The objective of the Information Security Analyst role is to protect data and information systems from unauthorized access and/or manipulation. This role is responsible for participating in the planning, coordination and implementation of security practices and technologies across various BCLC divisions and in network penetration testing, application vulnerability assessments and performing information security assessments to ensure the on-going integrity of BCLC’s systems and infrastructure
- Develops and implements system security procedures and standards based on industry best practices and commensurate with the sensitivity and security requirements of BCLC systems
- Completes information security assessments and recommends remediation plans for information security issues identified in the organization
- Participates in the Privacy Impact Assessment (PIA) process by providing input and recommendations pertaining to the protection of personal information
- Ensures that BCLC's information assets are adequately protected against unauthorized/accidental alteration, loss, disclosure or destruction
- Provides day-to-day monitoring of the integrity of systems and infrastructure components
- Performs operational duties such as detailed analysis of incident, vulnerability and logs
- Tests and analyzes malicious code, vulnerable software, security tools and patches
- Analyzes and identifies information security trends
- Provides maintenance and ongoing operation of security architecture for BCLC systems
- Provides information on system configurations, accounts and information security practices to auditors and regulators as directed by the information security management team
- Promotes information security and the services offered by the information security team throughout the organization
Minimum Required Qualifications
Education and Experience
- A degree or diploma in IT or equivalent in a related discipline
- Three to five years progressive experience in computing and information security
- Experience assessing and remediating security issues (experience should include network penetration testing, application vulnerability assessment, risk analysis and compliance testing).
- CISSP or CISM certification preferred
- CIPP/IT certification is desirable
- An equivalent combination of education and/or experience will be considered.
- Excellent oral and written communication skills, including the ability to write reports and document procedures
- Understanding of information security risk management, controls and compliance
- Excellent organizational skills with the ability to prioritize items
- Strong technical skills (Application and OS hardening, vulnerability assessments, security audits, networking, IDS, firewalls, etc.)
- Experience with security tools, such as SIEM, file integrity monitoring and database monitoring
- Excellent innovation in problem solving and analytical thinking
- General business acumen
- Proven ability to deal with sensitive matters with a high degree of tact and diplomacy
- Excellent ability to manage relationships at all levels with customers, leaders, contractors and team members to effect change.
If this sounds like you, please apply online to Posting #2012.185-40 Information Security Analyst.