Security Analyst

Department:
Enterprise Technology Services

Hours Per Week:
35

Compensation Range:
$85,158.00 - $106,434.00

Closing Date:
June 30, 2023

Note: Posting comes off at 12:00 AM on Closing Date, with competition closing at 11:59 pm day prior.

At the City of Leduc, our mission is People. Building. Community. We offer a collaborative and dynamic workplace where our values of Teamwork, Service, Respect, and Leadership guide our conduct and contribute to a healthy culture. If you would like to work as part of a progressive organization and enjoy a fast-paced environment, then this may be the opportunity for you.

Security Analyst

Permanent, full-time - 35 hours per week

$85,158.00 - $106,434.00 per annum

We are currently recruiting a permanent, full-time Security Analyst for our Enterprise Technology Services team.

About this Opportunity:
While reporting to the Manager, Enterprise Technology Services, the Security Analyst will support the design, implementation, and ongoing operation of information security services and all its tools at the City. It is responsible for leading the process of ensuring information assets are adequately protected with acceptable levels of control by monitoring, testing, and evaluating security assessments of systems and taking steps to design and implement remediation solutions.

Responsibilities include, but are not limited to:

- Manage the administration of all IT security systems and their corresponding or associated software, including firewalls, intrusion detection systems, cryptography systems, and anti-virus software.
- Collaborate with CITY/IT leaders, privacy officer, and Human Resources to establish and maintain a system for ensuring that security and privacy policies are met.
- Promote and oversee strategic security relationships between internal resources and external entities, including government, vendors, and partner organizations.
- Manage securing of all platforms and centralize security event management.
- Design, perform, and/or oversee penetration testing of all systems to identify system vulnerabilities.
- Maintain up-to-date baselines for the secure configuration and operations of all in-place devices, whether they be under direct control (i.e. security tools) or not (e.g. workstations, servers, network devices).and resolution of risk and compliance issues with appropriate stakeholders including [business, security, legal, IT, and customers].
- Develop, implement, maintain, and oversee enforcement of policies, procedures, and associated plans for system security administration and user system access based on industry-standard best practices.
- Classify and valuate enterprise data assets.
- Select and deploy appropriate best practices governance frameworks, such as NIST.
- Participate in risk assessments for new technologies and projects and develop strategies for risk mitigation.
- Liaise with relevant parties to commission activities relating to contingency planning, business continuity management, and IT disaster recovery.
- Conducts internal security risk assessments and security compliance audits; coordinates third-party audits.
- Lead the escalation and resolution of risk and compliance issues with appropriate stakeholders including [business, security, legal, IT, and customers].
- Maintain up-to-date detailed knowledge of the IT security industry including awareness of new or revised security solutions, improved security processes, and the development of new attacks and threat vectors and related toolsets.
- Provide input for security requirements to be included in request for proposals (RFPs), statements of work (SOWs), and other procurement documents.
- Assess all City purchases that have security implications to ensure they support security and compliance mandates.
- Document security requirements and controls for protecting information, systems, and technology assets.
- Communicate current and emerging security threats to stakeholders.
- Develop and deliver risk awareness training for key staff and stakeholders.

Qualifications:

- University degree or College diploma in Computer Science or related field
- Certificate in IT or Cybersecurity related framework such as: ITIL, COBIT or NIST
- Project Management certification would be an asset.
- Minimum 7 years IT related experience
- Broad knowledge of firewalls, intrusion detection systems, anti-virus software, data encryption, and other industry-standard techniques and practices
- Experienced with penetration testing and techniques.
- Ability to identify and mitigate network vulnerabilities.
- Knowledge and applicable experience with different operating systems and security tactics
- Understand patch management.
- Experienced in installing security software and documenting security issues.
- Excellent analytical, conceptual, and critical thinking skills
- Excellent organizational skills with the ability to multi-task, manage time effectively, and handle tight deadlines.
- Excellent verbal and writt