Information Security Analyst

Position Details

Position Information

Position Title Information Security Analyst Posting Number 01914SA Location New Westminster/Coquitlam Campus Grade or Pay Level S - Pay Level 16 + Market Adjustment Salary Range $73,371 annually (with wage increments to a max of $81,702 annually). Salary and wage increments are in accordance with the Collective Agreement. Position Type Support Staff - Regular Posting Type Internal/External Regular/Temporary Regular Employment Type Full-Time Posting Category Staff Start Date 10/16/2023 End Date Day of the Week Mondays to Fridays Shift See work arrangements. Work Arrangements
This regular full-time (35 hours per week) position is available starting October 16, 2023. Regular hours of work are Monday to Friday, between 8:00 am to 6:00 pm. This position is required to work a flexible schedule based on operational needs. Shift days and times may change depending on the Department's need. Occasional evening and/or weekend work may be required. The position is located at the New Westminster campus; however, successful candidate must be available for occasional work at the Coquitlam campus.
What Douglas Offers
DO what you love. Be good at it. That's how Douglas College defines a great career. It's a philosophy that resonates through our classrooms, our offices and our boardrooms. It inspires our students and drives us to make Douglas College one of BC's Top Employers. We love what we do. And we're looking for passionate, motivated people to join us in making one of Canada's best colleges even better.
The Role
To function as an information security technical specialist and to work with system administrators to ensure that systems are designed, implemented and maintained using accepted information security principles.

The position plays an important role in ensuring the safety and security of the College systems and data and the safety and security of our students, employees and other stakeholder data. The position works to protect the confidentiality of the College stakeholders' data and from potential financial and reputational losses related to identity theft.

The responsibilities include defense against coordinated cybersecurity attacks on the College by cybercrime gangs, attacks on individual users, and remediation of unsafe actions by individual users.

The duties may include design, implementation and maintenance of information security technologies and configuration guidelines for desktops, servers, and application systems from an information security perspective. The day-to-day activities will be a combination of operational and project work as well as developing and deploying new information security solutions.

Responsibilities

• Develop configuration guidelines needed to maintain security of College systems and data. The position will coordinate the implementation and verify the quality of the implementation:

•Cybersecurity configuration guidelines for desktops. Coordinates implementation of the guidelines by the End Point team. Verifies the implementation by reviewing and analyzing the status in various auditing tools. •Cybersecurity configuration guidelines for Windows and Linux servers. Coordinates implementation of the guidelines by the Infrastructure team and/or verifies the remediation by reviewing the status in various auditing tools. •Cybersecurity configuration guidelines for databases. Coordinates implementation of the guidelines by the Application Services team and/or verifies the remediation by reviewing the status in various auditing tools. •Cybersecurity configuration guidelines for application systems. Coordinates implementation of the guidelines by the Application Services team and/or verifies the remediation by reviewing the status in various auditing tools.

• Responds to cyber-attacks on the College by cybercriminals and cyber-crime gangs.
All steps involve research, analyzing and correlating various indicators from various sources relevant to the incident.

•Confirm a cyber-event as incident •Evaluate severity of the incident •Assemble Cyber Security Incident Response Team, when appropriate •Act as an Incident Response commander until relieved

• Ensures security of distributed work environment

•Implements tools necessary to ensure security of devices used outside of the Campuses •Performs audits of the security of remote devices and coordinates the remediation activities •Ensures that the best practices for device management configuration are followed

• Provide monitoring and remediation for cybersecurity incidents (All of the activities listed below will result in actions that requirecoordination of tasks to address identified issues by various CEIT employees, vendors, and sometimes non- CEIT College employees.):

•Review and action events reported by a log management system. •Review and action system alerts. •Run and review vulnerability scans. Recommend remediation strategy. Coordinate the remediation. •Investigate zero-day and vulnerability reports. •Investigate and work on a resolution to information security incidents. •Conduct information security assessments and reviews.

