Cybersecurity Analyst

Description:

Cybersecurity Analyst

HELP SHAPE THE FUTURE OF CANCER CARE IN CANADA 

The Canadian Cancer Society works tirelessly to save lives, improve lives and drive collective action against cancer. Together with patients, volunteers, donors and communities across the country, we raise funds to invest in transformative cancer research, we provide a caring support system for everyone affected by cancer and we advocate to governments to create a healthier future for all. It takes a society to take on cancer – and the Canadian Cancer Society is leading the way

MAKING AN IMPACT

Reporting to the Sr. Manager, Enterprise Infrastructure, Cloud and Security, the Cybersecurity Analyst is in charge of ensuring the cybersecurity posture of the Canadian Cancer Society (CCS) is comprehensive, up-to-date, robust, regularly tested, and monitored. In addition to supporting the Sr. Manager with security planning, this role requires a deep and broad technical background in configuring, implementing, managing and monitoring a wide range of cybersecurity solutions. This role sits within the Digital Strategy and Technology department and works closely with Infrastructure, Cloud, and external security partners.

Ensuring cybersecurity best practices are documented and followed, and CCS’s user community is well coached and provided with a robust cybersecurity awareness program, all while continually assessing and improving CCS’s nationwide cybersecurity posture, will be key to the success of this role.

What You’ll Be Doing

 Security Operations & Incident Response 

Maintain, update, test, and monitor security solutions, including daily checks and rapid action to security alerts 
Actively monitor and research cybersecurity threats and take appropriate remedial action 
Maintain and update IT security policies, documentation, and best practices 
Actively review cybersecurity incidents, tickets, and tools to identify and mitigate trends and threats 
Participate in vulnerability management process 

 Security Governance & Awareness 

Maintain and improve an organization-wide cybersecurity awareness program with measurable KPIs 
Produce ongoing security reporting including KPI benchmarks, threat assessment and remediation measures taken 
Regularly stay informed of emerging threats, discovered vulnerabilities, and advancements in threat detection, mitigation, and defence, and proactively communicate these developments to ensure the organization adapts to the evolving threat environment 

Advisory, Support (tier 2-3) & Continuous Improvement 

Provide advanced technical investigation, escalation handling, and resolution for cybersecurity related incidents and tickets, ensuring timely remediation and alignment with security best practices 
Evaluate and assess potential new technology solutions for compliance with cybersecurity guidelines 
Collaborate with Digital Strategy and Technology teams to investigate and/or remediate cybersecurity vulnerabilities and incidents in a timely manner 
Actively monitor for cybersecurity incidents and threats, generate tickets for and contribute to remediation as required 
Support end users on their daily Cybersecurity request including evaluating anew applications and provide feedback on user’s security scores and reports 
Contribute to our culture of diversity, inclusion, belonging and equity (DIBE) by ensuring that all staff feel represented, valued, and heard across all aspects of their identity, including gender, age, religion, ethnicity, nationality, race, and sexuality.
Other duties as assigned

Qualifications

A technology university degree (bachelor) with equivalent experience or an equivalent combination of education, training and experience or equivalent professional valid certificate. 
Minimum of 3 years of experience in developing, implementing, managing, and monitoring IT security solutions in a complex, geographically distributed environment.   
Broad and deep knowledge of various Cisco, Microsoft, Meraki and Fortinet products and solutions, including Firewalls, email content and spam filtering, DNS filtering, secure authentication and remote access solutions (VPN, SSO, and MFA), endpoint patch management, EDR/XDR, SIEM, SOC, DMZs, pen tests, vulnerability assessments and securing O365 internally and externally. 
Exposure to and knowledge of; IT security solutions, concepts, and trends including IPS/IDS, NAC, incident response plan development, endpoint encryption, cloud security, CASB, ethical hacking and mobile device security solutions. 
Exposure to and knowledge of; cybersecurity solutions, concepts, and trends including IPS/IDS, NAC, incident response plan development, endpoint encryption, cloud security, CASB, ethical hacking and mobile device security solutions. 
Significant knowledge of; Microsoft products and platforms including Active Directory, Azure and Office 365, Exchange Online, Windows Server, WSUS, Hypervisors, monitoring software, VLANs, Cisco products and services, PowerShell, and backup and recovery technologies.   
Nice to have software coding experience, knowledge of coding structures and query languages (SQL, KQL) and exposure to automation tools like Power Automate as well as reporting tools such as Power BI. 
Results-oriented with proven critical, evaluative, problem-solving and strong follow-through abilities. 
Proven ability to set priorities, complete work with minimal supervision, meet deadlines, adhere to CCS procedures consistently and accurately.   
ITIL Service Delivery qualification is desirable.   
Knowledge and experience with compliance of regulations such as PCI-DSS,PHIPA, and PIPEDA is desirable. 
Excellent customer service and people skills 
Strong critical skills with keen attention to detail 
Ability to handle sensitive information with compliance to privacy and high ethical standards 
Excellent communication skills, exceling at clear, concise writing across various formats, adapting style for both technical and non-technical audiences 
Highly comfortableworking in a team-oriented environment 
Willing and able to periodically work outside of regular hours, including checking notifications during weekends and holidays (This role participates in an on-call rotation and may require after-hours work during security incidents or critical maintenance.) 
Bilingualism (French/English) is highly preferred, with French being an asset due to the organization’s nationwide operations and the need for effective communication across various regions.
Others may apply