Information Security Analyst

**Marketing Statement**:
A career at TransLink and our family of companies means working with people with a wide range of skills and perspectives, all teaming up towards a common goal: preserving and enhancing the region's world-envied quality of life. Together, we connect the region and enhance its livability by providing a sustainable transit and transportation network, embraced by our communities and people.

At TransLink we are dedicated to building a workforce that reflects the diversity of the communities in which we live. We’re committed to fostering an inclusive, equitable and accessible workplace, recognizing the unique value and skills every individual brings.

Looking for a great place to work where your contributions are valued and you can make a difference in a vibrant city? At TransLink, one of BC’s Top Employers, you'll help make Metro Vancouver a better place to live, built on transportation excellence. Put your future in motion

**Responsibilities**:
PRIMARY PURPOSE

KEY ACCOUNTABILITIES

Maintains operational configurations of all in-place security solutions as per the established baselines and operates them accordingly. Provides tactical technical advice and consultation to business unit clients and project teams and assistance with the adoption of Cyber Security technology.

Uses security testing tools to proactively assess day-to-day risks and vulnerabilities in the IT network by detecting intrusions or security incidents by continuously monitoring sources (e.g. devices, antivirus solutions, identifiers (IDs), etc.); escalates validated security incidents that exceed the predetermined threshold to the incident response team; formulating incident responses and containment strategies

Reviews information system change requests prior to implementation to identify new sources of risk or elevation in the severity of currently identified risks. Monitors security vendor supplied security patches on all production devices to ensure they contain the most current security data.

Assists in the transition of new cybersecurity systems and devices from project to operations. Maintains the enterprise’s security awareness training program.

Collects, analyzes, and reports security service performance metrics to understand the security status of information systems, including services obtained from external providers, and identifying appropriate actions for improvement. Manages systems access authorizations by investigating improper access, revoking access, reporting violations, monitoring information requests, and recommending improvements

Monitors and maintains security tracking tools and associated databases and prepares reports and presentations on metrics and risk trends. Assists in creating daily, weekly, and monthly operational reports. Conducts security, vulnerability, and risks assessments related to the information security of the systems, networks, and related administrative activities. Develops reports and recommends mitigation strategies where necessary.

Contributes actively as a core member of TransLink Cyber Incident Response Team. Engages in security research in keeping abreast of the latest security issues for Cloud security controls (including SAAS and IAAS). Participates in the development and implementation of annual cyber security awareness campaigns.

Provides guidance on TransLink corporate cybersecurity policies to its employees and contractors. Leads and participates in cybersecurity investigations and audits. Assists with developing, documenting, maintaining and reviewing TransLink IT security operational standards and guidelines as required and provides recommendations for improvements. Assists with establishing and maintaining security incident response plans and procedures.

**Qualifications**:
EDUCATION AND EXPERIENCE

The competencies for this position would be acquired through a Diploma in Computer Science with emphasis on computing and networking infrastructure, plus five (5) years of progressive experience information systems support which includes 2 years in information security administration in a large, complex, multi-disciplinary organization.

OTHER REQUIREMENTS

Strong knowledge in information security guidelines, concepts and technical security controls

Strong assessment and problem-solving skills, including the ability to research, analyze, and interpret data and information from a variety of disparate sources.

Strong knowledge of information security principles, IT risks, compliance and security frameworks (NIST, ISO 27001/2, PCI etc.)

Proven experience with CASB and Cloud based logging and SIEM solutions

Strong written and verbal communication skills

Strong technical and non-technical documentation skills with an orientation for detail

Strong interpersonal skills including conflict management and mentoring

Ability to build relationships in a consultative and collaborative manner

Sound planning, organization, and time management skills

**Othe