Information Security Analyst

**Description**

**Job Title: Information Security Analyst**
**Location: Mississauga, ON (Hybrid)**
**Reports To: Manager, IT Cyber and Information Security**

Just Energy and its subsidiaries are an equal opportunity employer. We are committed to building a workforce that reflects the communities we serve and to promote a diverse, inclusive, accessible, merit-based, respectful, and equitable workplace. We invite all interested individuals to apply.

**Who is Just Energy?**

**Job Summary**
As the Information Security Analyst, reporting to the Manager, IT Cyber and Information Security, you will foster strong relationships with business partners, including IT, internal audit, SOC vendors, and other compliance and risk stakeholders within Just Energy. In your capacity, you will effectively position your team to understand, articulate, and influence the IT Risk and Compliance (ITRC) strategy, plans, results, issues, and outcomes. As a project leader, you will frequently communicate with executives to represent and discuss IT risks and compliance positions, including consultation with the Manager of IT Cyber and IS. You will also lead efforts to govern, communicate, and educate staff on the adherence to risk and compliance policies, standards, processes, and procedures.

You will lead in a highly complex, fast-paced matrixed environment, with tight deliverable timeframes and multiple internal and external stakeholders to IT. We expect you to act independently and demonstrate strong initiative, influence outcomes, minimize and address conflicts, and demonstrate an in-depth understanding of risk management activities and business risks and control environments.

**Key Responsibilities**
- Identification of Information Security issues.
- Participate in the development of security architecture solutions.
- Monitor emerging security threats, along with evaluate and recommend mitigation strategies.
- Maintain necessary documentation to support security strategy by outlining the requirements and benefits of specific security tools and/or solutions.
- Document and communicate security incidents, vulnerabilities, and the current state of the system.
- Facilitate security risk management activities, advise on threats, vulnerabilities, and mitigation strategies
- Daily Scanning, Implementing, and maintaining information security tools and documentation
- Provide support to internal teams with security concerns
- Responsible for spam prevention and monthly vulnerability Scanning
- Responsible for updating Blocklists and Allow lists for our various in-house rules.
- Working with 3rd party companies to resolve spam complaints, and backlisting.
- Supporting the annual external audit
- Perform other duties as assigned
- Monitor information security requirements, policies, and compliance
- Document and communicate security incidents, vulnerabilities, and the current state of the system.
- Facilitate security risk management activities, advise on threats, vulnerabilities, and mitigation strategies
- Daily Scanning, Implementing, and maintaining information security tools and documentation
- Provide support to internal teams with security concerns and with security incident response
- Responsible for Spam Prevention and monthly vulnerability Scanning
- Responsible for updating block lists and allowing lists for our various in-house rules.
- Working with 3rd party companies to resolve spam complaints and black listings.
- Supporting the annual external audit
- Perform other duties as assigned
- Qualifications
- 2+ years of experience in Information Security, Cybersecurity, and advanced threat protection
- 2+ years of experience with Data Discovery and Data Classification strategies
- BA or BS degree in CS or IT preferred Computer Science or Engineering or related field.
- Experience with computer network penetration testing and techniques.
- Understanding of patch management with the ability to deploy patches promptly while understanding business impact.
- Working knowledge of the following IT Compliance, Standards, and Frameworks:

- National Institute of Standards and Technology (NIST) Security Standard
- Cybersecurity and Information Security
- Payment Card Industry Data Security Standard (PCI-DSS) requirement.
- Open Web Application Security Project (OWSAP) Top Ten Vulnerabilities
- Common Vulnerabilities and Exposures/Weaknesses
- ISACA -COBIT for Information Security
- Microsoft Windows Server/Workstation administration and security
- Application and Network Penetration Testing with one or more of these products (Rapid7, Veracode, Qualys Guard, Burp Suite, etc.)
- Administration/Security of Cisco Routers/Switches and other WAN/LAN/WLAN/VPN/Firewall Technologies
- Mcafee ePO, Solidcore, DLP (Devicelock), FIM (Cimtrak), DAM (Imperva), SIEM (Arcsight), and endpoint security management
- Working experience with the following tools - IDPS, MITRE, SIEM, SOAP, WS Security, PowerShell & Bash, and Python scripting

**Professional Ce