Information Security Analyst

IKO Industries Ltd. is a market leader in the manufacturing of roofing and building materials. IKO is a Canadian owned and operated business with production facilities worldwide and has many years of unparalleled success in the roofing materials industry. Quality, integrity, and trustworthiness are the values that underlie this success, and we have built this company by hiring people who hold these values. People like you!
 

Job Description

Reporting to the Senior Manager, Information Security, we are currently looking for a passionate, inquisitive, detail oriented and customer focused Information Security Analyst to join our growing team. The Information Security analyst role supports existing infrastructure and applications portfolios and also works directly with key IT leads on new initiatives and project requests. This role is based fully onsite at our Mississauga, ON office location.

Benefits

• Health Insurance (includes Virtual Health, and HCSA)
• Dental Insurance
• Vision Insurance
• Life Insurance
• Long-term Disability
• Short-term Disability
• RRSP Match
• Paid Vacation
• Floating Days
• Employee Assistance Program
• Employee Engagement Events
• Awards and Recognition
• Tuition reimbursement
• Service Awards
• Employee Perks & Discounts

Job Responsibilities

• Provide day to day review analysis of the perimeter IT network trying to determine unauthorized access attempts, probes, pre-attack information gathering, network mapping and monitoring mail for unauthorized data extraction.
• Review server and network security logs for inappropriate activity/incidents such as large amounts of unauthorized data being moved or transferred or unauthorized access to financial or Executive data including emails.
• Participate in Business and IT initiated projects. Ensure that security requirements for the projects are defined and captured. Catalogue all security risks within projects, including those created within the proposed solutions.
• Manage or co-manage IT Security Operations.
• Provide security architecture expertise to the projects
• Participate in the ongoing development of Security Policy, Procedures and Guidelines.
• The incumbent must possess a strong client service orientation and a desire to help the business meet their objectives.

Specific Accountabilities

• Research the latest information technology (IT) security trends
• Communicate impact of security risks to IT and Business stakeholders
• Develop and refine security processes, standards, and best practices for IKO
• Recommend security enhancements to management or senior IT staff
• Review projects for security gaps and recommend potential remediations
• Perform day-to-day troubleshooting and support of in house built and procured production systems
• Develop/update materials for training end/key users; i.e. appropriate system process documentation, procedures and / or work instructions
• Identify continuous improvement opportunities
• Interact with vendors and review their products/ solutions for security effectiveness
• Liaise with internal/ external auditors to address security gaps and work with IT/ business owners to close gaps
• Coordinating and reviewing Disaster Recovery tests and scenarios
• Developing and maintaining Business Continuity Planning
• Provide security scans of internal computer networks to search for unauthorized devices, detect suspicious activity, such as inappropriate printing of files from key IT systems.
• Provide scans to detect the emailing of large attachments to personal email accounts, inappropriate employee communication with suspicious persons, suspicious clearing of system audit logs, information leaks, IT sabotage-specific detection and to identify inappropriate access or transmission of sensitive data or use and presence of hacking tools.
• Support the preparation of incident response plans
• Review and recommend approval for sustainment adjustments as a result of remedial actions for risk reduction
• Remain operationally current for all key and critical IT systems and networks to ensure investigations are necessary, core operational competencies and skills will improve and ensure that the full range of potential root causes are explored without putting at risk the continued operation of the system or network.
• Conduct complex and technical IT investigations and address general queries regarding recovery, authentication, and analysis of electronic data when an investigation involves issues relating to reconstruction of computer usage, examination of residual data, and authentication of data by technical analysis.
• Conduct IT security threat and risk assessments related to key and critical IT systems and networks as it relates to internal or external threats.
• Complete detailed investigative reports outlining the key elements, evidence collected, findings and recommendations regarding IT security investigations.
• Aid physical security relating to Cyber asset security by identifying critical cyber related devices and determine IT system relevance.
• Conduct IT Data and Cyber Security awareness programs through presentation and education.
• Provide support to project and compliance teams with regards to Cyber Security related tasks and activities.
• Perform other related duties as assigned

Qualifications

• 5-8 years in a Cyber Defense Operations / SOC team
• 5-8 years’ experience with SIEM/Logging technologies (IBM QRadar, ArcSight, Splunk, Elasticsearch, etc)
• 5-8 years’ experience analyzing vulnerability data, running VA scans (Nessus, Qualys, IP360, etc) and managing findings using a risk-based approach
• 5-8 years’ experience working hands-on with Offensive Security tools (Metasploit, Burp Professional, Kali Linux, Nmap, crackmapexec, Bloodhound, Responder, PowerShell Empire, etc.)
• 5-8 years’ experience working hands-on with IPS and APT prevention technologies in an administrative capacity (Tipping Point, Deep Discovery, Carbon Black, Crowdstrike, Checkpoint, Palo Alto, FireEye, Lastline, etc)
• 5-8 years’ experience in a Cyber Security Incident Response, Analysis & Triage related role
• CISSP certification considered an asset
• Strong analytical and communication skills are required
• Knowledge of PCI and ISO27000 standards
• Experience in policy exceptions, including working directly with the teams to document exceptions, identify compensating controls and remediation action plans.
• Ability to present complex information clearly and concisely to different levels and teams within the organization (written and verbal)
• Ability to document Information process flows and modelling
• Ability to handle multiple priorities; changing course and direction as needed
• Bachelor's Degree in Information Technology, Computer Science, or another business-related field is preferred.
• Must be able to travel freely across North America and Europe 

#LI-SM2

Benefits of Employment: IKO recognizes that its success is due to the strength of its employees. A primary goal of IKO is to promote individual employee's sense of accomplishment and contribution so that employees enjoy their association with IKO. The Company invests in its employees so that they are the most knowledgeable in the industry, and undertakes great efforts to nurture loyalty to, and teamwork at, IKO. We are pleased to offer competitive compensation, health care, a progressive and challenging workplace and a commitment to teamwork and integrity.
 

Diversity and Equal Opportunity Employment: IKO Industries Ltd. is an equal opportunity employer. We are committed to diversity and inclusion and are pleased to consider all qualified applicants for employment without consideration to race, religion, creed, color, national origin, age, gender, sexual orientation, marital status, veteran status or disability. IKO Industries Ltd. encourages and welcomes applications from people with disabilities. Accommodations are available on request for candidates taking part in all aspects of the selection process.