Information Security Analyst Advisory

Requisition ID: 154849

Join a purpose driven winning team, committed to results, in an inclusive and high-performing culture.

**The Team**

Today’s organizations' rising attack surface area means that more data requires to be monitored to gain the necessary visibility. On top of this, remote work, and fast-moving anomaly-based attacks have made automated response a huger priority. Information Security Analysts are responsible for improving the overall security posture of the organization. They evaluate, test and document security solutions and controls, and work closely with other security team members to remediate risk while ensuring the business is able to innovate. Information Security Analysts must continually adapt to stay a step ahead of cyber attackers and stay up to date on the latest methods attackers use to infiltrate computer systems. Analysts in this role are expected to consistently learn and grow. This is not a passive career opportunity, but rather one that requires a passion for security and rigor to protect the business. Information security analysts collaborate with internal and external audit and exam teams, along with technology management and business stakeholders.

**The Role**

Reporting to the Senior Manager (Security Research), the role contributes to the overall success of the Information Security & Control (IS&C) team by delivering specific information security research goals, in support of Scotiabank Group’s Information Security strategies and objectives.

The Security Research team performs research, analysis, assessments and Proof of Concepts which allow for educated decisions in support of information and cyber security objectives - within the context of Bank’s overall business objectives. The incumbent is expected to be capable of obtaining a solid understanding of the Bank's information technology, including operations, hardware, software, telecommunications, cryptography, biometrics etc. The Senior Information Security Analyst (Security Research) must be able to perform research evaluations to gain an understanding of very complex and new security technologies and their applicability to the Bank. This requires the ability to acquire both a broad technical knowledge, and a grasp of business and technical implications of existing and new security technologies. Minimum of 2 years of practical experience in Information Security is a pre-requisite.

**Do you have the skills required for the Role?**
- Perform the research and evaluation of emerging and breakthrough security technologies through analysis, developing and updating documentation, writing and executing test cases and producing completion reports (e.g., technology briefings, white papers, functional evaluations, etc.) in line with Bank’s research and security requirements.
- Execute and manage PoCs, PoVs, Production or Non-production Pilots for a variety of security technologies, products and/or services (e.g., Identity & Access Management (I&AM), Cloud security, container security, Intrusion Prevention Systems (IPS), etc.), in partnership with various IS&C and across the Bank’s stakeholders.
- Participate in security technical projects by managing projects in its entirety (project ownership) or by performing a supporting role in new and/or existing IS&C and across the Bank’s engagements.
- Provide a high-quality service by consistently understanding our client's needs and providing security solutions that meet or exceed expectations, while at the same time ensuring that the Bank's information and systems continue to be protected.
- Continuously acquire, consolidate and analyze information security information from various sources; maintain an awareness of existing and new security technologies and industry trends; assess the potential impact to the Bank's current and future Information Technology and Information Security initiatives and operational processes. Information Security Analyst Advisory
- Provide support in addressing audit (findings) requests to adhere to regulatory compliance.

**Must Haves**:

- At least 3 years of information security or computing systems experience.
- At least 2 years of experience with Cloud security, container security, Intrusion Detection/Prevention Systems (IDPS), authentication, Enterprise Detection & Response (ED&R), incident response, security administration, operations and end-user consoles (and related.
- Ability to effectively communicate business risk as it relates to information security.
- Knowledge of risk assessments that protect the business and adhere with compliance and privacy laws.
- At least 2 years’ experience of computing platforms including Windows, OSX, Unix (Linux), networks and endpoints.
- Understanding of vulnerability and penetration testing.
- Experience with project management.
- Ability to effectively communicate business risks as it relates to Information Security.
- Good organizational and time management skills to be able to effectivel