Intermediate Information Security Analyst to conduct risk assessments and penetration tests for internal and external investigations
S.i. Systems
Vancouver, BC-
Number of positions available : 1
- Salary To be discussed
-
Permanent job
- Published on December 23rd, 2024
-
Starting date : 1 position to fill as soon as possible
Description
Our client is looking for an Intermediate Information Security Analyst to conduct risk assessments and penetration tests for internal and external investigations
Permanent position; Hybrid model (2 days/week), North Vancouver
Must Haves:
- 4-5 years as a Security Analyst with hands on experience in pen testing
- Experience with risk assessment
- Understanding of security frameworks and experience assessing against framework such as ISO 27001 or NIST
Nice to Haves:
- The ISO/IEC 27000 framework for building Information Security Management Systems.
- BC’s Freedom of Information and Protection of Privacy Act (FIPPA); and e-Discovery and Legal Hold trends and legislation.
- Familiarity with SOC and SIEM tools.
- Familiarity with third party audit reports such as SSAE 16, SOC 2.
Responsibilities:
- Gathering electronic evidence to support investigations, including extracting and interpreting systems log files and conducting computer forensics and mobile device forensics.
- Analyzing threats and assessing information security exposures to information and information technology systems.
- Performing regular pen tests and security tests on the client's Systems, as well as engaging third parties to perform regular pen tests
- Developing electronic investigation processes and procedures.
- Developing proactive monitoring rules, triaging alerts, and handling incidents.
- Recommending, creating, and updating corporate principles, policies, standards, and procedures related to information security.
- Consulting on corporate and divisional projects as an Information Security Lead, identifying information security risks, communicating with the business owners to establish impact, recommending treatment plans to remain within business risk tolerance, and tracking treatment plans through implementation;
- Collect information security metrics to monitor and enhance the information security program
- Work closely with non-technical stakeholders on the interpretation of electronic evidence and the creation and tuning of monitoring alerts.
Requirements
undetermined
undetermined
undetermined
undetermined
Other S.i. Systems's offers that may interest you