cyber Penetration Testing program. Assessing risk to corporate information and technology utilizing developed risk assessment/threat analysis methodology, and reporting on risks through management reports, dashboard and scorecards. Proven ability to drive and align risk remediation decisions and where applicable, assist with remediation through policy/standard/procedure development and logical protective/detective control design. Driving improvements on current risk assessment methodologies and implementing new methodologies as required. Assist in building, aligning, and implementing of an Enterprise Security Architecture program. Providing input and guidance to McCain’s Information Security awareness training framework and communication plan. Assisting with the development and operationalizing of a review process to ensure compliance to policies and standards. Assisting with strategical, tactical planning, including metric and reporting development.
KEY QUALIFICATION & EXPERIENCES: Minimum of ten (10) years of experience in information technology with at least seven (7) years of experience in a security analyst role, which includes experience in vulnerability management and scanning tools, plus at least one of the following disciplines: (1) Threat and Vulnerability Management practices (2) Performing risk assessments/analysis of IT internal controls or IT processes, (3) Enterprise Security Architecture Relevant industry certifications from organizations such as ISC2, ISACA, or SANS will be considered strong assets. Knowledge and experience in using ISO 27000, NIST, and other applicable security frameworks. Knowledge of network-based services, client/server applications, mobile applications, enterprise systems and infrastructure, network architecture, and security infrastructure. Understanding of security controls such as firewalls, proxies, SIEM, antivirus, encryption, identity and Access Management, Vulnerability Scanning and/or Intrusion Prevention Systems. Familiarity with GDPR considered an asset Knowledge or familiarity with manufacturing automation systems considered a strong asset