Canadian Bank Note Company, Limited
CBN designs and builds secure information systems, identity documents and currencies for countries around the world.
Are you a skilled and experienced security professional with a passion for ensuring the highest standards of information security? Join our team as an IT Security Analyst, where you’ll play a pivotal role in safeguarding our organization's assets. In this dynamic role, you will be responsible for compliance evidence collection, SIEM setup and management, Technical Security Analysis and fostering collaborative efforts within our security team. You will draw on your real-world, industry experience and the knowledge from our broader team that will help facilitate your ongoing success. Although the role is primarily focused on operations, you’ll be engaged in cross-functional project deliverables and collaboration with other teams in delivering security solutions.
If you enjoy variety and think beyond your job description, you'll succeed here. As part of the team, you’ll facilitate and nurture our customers’ success stories. So, if you're looking for the chance to work for a global technology company, explore new career opportunities, and deliver exceptional work to your customers, we want to hear from you!
Key Responsibilities
- Compliance Evidence Collection and Gap Remediation
- Collaborate with Risk and Compliance personnel to gather evidence for Compliance requirements (SOC II, ISO 27001, PCI, NIST 800-53, etc.).
- Develop and implement processes for evidence collection, ensuring accuracy, completeness and timeliness in response to audit requests.
- Collaborate with stakeholders to address compliance gaps and implement corrective actions.
- Security Incident and Event Management
- Design, implement and maintain automated processes within the SIEM environment to enhance threat detection, incident response and log management.
- Collaborate with cross-functional teams to integrate security controls and enhance the overall effectiveness of the SIEM solution.
- Develop and maintain automated responses to common security incidents.
- Technical Security Analysis
- Monitor SIEM alerts and investigate security incidents to determine the root cause and appropriate remediation actions.
- Design, implement and maintain automated security processes to enhance efficiency and reduce response times.
- Prioritize and remediate identified vulnerabilities in collaboration with system owners and IT teams.
- Create and maintain documentation related to security policies, procedures and configurations.
- Collaboration and Communication
- Communicate security risks and findings to technical and non-technical audiences effectively.
- Build relationships with stakeholders across groups to understand needs and requirements and the associated notification process.
- Responsible for maintaining a high level of operational excellence for solutions and services.
Qualifications
Mandatory
- US Citizenship
- 4+ combined years of experience in an IT role
- 1+ years of experience in an IT Security related role.
- 3+ years of experience in an Operations related role.
- Experience with Enterprise Linux/Unix and/or Windows.
- Experience with two or more of the following technologies or categories:
- Vulnerability Management (Scanning, Reporting)
- SIEM - Network and Agent-based (Installation, Operation and Triage)
- Centralized Log Management
- Enterprise Linux/Unix based Operating Systems
- Experience collecting evidence for Compliance Frameworks (NIST 800-53, SOC II, ISO 27001, PCI, etc.).
Knowledge and Experience
- University degree or College diploma in Computer Science or related field is preferred.
- SANS, ISACA or GIAC certification is preferred.
- Experience with a GRC Tool is highly desired.
- Experience with Cloud Environments (Azure, AWS, etc.)
- Knowledge of Security technologies (Identity and Access Management systems, Multi-Factor Authentication, Encryption, ITIL Frameworks, and traditional perimeter and endpoint security technologies)
- Experience or participation in Open-Source communities/technologies is considered an asset.
- Experience in various programming languages is considered an asset (Bash, PowerShell, Python 3, Ruby).
Skills and Abilities
- Proficiency in Microsoft 365 Enterprise.
- Excellent communication skills (verbal and written)
- Can-do attitude, passion, and an out of the box mindset towards solving problems.
- High degree of personal confidence, enthusiasm, and drive.
We are an Equal Opportunity Employer. We’re committed to providing a work environment that is free of unlawful discrimination, harassment and retaliation based on race, religion, creed, color, sex, age, national origin, ancestry, sexual orientation, gender identity, veteran status or disability.