Junior IT Security Analyst
Location Address: Hybrid – Office: Scarborough
Contract Duration: 1 year
Number of Positions: 1
Scheduled Hours: Monday to Friday, 9am-5pm
Extension Opportunity: Yes, based on performance and need
Story Behind the Need
• As part of Cyber Security Operations (CSO) department, the IT Security Analyst will be responsible for performing tasks aimed towards protecting and safeguarding the informational assets of the organization. The primary goal is to meet and exceed the agreed upon objectives, perform assigned tasks while maintaining a technical understanding of information security principles and best practices. This individual will report to the Senior Manager, Technology Assessments & Effectiveness, and will work as part of Cyber Integration & Automation (CIA) team.
Candidate Value Proposition
• The successful candidate will have the opportunity to work within a big 5 bank. We are technology partners who help the business transform how our employees around the world work. You will get to work with and learn from diverse industry leaders, who have hailed from top technology.
Typical Day in Role
• Identify security issues and risks, and provide recommendation of mitigation plans
• Govern the deployment of data security controls that mitigate and reduce the loss and exposure of Scotiabank’s informational assets.
• Conduct security control evaluation assessments, identify gaps, risks and milestones and work with various team to recommend possible solutions and mitigation controls.
• Conduct Data Loss Protection Assessment as part of TRAs (Threat Risk Assessment) on various new initiatives/Project, interpret architecture design documents, highlight risks and work with respective business lines to develop mitigating action plans.
• Recommend strategic security solutions and security control improvements specific to the enhancing of the identification of data security events.
• Lead projects and meet tight timelines while dealing with multiple business lines
• Provide Technical knowledge/support to automate processes within existing applications and/or other researched solutions
• Expand on threat scenarios and enable added monitoring/blocking to mitigate potential threats.
• Coordinate with application and business teams to enable protection services and provide guidance through knowledge of network architecture, domains, policies, and processes
• Ensure currency of support documentation, operational playbooks, and data catalogues
• Develop and manage policies and rules deployed as part of Data Loss Prevention program on various channels
• Enhance the detection of events involving the loss or exposure of informational assets by ongoing policy optimization and fine tuning.
• Providing advisory and technical knowledge to the development, implementation, and improvement of solutions to protect informational assets from loss or exposure.
Candidate Requirements/Must-Have skills
• 2+ years related field experience required
• Strong experience and detailed technical knowledge in Security Engineering, System and Network Security, Authentication and Security Protocols, Cryptography, and Application Security
• Experience in Risk Management with technical knowledge for Infrastructure Security best practices and controls
• Experience with Data Loss Prevention/Data Discovery tools, techniques, and frameworks
• Consistent implementation of security solutions
• Good knowledge of Domain Driven Design and multiple Java frameworks
• Build, automated integration, and deployment tools such as Maven and Jenkins
• Security – secure development principles, oAuth, infrastructure security, etc.
• HA Design/Architecture principles
• Mainframe systems architecture and design
• Experience with Database
Nice to Have Skills
• Working knowledge of major programming languages
• Experience of working with TOGAF or other Enterprise Architecture Frameworks and their application
• Cloud infrastructure, Docker, Linux OS, distributed Relational/NoSQL/NewSQL datastores
• Source Code Management Systems (GIT, Bit Bucket, SVN)
• Experience providing information for or working with management and internal audit
• Knowledge of the company’s security strategy, associated policies, platform specific standards and control objectives as they relate
• Excellent written, presentation, and verbal communication skills to be able to work well with technical peers and business stakeholders at different levels within the organization
• Ability to analyze complex situations and problems and do the necessary research using multiple sources of information to arrive at innovative solutions
• Ability to work as part of a team, as well as work independently or with minimal direction
• Good time management and organizational skills to effectively manage high scale project
• Post-secondary degree in a technical field such as computer science, computer engineering or related field required
Candidate Review & Selection
• 1st round interview – hiring manager + 2 technical team member (30 minutes)
• 2nd round interview – director + 1 team member (30 minutes)