Career Opportunities | Career Profile | Career Alert | Help 

Sr. Security Analyst

 
 
 
 
 





Information Security Operations team is responsible for
• Control - focusing on the state of the security with compliancy testing, penetration testing, vulnerability testing, etc.
• Monitoring - focusing on events and the response with log monitoring, SIEM administration, and Incident Response
• Operational - focusing on the operational security administration such as Intrusion Prevention, advanced threat detection and intelligence, etc.

The Senior Security Analyst is responsible for the design, planning, testing, implementation, and administration of industry-wide accepted information security principles, practices, and information systems to ensure the protection of information assets processed, stored, or transmitted at the TMX Group Limited. Evaluate the effectiveness of information security solutions and processes in place, monitor for and identify security risks and exposures, determine the causes of security violations, assess, and implement procedures to prevent future incidents. Understand and provide assistance to system users relative to information systems security matters.

Key Accountabilities:

• Lead the implementation, configuration, and operation of information security technologies that are implemented across the TMX Group Limited
• Influences internal partners to ensure they build solutions consistent with the organization's planned policies, programs, architectural recommendations, and information security standards
• Manage requirements documentation, analyzes opinions, and proposes solutions that leverage resources for highly complex projects
• Support the ongoing security control processes within the enterprise which includes security technologies, networks, information systems, and endpoints.
• Assist in the design and implementation of resilient information security architecture and technologies for optimal threat protection, monitoring and incident response
• Analyzes threat and vulnerability feeds and analyzes data for applicability to TMX’s environment including the identification and resolution of false positive findings in assessment results, as well as perform compensating controls analysis and validate efficacy of existing controls
• Understanding of threat models, impact levels, and the different approaches and methodologies i.e. black/grey/white box testing
• Responsible for generating timely vulnerability assessment reports to management and stakeholders and facilitate remediation tasks for other operational teams
• Lead investigations of potential security incidents using forensically sound methods and techniques
• Lead security requirements and controls development initiatives ensuring the quality and timeliness in customer deliverables
• Develop innovative and secure solutions and provide guidance for TMX Group Limited stakeholders
• Work with security and IT stakeholders to implement a risk management program that allows for the identification and remediation of information security risks
• Develop and promote technical training to create information security awareness and aptitude within the organization
• Monitor and advise on information security compliance related to IT to ensure internal security controls are functioning appropriately
• Advise the organization about information security threats, technologies and related regulatory requirements
• Develop and implement information security metrics, measurement criteria and reporting to ensure compliance and continuous improvement
• Perform risk analysis of different solution options and propose security solution for the business problem that balances potential loss with the cost of the solution
• Works collaboratively with IT to identify actions needed as a result of Risk Assessment issues.
• Assesses information technology control elements to mitigate IT risks regarding the confidentiality, integrity and availability of business information
• Communicate the results of each Risk Assessment via written reports and oral presentations to management.

Skills and Experience:

Must Have Skills:

• University graduate degree in Computer Science or Engineering complemented by a degree or equivalent experience in Business Management
• The ideal candidate should have three or more years of hands-on Information Security experience
• Hands-on experience with commercial and open-source network and application security testing tools
• Excellent oral and written communications for the development of the security program, strategy, guidelines, policies, standards and for presentations to technical and non-technical audiences at all levels of the organization.
• Ability to build and work with multi-disciplinary teams to achieve goals and to meet deadlines in a fast-paced environment
• Works well under pressure and time constraints and can prioritize competing priorities appropriately
• Knowledge of PMI, ITIL, NIST, and ISO best practices and process improvement
• Strong business and technical acumen


Nice to Have(s):
• CISA, CISSP, CISM, ISO27001/27002, PMP or similar certification is an asset
• Knowledge of security risk methodologies and assessment framework is a plus
• Information security and cyber forensics
• Knowledge of Google, AWS, Azure and cloud security

Skills:

  • Intrusion Tools





* Add to favourites