Security Analyst

About the Role The Analyst plays a vital role in assessing our customer’s Risks, Gaps, Vulnerabilities and Maturity. Under direction of the Service Lead and Vice President, Services, ISA’s Analysts undertake projects on an ad hoc basis or via a MSSP Retainer following the defined ISA methodologies, approaches and leveraging our templates/tooling. This individual will work to identify and correct flaws in the customer’s security systems, solutions, and programs while recommending specific measures that can improve the company’s overall security posture. Typical exercises include cybersecurity and AI Threat and Risk Assessments, Privacy Impact Assessments, Gap Assessments, Maturity Assessments, Development of Policies and Standards among other ISA Offerings About Us ISA Cybersecurityis a proudly Canadiancyberand AIservices and solutions provider. Trusted by over 500 clients from SMB to global enterprise, we empower organizations to safeguard their most critical assetsand adopt AI securely. Through our highly customizable Cyber 360and AI 360offerings, we deliver a comprehensive range of governance, assurance,engineeringprotection, detection,and response services for the public and private sectors. Backed by over three decadesof operational experienceand a vast network of highly specialized andcertified experts, weleveragecutting-edgetechnologies and AI to ensure that clients achieve their privacy,security, and businessgoals. Responsibilities - Assess customer risks, gaps, vulnerabilities, and security maturity across people, processes, and technology - Deliver security projects and MSSP engagements with moderate independence, following ISA methodologies, templates, and tooling - Conduct security assessments including Threat and Risk Assessments (TRA), Privacy Impact Assessments, Gap Assessments, and Maturity Assessments - Analyze findings to identify weaknesses in client security controls and recommend practical, risk-based improvements - Contribute to the development and maintenance of security policies, standards, methodologies and governance documentation - Execute assigned project and MSSP deliverables to meet quality standards, timelines, and client expectations - Apply governance strategies and service frameworks established by the Vice President, Services to ensure consistent service delivery - Follow project plans managed by internal project and program managers, escalating risks or scope concerns as required - Assist with the maintenance and management of any tools and technologies to be used to support the client - Collaborate with client project managers and technical teams to support successful project outcomes - Support MSSP operations by assisting the CIOC with engineering tickets and service requests when required - Deliver knowledge transfer and training to clients and internal team members on tools, methodologies, and security practices - Create and maintain accurate procedural documentation for security projects and MSSP services in collaboration with Service Leads Qualifications - Minimum of five years’ experience delivering security assessments, including Threat and Risk Assessments (TRA), Gap Assessments, Maturity Assessments, and Privacy Impact Assessments, as well as related services such as policy and standards development and risk management implementation - Degree in IT, Computer Science, Cybersecurity, or a related field - Strong understanding of industry frameworks such as ISO 27001/2, NIST CSF, CIS Top 18, and Privacy by Design - Thorough knowledge of current security threats, attacker techniques, and threat modeling frameworks such as MITRE ATT&CK - Solid understanding of modern security principles, techniques, and protocols - Expert knowledge of TCP/IP, common network protocols, and standards - Exceptional analytical and problem-solving skills, with the ability to identify strategic issues and make informed decisions - Ability to manage multiple projects simultaneously, prioritize tasks, and meet deadlines in a high-volume environment - Strong organizational skills, attention to detail, and the ability to work independently - Excellent communication and influencing skills, with a proven ability to drive change and collaborate across teams - Ability to maintain deep knowledge of security and networking infrastructure, including management and reporting requirements - Hands‑on experience with security systems, including firewalls, intrusion detection/prevention systems, antivirus software, authentication systems, and content filtering - Experience with network security, networking technologies, and monitoring tools for systems, networks, and security - Vendor certifications in tools such as Metasploit, Tenable, Qualys, or Rapid7 - Desirable professional certifications: - Security+ (SEC+) - Certified Ethical Hacker (CEH) - Certified Information Security Manager (CISM) - GIAC Security Essentials (GSEC) - Certified Information Systems Security Professional (CISSP) Why Join Us? At ISA Cybersecurity we lead with our "Why". Our Why is to make people feel safe. This not only applies to the result of services that we provide to our clients, but how people feel when interacting with us. Whether you're an employee of ISA or a client we want you to feel safe and supported. Each one of our team members is expected to uphold this leadership quality and embrace it through consistent demonstration of our core values of Explore, Persevere, Adapt and Uplift. We are proud to offer a variety of employee friendly programs that enable our team to perform at their best. Highlights of our programs and policies include - Flexible sick and personal days for all employees - Generous health plan with enhanced mental health resources and programs - Professional development opportunities and education reimbursement up to $2,000 annually for all employees - Maternity and parental leave top-up - Employee referral bonus of $2,000 - Competitive salaries complemented with RRSP matching and bonus programs - Distance remote working policy - LinkedIn Learning access for all team members We also place great value on celebrating the contributions of all employees through the following service recognition programs - Service anniversary recognition and generous five‑year milestone service awards - President’s Club recognizing special achievement awards: Team Member of the Year for Sales, CIOC and Cyber Services, the Rich Uhrich Founder’s Award that is nominated on by all employees and four President’s Awards (Risk Taker, Lost Without You, Money Maker and On the Rise) - Spot rewards providing opportunities for instant peer recognition Information‑sharing and team‑building initiatives include - Annual kick‑off meeting to communicate our strategic priorities - Quarterly town hall meetings - Regular team get togethers and client events - Scheduled employee feedback surveys and goal‑setting focus groups Thank you for your interest in joining ISA Cybersecurity. Our team looks forward to reviewing your application. We will be reaching out to you directly if your experience matches our needs. Vacancy Status This posting is for an existing vacancy Salary Range: $90,200.00 – $129,800.00 AI Disclosure: ISA Cybersecurity does not currently use artificial intelligence tools as part of our recruitment process. Accessibility ISA Cybersecurity is committed to providing accommodations for applicants with disabilities. If you require specific accommodation because of a disability or medical need, please inform ISA’s Human Resources team (peopleoperations@e-isa.com) so arrangements can be made for appropriate accommodation to be in place during the recruitment process. #J-18808-Ljbffr