Information Technology Security Analyst

Synopsis of the role

As our IT Security Analyst, this role requires a motivated self-starter. Someone who has strong analytical and problem-solving skills, a deep understanding of risk and compliance management principles, excellent communication and report-writing abilities, and knowledge of industry-specific regulations, standards, and frameworks. You are passionate about security and believe in due diligence. Responsibilities include but are not limited to:

What you’ll do

• Proactively identify and address system, network, and data to prevent cyber-attacks.

• Assess and validate security controls, while suggesting compensating controls to address vulnerabilities and control gaps.

• Collaborate with stakeholders to remediate application and infrastructure vulnerabilities.

• Conduct vulnerability penetration tests and security controls risk assessments.

• Facilitate information gathering and reporting for Internal and External Audit functions.

• Providing recommendations to the Technology Information Security Officer on the risks posture that are related to the Equifax Canada environment.

• Partnering with Technology on security engagements by opening front door requests and collecting evidence for projects.

• Support evidence collection for various security compliance frameworks, including NIST, PCI-DSS, ISO 27001, and SOC assessments.

What experience you need

• Minimum 4+ years in security and 2+ years of experience with the Risk assessment, application security and cloud security.

• Good understanding of technical security controls, secure coding standards and Hands-on experience with cloud such as GCP and AWS.

• Strong understanding of PKI, encryption standards, Microservices architectures, Kubernetes security.

• Experience with ServiceNow, Jira, and/or other reporting platform tools including creating workflows, dashboard creation, and optimization.

• Pays attention to team needs and pivots his/ her approaches accordingly to support the delivery of business value.

• Expert in ability to communicate to advanced Technical teams as well as brief management on technical risks and issues

• Exposure to audits like PCI, SOC, ISO 27001 and familiarity with common security frameworks NIST, COBIT, ITIL, ISO

• Proactive, detail oriented and able to work independently and efficiently

What could set you apart

• Passionate about Cybersecurity.

• Demonstrate passion continuous learning

• Bilingual ( french language is an asset)

• Previous experience working in cyber security and risk management at a large company

Primary Location:

CAN-Toronto-5700 Yonge

CAN-Montreal

Function:

Function – Security Governance and Compliance

Schedule:

Full time