IT Security Analyst

Why FirstOntario?

FirstOntario Credit Union is one of the largest credit unions in Ontario. We are a trusted co-operative financial intuition dedicated to providing competitive banking products and services and a quality Member service. More than 118,000 Ontarians choose FirstOntario for their financial needs - from chequing and savings accounts to loans and mortgages and highly qualified investment advice. Our Membership does more than save you money on fees, it also makes you an Owner. At FirstOntario, we believe the best way to ensure our success is by supporting the communities we serve. That's why our policies include volunteering our time, talent and resources to worthy local causes and events. It's also why we reinvest our profits in the same places they're earned, and why we sponsor programs that promote financial literacy and economic development.

Job Overview

The IT Security Analyst performs two core functions for the enterprise. The first is the day-to-day operations of the in-place security solutions while the second is the identification, investigation and resolution of security events detected by those systems. Secondary tasks may include involvement in the implementation of new security solutions, participation in the creation and or maintenance of policies, standards, baselines, guidelines and procedures as well as conducting vulnerability audits and assessments. The IT Security Analyst is expected to monitor computer networks and systems for security issues, and document any security issues or breaches, in line with the enterprise's security goals as established by FirstOntario's policies, procedures and guidelines and to actively work towards upholding those goals.

Role

• Participate in the planning and design of enterprise security architecture, under the direction of the Manager of IT Security.
• Create enterprise security documents (reports, baselines, guidelines and procedures) as required.
• Participate in the execution of an enterprise Business Continuity Plan and Disaster Recovery Plan.
• Maintain up-to-date detailed knowledge of the IT security industry including awareness of new or revised security solutions, new or revised security best practices and standards, and the latest attacks and threat vectors.
• Recommend additional security solutions or enhancements to existing security solutions to improve overall enterprise security.
• Deploy, integrate and configure all new security solutions and any enhancements to existing security solutions in accordance with standard best practices generally and the enterprise's security documents specifically.
• Maintain up-to-date security baselines for the secure configuration and operations of assets, whether they are under direct control (i.e., security tools) or not (i.e., workstations, servers, network devices, etc.).
• Monitor all assets for compliance with security baselines, security documents, and enterprise policies.
• Maintain operational configurations of all security solutions as per the established baselines.
• Monitor all security solutions for efficient and appropriate operations.
• Review logs and reports of all assets, whether they be under direct control (i.e., security tools) or not (i.e., workstations, servers, network devices, etc.).
• Interpret the implications of that activity and devise plans for appropriate resolution.
• Investigate problematic activity and report the findings to the Manager of IT Security.
• Participate in the design and execution of penetration tests and security audits.
• Design, and execute vulnerability assessments and discuss resolution planning with appropriate stakeholders
• Provide on-call support for end users for all security solutions (ex. Blocked email).
• Monitor for IT and Security policy violation(s) and recommend corrective action(s).
• Participate in IT GRC and data governance activities to ensure accurate and valuable KPI/KRI data for reporting
• Monitor, Maintain, and respond to alerts of Physical Security solutions such as Camera System and Physical Access Control
• Execute and continuously improve quarterly programs and audits such as Security Awareness Training, Access and Permission Audit, User Account audit, etc.
• Perform other duties are required.
  
  

Required Skills

• College diploma or university degree in the field of computer science and at least 4-6 years of experience in an IT related role.
• One or more of the following or equivalent Security certification:
• CompTIA Security+
• GIAC Information Security Professional (GISP)
• Microsoft Certified: Security Operations Analyst Associate
• CAP, CISA, CCFP
• Associate of (ISC)2
• Experience with SEIM, Firewalls & data classification
• Experience with endpoint detection and response (EDR), CASB, IDPS and other security technologies.
• Demonstrated knowledge of security frameworks and standards such as MITRE, CIS, NIST, PCI, COBIT and ISO 27001.
• Experience with Varonis is an asset.
• Knowledge of VMware vSphere, vCenter and ESXI is an asset.
• Working technical knowledge of system vulnerability scanning and remediation.
• Strong understanding of OSI Model, IP, TCP/IP, and other network administration protocols.
• Strong understanding of Windows and Linux operating systems.
• Familiarity with core banking system related security.
• Proven analytical and problem-solving abilities.
• Ability to effectively prioritize and execute tasks in a high-pressure environment.
• Ability to conduct research into IT security issues and products as required.
• Ability to present ideas in a business-friendly and user-friendly language.
• Strong written and verbal communication skills
• Team-oriented and skilled in working within a collaborative environment.
• Lifting and transporting moderately heavy objects, such as computers and peripherals.
• Valid Driver's license and ability to travel to branch location as required.
  

Story

Our emphasis on service means we're constantly searching for new team members whose dedication to helping people is as powerful as their ambition to succeed. We're committed to providing professional development, and to extending employee activities beyond day-to-day operations to support the communities where we're located. Our people are the difference, it's a part of why we love coming to work.

FirstOntario is proud and privileged to be able to assist and touch the lives of so many in our communities.

• We believe giving back to our communities helps everyone.
• We believe in volunteering, active community support and participation.
• We believe in investing our profits back into the credit union and the community.
• We believe in finding solutions to help our Members and communities.
  
  

If this sparks your interest and you demonstrate high levels of integrity and credibility, we should talk. Check out our website for the full job description and prepare your cover letter and resume listing your experience, qualifications, and submit it online through our careers page on the company website.

We appreciate all who express interest; however, only those selected for an interview will be contacted. No phone calls please.

FirstOntario Credit Union will provide accommodations for persons with disabilities, where needed, to support their participation in our recruitment process.