IT Security Analyst

Please refer to the How to Apply for a Job (for External Candidates) job aid for instructions on how to apply.

If you are an active McGill employee (ie: currently in an active contract or position at McGill University), do not apply through this Career Site. Login to your McGill Workday account and apply to this posting using the Find Jobs report (type Find Jobs in the search bar).

Position Summary:

McGill University is seeking a Information Technology Security Analyst to advise on and implement IT security controls in the area of Advanced Research Computing (ARC) infrastructure.  The position is integrated within the Calcul Québec organization, and the incumbent will join a vibrant team of IT professionals across several Quebec institutions. The team collectively develops, operates, and secures the systems and services that are essential to the success of Canada’s research community. It works with leading edge technology and operates supercomputers that consistently reach the Top 500.

McGill is a founding member of Calcul Québec, a consortium of Québec Universities whose objective is to provide advanced research computing (ARC) to the research community including HPC data centres at the leading edge of technology and highly qualified IT experts.  More than 600 research groups take advantage of the resources made available to them by Calcul Québec to conduct research in various fields. Calcul Québec is a Regional Partner of the Digital Research Alliance of Canada (DRAC), the non-profit organization in charge of coordinating national Advanced Research Computing (ARC) efforts.

Reporting to the Associate Director of Operations, the IT Security Analyst will work on a day-to day basis under the direction of the Calcul Québec Chief Information Security Officer. The incumbent will be responsible for ensuring that ARC Infrastructure and related services have a level of security that is adapted and compatible with the security requirements and expectations of the CQ member universities. The analyst will coordinate and work with various stakeholders to identify their security needs and plan, design, and implement of information technology security strategic solutions, technology, processes and practices to better meet these needs.

Accountable for developing IT architecture standards, including the implementation of the security program. Provide technical expertise, problem resolution and mentoring to a team of technical professionals responsible for IT technical solutions and services. Candidate is accountable for the suitability, reliability, stability and availability of IT technical solutions and services in this particular area of responsibility. The candidate will also be involved in selected national security initiatives in her/his field of expertise.

 

Primary Responsibilities

• Participate in the development of the security roadmap. Partner with the security experts in the McGill University IT and at ARC national level to drive security strategy and direction.
• Recognize and identify potential areas where existing security policies and procedures require change, or where new ones need to be developed. Develop and implement strategies that balance security recommendations with business needs.
• Identify, quantify, and provide recommendations for mitigating security risks and manage implementation dependencies with the security policies.
• Produce executive reports, including appropriate metrics that inform senior leadership as to the state of information risk and exposure and compliance. Evaluate and recommend security software/hardware and its integration into existing architecture (proof of concepts). Provide information security subject matter expertise to technology teams and projects. Manage response to security incidents (e.g. data breaches). Aggregate, correlate and analyze data.
• Provide guidance and recommendations regarding cybersecurity to Senior Administration, researchers, and staff responsible for information assets, software, and information systems.
• Implement and monitor security policies to meet security objectives of the systems and services.
• Review systems security operations and maintenance activities for security compliance or deficiencies and participate in implementing remediation.
• Engineer, architect and implement information technology and security solutions/infrastructure. Scope, plan, develop and deliver technology components under own responsibility, which meets or exceeds quality standards in accordance with planned budget and schedule.
• Work with vendors’ technical support staff as needed.
• Lead the security incident response process and provide detailed retrospective analysis/report.
• Monitor for new security events and lead the response as required.
• Ensure all systems security operations and maintenance activities are properly documented and updated as necessary.
• Contribute to the development of security standards and norms to improve operations security.
• Mitigate or resolve vulnerabilities or risks and recommend security changes to system or system components as needed while managing the associated cybersecurity risks.
• Develop and provide training about security tools and processes.
• Perform forensic and investigation related activities.
• Attend operational and advisory committees and represent the unit at internal and external meetings.

Other Qualifying Skills and/or Abilities

• A minimum of three years of related experience.
• Expertise in the Linux environment.
• Expertise in security operations (for example backup, access control, auditing, AAA, etc.)
• Good knowledge of the various layers of the network and associated security technologies.
• Minimal programming capability (shell script, Python, C / C ++, etc.) for the development of security tools.  
• Knowledge and experience in the following areas are considered as assets:
  • Virtualized environments and cloud-like platforms.
  • Storage platforms and associated security techniques, data security, security operations and monitoring, forensic and security incident response.
  • High Performance Computing Concepts and understanding of services used in research activities.
• Security certifications are an asset: CISSP, CISM, CEH or CRISC, etc.

Other required skills:

• Excellent oral and written communication skills in both English and French.
• The ideal candidate will be a dynamic person, able to express leadership. 
• Demonstrated attention to detail in the level of work performed.
• Ability to work and communicate effectively with a distributed team in a collaborative environment across Quebec and Canada.
• Self-motivated, with strong organizational skills, able to effectively prioritize a wide range of responsibilities to effectively work with multiple concurrent tasks and priorities, so as to achieve successful outcomes and results. 
• Ability to work effectively and with little direct supervision to complete tasks.
• Able to work cooperatively with a diverse team of professionals, acting as a technical resource for others in the team, as well as to work together with other staff on projects of significant importance and value to the organization and to the clients we serve.
• Demonstrated ability to perform problem identification and perform issue resolution in a complex environment.
• Demonstrated aptitude for learning new technologies.

« Connaissance du français et de l'anglais: L'Université McGill est une université de langue anglaise où les tâches quotidiennes peuvent nécessiter une communication verbale et écrite en anglais.  Le niveau d’anglais requis pour ce poste a été déterminé comme étant de niveau #3 (qualificatif) sur une échelle de 0-4.»

“Knowledge of French and English: McGill University is an English-language university where day to day duties may require English communication both verbally and in writing. The level of English required for this position has been assessed at a level #3 (qualifier) on a scale of 0-4.”

Minimum Education and Experience:

Bachelor's Degree 3 Years Related Experience /

Annual Salary:

(MPEX Grade 05) $70,820.00 - $88,530.00 - $106,240.00

Job Profile:

MPEX-IST2I - IT Security - Professional 2

Hours per Week:

33.75 (Full time)

Supervisor:

Associate Director Operations

Position End Date (If applicable):

2026-12-31

Deadline to Apply:

2024-10-07

McGill University hires on the basis of merit and is strongly committed to equity and diversity within its community. We welcome applications from racialized persons/visible minorities, women, Indigenous persons, persons with disabilities, ethnic minorities, and persons of minority sexual orientations and gender identities, as well as from all qualified candidates with the skills and knowledge to productively engage with diverse communities. McGill implements an employment equity program and encourages members of designated groups to self-identify. Persons with disabilities who anticipate needing accommodations for any part of the application process may contact, in confidence, accessibilityrequest.hr@mcgill.ca.