This position is part of the Technology Infrastructure and Operations (TI&O) Group within Canada IT, reporting to the Senior Manager of IT Security and Risk Management. The Analyst position will be actively involved in security management, operational security and disaster recovery coordination. Role Summary Information Security ManagementAssist with information security activities that support the Canadian Firm’s information security program. · Ensure that the rules of use for information systems comply with the firm's information security policies.· Ensure that the administrative procedures for information systems comply with the firm's information security policies.· Ensure that vulnerability assessments are performed to evaluate effectiveness of existing controls.· Ensure that non-compliance issues and other variances are resolved in a timely manner.· Work with the Firm’s Global IT Security Group to ensure Canadian Firm security policies comply with global standards.· Provide IT Audit services through the entire Systems Development Life Cycle.· Produce security reports and metrics as required in a timely manger.· Assist with the operations and management of the firm’s Computer Security Incident Response Program (CSIRP).· Provide security guidance into the design and architecture of technology solutions.· Conduct Threat Risk Assessments as required.· Promote security awareness within the firm. Disaster RecoveryAssist with the development, management and maintenance of the Disaster Recovery Plan (DRP) for the Canadian Firm. · Update and maintain the disaster recovery plan as per the approved DRP maintenance process.· Conduct periodic reviews of the disaster recovery infrastructure.· Conduct disaster recovery test on a regular basis.· Ensure any changes or amendments made to the DRP are fully tested.· Keep Canada IT personnel informed of any changes to the DRP in so far as they affect their duties and responsibilities.· Assist with the execution of recovery plans when a disaster is declared.· Promote an awareness of the Disaster Recovery function and direction to our customers. Qualifications:EducationDegree - BA/BSc. or equivalent industry experience CertificationsCISSP preferredCISA, CISM, GIAC or other security certifications are desirable Experience4 - 6 years practical experience implementing, securing and supporting data network services and Internet based solutions within a large professional organization is required.Proven ability to manage multiple, concurrent technology projects and initiatives Technical & Analytical· Experience conducting vulnerability assessments· Security architecture design review· Anti-Virus and Spyware remediation· Intrusion Detection Systems (IDS) and/or Intrusion Protection Systems (IPS)· Familiarity with URL filtering technologies· Strong knowledge of Microsoft Windows operating systems· Working knowledge of Sun Solaris· Knowledge of LAN and WAN topologies· Familiarity with ISO 17799 Communication· Excellent communication skills - verbal, written, and presentation. · Proven ability to effectively communicate with clients, technical staff, senior management and vendors.· Ability to express complex technical concepts effectively, both verbally and in writing. |