• Implement information security defense technologies and solutions:

•Research and recommend solutions •Research installation and configuration options and perform installations of software applications. •Lead projects and coordinate internal and external staff to implement solutions. Coordinate the implementation and validate the quality of the implementation.

• Remains current in the information security field

•Knowledge of securing networks, servers, workstations and applications •Configuration of firewall rule sets, IPS / IDS systems, and malware/virus detection systems

• Perform other related duties such as:

•Contribute to the planning and design of an enterprise business continuity plan and disaster recovery plan. •Participates in and analyzes security risk assessments for 3rd party vendors, cloud solutions and software systems •Monitor compliance with Douglas College information security standards, policies, and procedures by the College community, and act upon confirmed violations and deviations to ensure compliance. This may involve working with the individuals responsible for the violations, recommending and implementing steps to make the violations more difficult, or escalating the violations. •Train others on best practices in information security. •Conduct information security research.

To Be Successful in this Role You Will Need

•A bachelor's degree in Information Technology from a recognized post-secondary institution. •Information Security training, including education or equivalent experience that may include a subset of (or similar):
•Certificate, diploma, or degree in Information Security • CISA - Certified Information Systems Auditor • CISSA - Certified Information Systems Security Professional • CCSP - Certified Cloud Security Professional • SSCP - Systems Security Certified Practitioner • CSSLP - Certified Secure Software Lifecycle Professional • CAP - Security Assessment and Authorization Certification • SANS GSEC Security Essentials • SANS GCED Advanced Security Essentials •Other Information Security certification


•5 years or more of Information Technology experience. At least one year of Information Security training and experience.
Successful Information Security professional builds on a prior deep understanding of Information Technology and adds on top of it training and experience in Information Security. •A combination of education or equivalent experience may be considered. •Demonstrated knowledge of Information Security and ability to stay current in Information Security. •Demonstrated ability to lead projects •Demonstrated ability to lead people, especially in the absence of a formal reporting relationship. •Demonstrated ability to configure, administer, and monitor cyber defense technologies. •Demonstrated ability in scripting languages such as PowerShell. •Demonstrated ability to establish and maintain computer system specific documentation and operational procedures. •Excellent interpersonal and cross-cultural communication skills including written and verbal fluency in the English language. •Ability to communicate with employees at different levels of hierarchy and different levels of technical abilities. •Some understanding of virtual technology, backup methodology, Cloud, Microsoft Office 365, storage technologies, networking, Active Directory, database administration, application system administration, desktop administration, programming, scripting, logs aggregation and analysis, high availability and failover technology, etc. •Experience with writing technical documentation, including documentation related to Security Incidents Response, Post Incident Reports, etc. •Proven skills in:
•Problem-solving and analytical skills; •Organization, time management, and multi-tasking; •Interpersonal relationships; •Working effectively with others in a team environment; •Communicating effectively in person, on the phone, and in writing with all stakeholders; •Working independently with minimal supervision; •Establishing priorities and achieving deadlines.
•This position required sound judgment and adherence to confidentiality in the application of policies and procedures.

Link to Full Position Profile Equity Statement
Douglas College is committed to fostering a diverse, inclusive and equitable learning and working environment. In support of this journey, we welcome all people to apply, including people from groups that are experiencing inequity, including, but not limited, to Indigenous Peoples, racialized or persons of colour, persons with mental or physical disabilities, persons who identify as women, and/or persons of marginalized sexual orientations, gender identities and expressions, and persons of all faith identities, age, marital status, and parental status.
Needs a Criminal Records Check No

Posting Detail Information

Open Date 07/10/2023 Close Date Open Until Filled Yes Special Instructions to Applicant
Interested applicants must submit their application and all required documents online on the Douglas College Career Site www.douglascollegecareers.ca . Qualified internal applicants shall be given first consideration in filling the position.Please ensure your resume clearly explains how you meet the required knowledge, skills and abilities of the position for which you are applying. All candidates selected for interview will need to bring original certificates and diplomas of educational credentials noted on their resume.
Quick Link for Direct Access to Posting https://www.douglascollegecareers.ca/postings/11015

Category

Operations and Logistics