City : Toronto

Category : See Posting

Industry : Financial Services/Government

Employer : Ontario Securities Commission

Information Security Analyst
Information Technology Branch
Permanent, Full-time 
File# 22-178

The Ontario Securities Commission (OSC) is the statutory body responsible for administering and enforcing securities legislation in the Province of Ontario. As a regulator of the capital markets, the OSC is working to safeguard the integrity of the Ontario securities markets. With the challenges of regulating today’s ever changing dynamic capital markets, the OSC continues to be an employer that offers exciting career opportunities.

 We offer an inclusive, diverse, fair, and flexible work environment and take pride in our challenging and rewarding work.

 Summary

The Information Security Analyst will design and implement security systems to protect the OSC’s compute environment, networks, and systems from cyber-attacks while helping to maintain a solid security posture. They will monitor systems, detect security threats ('events'), analyze alarms, report on threats or intrusion attempts, while taking the necessary remediation steps by either resolving them or escalating them to the appropriate owner. This role supports the Chief Technology Officer, Chief Information Security Office and the Manager – Technology Services in performing the project and operational work required for the OSC’s Information Security Program.

 Key Duties and Responsibilities

• Management of OSC Compute, Network and System Security Activities
• Monitor and take the necessary action on attacks, intrusions, unusual/unauthorized activity, phishing emails and spam activity.
• Monitor and take the necessary action on identity and access management systems for abuse of permissions.
• Investigate security alerts/breaches and provide the necessary incident response while providing recommendations to remediate the issue.
• Proactively determine emerging threat patterns / vulnerabilities and identify potential weaknesses using advanced analytic tools and appropriate security controls.
• Research and evaluate emerging cyber security threats and make recommendations on approaches and strategies to mitigate them.
• Liaise with the Information Security Office and stakeholders in relation to security issues and to provide recommendations.
• Information Security Systems Implementation
• Collaborate with vendors on the design of new or upgraded security systems.
• Take accountability for the implementation of the OSC’s security systems or controls.
• Work closely with vendors to resolve implementation issues as required.
• Work closely with the Information Security Office and other stakeholders during the implementation of technology projects.
• Work closely with Management on the procurement process to evaluate vendors and assessment products based on defined requirements.
• Test and evaluate new security products to assess alignment with OSC ecosystem and make recommendation to Management.
• Information Security Standards/Procedures
• Develop and maintain documentation for various security systems and applications.
• Keep up to date with the latest security and technology developments.
• Plan for disaster recovery and create contingency plans in the event of any security disruptions to normal operations.

Qualifications

• A relevant degree Computer Science or a comparable field of study, or certificate in Information Security (or equivalent experience).
• Industry certifications such as CISSP, Certified Information Systems Security Professional or GISP, GIAC Information Security Professional are preferred.
• A minimum of 7-10 years of relevant experience in IT security or information risk management.
• Strong knowledge of technology and security topics including network and application security, infrastructure hardening, security baselines, web server, and database security.
• Solid understanding of general networking principles and common protocols.
• Familiar with ISO/IEC 27000 family of standards for Information Security Management, NIST series of standards related to Information Security and Risk Management and other best practices for information security.
• Good working knowledge of various security technologies such as network and application firewalls, segmentation, policy management, proxies, web filtering, SIEM, end point protection, secure remote access solutions (VPN, SSO & MFA) anti-virus and security operations.  
• Experience in vulnerability assessment scanning, secure code, and infrastructure security reviews for internal and external facing (web) applications.
• Experience with system development lifecycles (SDLC) and embedding security assurance into the planning, implementation, testing and deployment of solutions.
• Experience with Public Key Infrastructure (PKI) management.
• Experience with cloud security & integration (preferably Azure Cloud).
• Experience with Pao Alto Firewalls, PRISMA and related technologies.
• Experience with Azure Premium Firewalls, Network Security Group (NSG) and related technologies.
• Experience with Cisco switches and related technologies.
• Familiarity with some or all of Microsoft Security set of products, and depth experience in at least 1 of the following: Azure Sentinel, Azure Security Center (ASC), Windows Defender Advanced Threat Protection (WDATP)  Microsoft Cloud App Security Broker (CASB) Solutions - Microsoft Cloud App Security (MCAS) / Office 365 Cloud App Security (OCAS) / Azure AD Cloud App Discovery Office 365 Advanced Threat Protection (O365 ATP), Office 365 Threat Intel (O365 TI), Azure Advanced Threat Protection (Azure ATP).
• Solid understanding of TCP/IP, BGP, OSPF and related protocol stacks
• An understanding of the information security risks associated with various technologies and ways to manage them.
• Familiar with ITIL Change Management process.
• Analytical and problem-solving skills to identify and assess risks, threats, patterns, and trends.
• Strong oral and written communication skills.
• Excellent attention to detail.
• Teamworking skills to collaborate with team members and clients.
• An ability to work under pressure, particularly when dealing with threats and at times of high demand.
• Time-management and organisational skills to manage a variety of tasks/competing priorities and meet deadlines.
• Integrity and a passionate commitment to IT security as a profession.

Grow your career and make a difference working at the OSC.

Apply online by Monday March 27, 2023 by 11:59PM EST.

**Internal applicants: please apply using the Taleo profile created with your OSC email address**

We thank all applicants for their interest in the Ontario Securities Commission. We will contact those selected for an interview. 

The OSC is committed to diversity and providing an inclusive workplace and providing accommodation in accordance with the Accessibility for Ontarians with Disabilities Act and the Human Rights Code. It is our priority to ensure employment opportunities are visible and barrier free to all under-represented groups including but not limited to, Indigenous, Black and  racialized groups, people with disabilities, women and people from the LGBTQ2S community, to achieve an employee demographic profile reflective of the demographic profile of Ontarians.

The OSC is a proud partner with the following organizations: BlackNorth Initiative ,  Canadian Centre for Diversity and Inclusion  , and  Pride at Work Canada

If you require an accommodation during the recruitment process, please let us know by contacting our confidential inbox  HRRecruitment@osc.gov.on.ca  .  

Visit   Accessibility at the OSC   to review the OSC’s policies on accessibility and accommodation in the workplace