Information Security Analyst 

Position Summary

Reporting to the Sr. Information Security Analyst, the Information Security Analyst will contribute the City of Richmond Hill's information security program and will be assisting in the delivery of information security initiatives to ensure the program aligns with industry standards. The Information Security Analyst will conduct information security risk assessments, vulnerability assessments, manage information security technology solutions and will provide guidance to City project teams and business units to identify, assess and mitigate information security risks. The Information Security Analyst will investigate and respond to information security incidents and coordinate with appropriate stakeholders to contain, eradicate and recover from cyber incidents. 

Key Duties and Responsibilities

• Monitor and analyze security events using SIEM and other monitoring tools. Assist in the development and tuning of detection rules and incident response playbooks.
• Investigate and respond to information security incidents. Perform forensic analysis and root cause analysis.
• Contribute and support the information security risk management practice including conducting security risk assessments and vulnerability assessments. Provide clear risk mitigation recommendations and support remediation efforts.
• Provide consultation and guidance to internal stakeholders as well as serve as the information security subject matter expert (SME) to embed information security controls within projects and initiatives. 
• Contribute and maintain a documented framework of continuously up-to-date information security policies, standards and guidelines. A key component as well is managing the IT Security Awareness Training Program to help empower the City of Richmond Hill staff with knowledge and tools and ensure that staff are well versed with how to do their part in protecting company assets as well as helping to develop a risk awareness culture.
• Implement, manage, operate and maintain information security technology solutions to identify, mitigate and response to security threats impacting the City's environment. 

Duties and Responsibilities Cont'd (if applicable)

Education and Experience

• Bachelor’s Degree in Computer Science, Information Security or other related field or equivalent work experience
• Security Certifications: CISSP, SSCP, GCIH, OSCP, CEH, GSEC and/or Security+
• Cisco Certification, Microsoft Certification, Red Hat Certification and VMware Certification are considered assets
• 5 Years Information security or cybersecurity work experience with a board range of exposure to systems security, network security, application security as well as experience implementing and managing security solutions.

Required Skills/Knowledge

• Experience in security standards such as ISO 27001, 27002, 27005; NIST; CIS; PCI-DSS;
• Hands-on experience with implementing, maintaining and operating security tools including:
  • Network Firewalls and Web Application Firewalls
  • Network Security Tools
  • Security Incident and Event Management (SIEM) systems
  • Vulnerability and Penetration Testing Tools
• Familiarity with MITRE ATT&CK Framework and OWASP Top 10 
• Strong knowledge of networking, operating systems (Windows, Linux), and security protocols.
• Extensive knowledge of security technology and risk assessment methodologies, policies and processes.
• Must have experience implementing and assessing security in a cloud hosted environments.
• Ability to manage and prioritize responsibilities through the effective use of time management and organizational techniques. 
• Excellent written and verbal communication skills, interpersonal and collaborative skills, and the ability to communicate information security and risk-related concepts to technical and nontechnical audiences.
• Strong analytical and problem solving skills
• Superior oral and written communication skills 
• Excellent interpersonal and collaboration with a proven ability to successfully deal with complex issues working within the context of cross-functional teams
• Results-oriented critical thinker with excellent time management and organizational skills 
• Must be available to work evenings, flex shifts, on-call/standby, extended hours and statutory holidays when required.
• Must be and willing and able to transport yourself to City work sites as required (mileage compensated).  
• Requires satisfactory Police Records Check
• Demonstrates good judgment and makes sound decisions
• Shows commitment to personal growth, development, and leadership opportunities
• Shares new ideas and challenges the status quo
• Proven written and verbal communication skills with the ability to communicate with honesty, openness, respect, and trust
• Takes initiative to participate in a culture of learning, mentoring, and sharing
• Contributes to building and being a part of a positive culture
• Demonstrate the City’s corporate values of care, collaboration, courage and service

Leadership Competencies