Senior Information Security Analyst

Job Description

Targray is a diversified multinational commodity and specialty materials company that markets a broad range of products and solutions for high-growth energy sectors. Established in 1987 in Montreal, Canada, our organization is a leading international provider of materials for solar and energy storage companies, and one of the largest physical traders and distributors of Biodiesel fuel in North America.

Targray has operations in 11 countries and over $1B USD in annual sales. In 2019, the company made its debut appearance on the FP500, Financial Post’s ranking of the top 500 corporations in Canada by revenue.

• Great Place to Work® | Best Workplaces in Quebec (2020)
• Deloitte | Best Managed Companies (2019 - 2022)
• EY Canada | Quebec Entrepreneur of the Year (2016)
• HSBC | International Business Award (2012)
• Profit 100 Fastest-Growing Companies in Canada (2006, 2009)

Job Summary

Reporting to the Manager- IT Infrastructure, the Senior Information Security Analyst is responsible for ensuring technology controls are sufficiently protecting business risk, and overseeing security standards, policies, and procedures. He / She will be playing a key role in threat monitoring, security data analysis and maintenance of EDR platform, DLP, VPN, SIEM and other security tools/solutions as well as analysis and promotion of best practices around server/application security and system log management.

Responsibilities

1. Develop and maintain employee security training program.
2. Manage and Maintain Cyber Secure Canada Certification including its renewal.
3. Implement vulnerability management policies.
4. Select and advise on applicable security standards and appropriate security technology.
5. Evaluate new security products and services and advise on their suitability and feasibility to meet Targray requirements.
6. Interface with technology vendors, to ensure that Targray acquires products and services that protect the confidentiality, integrity, and availability of Targray informational assets.
7. Monitor and manage security events.
8. Analyze and respond to security incidents.
9. Follow on newly discovered risks and identify risk owners and risk remediation options.
10. Conduct Threat and Risk Assessments of technology systems that support business units’ operation.
11. Conduct risk assessments of 3rd party vendors and solutions.
12. Support the transition of projects from development to production.
13. Policy review, SOP's creation for various process related to information security.

Requirements

• University or college degree in Computer Science or IT Engineering with focus on information security.
• 7+ years of IT experience, with a minimum of 5 years are in information security.
• Good Knowledge on ISO 27001, NIST Framework and privacy regulations like PIPEDA & GDPR
• Sound Understanding of M365 Security & Compliance Centre like DLP Rules, Sensitivity Labels, and Safe Links/Safe Attachments
• Previous hands-on experience with seven or more of the following security domains:
  • Security Policies and Standards
  • Security Risk Management
  • Identity and Access Management
  • Privilege Access Management
  • Anti-Virus platform hardening
  • Database hardening
  • Network and Web Application Firewalls
  • Application security
  • Secure code development practices
  • Remote access security / security tokens / multi-factor authentication
  • Digital certificates
  • Vulnerability Management (networks scans and patching)
  • Intrusion Detection and Intrusion Prevention (IDS, IPS)
  • Logging and Monitoring
  • Encryption solutions and Key Management
  • File and system integrity monitoring
  • Web content filtering
  • Email security
  • Wi-Fi security
  • Mobile devices security
  • Security Incident Response
• Good written and oral communication is required to describe technical concepts to both technical and non-technical audiences that may include staff from: project teams, project managers, engineering, architecture, IT operations, security, finance, third party vendors and others.
• Work well under pressure and time constraints and can prioritize competing priorities appropriately.
• Can work independently with limited supervision and direction.
• Can support the business when security questions or issues arise.
• Experience with monitoring tools.

Assets

• CISSP, CCSP, CISA, CISM, ISO 27001, or similar certification
• Knowledge of leading security standards, with a focus on NIST Cybersecurity Framework, ISO27001, ISO27002
• Comfortable with the security concepts of cloud computing environments
• skills with programming languages such as PowerShell, Python.
• Knowledge of Fortinet ecosystem

Benefits

• A competitive remuneration plan and an excellent working environment in a growing multinational organization.
• Beautiful, spacious and modern workplace environment.
• Flexible work arrangement policy.
• Generous company-wide profit-sharing plan.
• Off-site Team Building and experiential development.
• Life Insurance and Accidental Insurance for Self.
• Free Medical Insurance for Self and Family.
• Weekly Team Lunches.
• Gym Benefits.
• Corporate Team Fun Activities.

Diversity & Inclusion

Diversity and inclusiveness are at the heart of who we are and how we work. We are committed to fostering an environment where differences are valued, policies and practices are equitable, and our people feel a sense of belonging. We welcome and embrace the diverse experiences, abilities, backgrounds, and perspectives that make our people unique and help guide us. When people feel free to be their authentic selves at work, they bring their best and are empowered to build a better working world.