Information Security Analyst

Position Title: Information Security Analyst

Department: Information Technology

Location: Toronto

Employment Type: Contract 12 months

Working Arrangement: Full-time, Hybrid

About Us

As a self-regulatory organization, the Canadian Investment Regulatory Organization (CIRO) is committed to setting high regulatory standards for the investment industry, safeguarding investors, and supporting the integrity of Canada's capital markets. Join a growing team and contribute to the dynamic and complex world of Canadian capital markets.

About this Opportunity

The Information Security Analyst will implement the information security program initiatives, administer information security systems, and assist with monitoring information security policy compliance. The Analyst along with the Information Security team will be developing the information security maturity of the organization as well as performing operational activities on implemented information security controls to ensure information security policies are being followed. The role will be responsible for various activities to build information security including developing appropriate documentation, building awareness, implementing technologies, and identifying information security weaknesses with the objective of protecting of CIRO information assets.

Core Responsibilities:

• Work with the Information Security team, businesses, vendors, and IT teams to ensure that corporate policies and procedures are being understood and followed

• Write procedures and technical standards to meet corporate policies and industry best practices

• Evolve corporate security policies and procedures to stay aligned with the security industry best practices

• Develop and improve internal processes to manage information security corporate wide

• Lead initiatives related to the remediation of security weaknesses or information security solution implementation while working with corporate wide businesses, vendors, and the IT team as needed

• Review technical configurations from various operating systems and security solutions (Windows, Linux, AD, VMware, IDS/IPS, FIM, SIEM, WAF, AV, endpoint encryption, etc.) to determine/enhance the parameters to meet industry-accepted hardening standards such as NIST, CIS, SANS, etc.

• Review security reports from various security technologies (vulnerability assessment reports, cyber security reports, audit reports, access privileges, etc.) to identify violations, intrusion attempts, or security weaknesses

• Provide recommendations and guide development and operations team to address security weaknesses and identify potential new security solutions

• Monitor the information security industry and be proactive with implementing appropriate information protection controls to mitigate risks on the latest types of vulnerabilities

• Conduct security product research and assess their appropriateness for the organization

• Produce report and presentation deliverables with attention on content as well as format

• Perform security incident investigations and document findings/root causes

What You Bring

Must-haves

• Post-secondary degree or equivalent education in computer science, computer engineering, or similar studies

• Information security certifications such as CISSP, GIAC, CRISC, etc.

• Previous experience of 4-6 years specifically in the information security industry preferred

• Working knowledge of industry security standards such as ISO27001/ISO27002, NIST, etc.

• Demonstrated experience working with security technologies

• Demonstrated experience with implementing internal processes to manage information security initiatives

• Working knowledge of network architecture with multiple layers of defense

• Working knowledge of application security vulnerabilities

Nice to Haves

• High attention to details and accuracy

• Results driven

• Self-motivated and able to work unsupervised

• Ability to take projects to completion from beginning to end

• Strong written and oral communication skills

• Strong analytical and problem-solving abilities with keen attention to detail

• Experience working in a team-oriented, collaborative environment

• Strong aptitude for learning

What we offer:

• Competitive total rewards program including performance-based bonus *

• Hybrid work environment

• Employer paid Health Benefits and Spending Account that offer flexibility to meet your individual or family needs as of day one*

• Defined Contribution Pension Plan with company matching that starts on your first day of employment*

• Paid flex days and wellness days*

• Maternity and Parental Leave top up *

• Paid continuous learning and continuing development including designations*

• • Asterisked offerings are not applicable to contracts

Why the Canadian Investment Regulatory Organization (CIRO):

Culture and Working Environment:

Life at CIRO is purpose and performance - driven. We foster an inclusive culture where teamwork, a forward-thinking attitude, and integrity are at the core of everything we do. This creates an environment where employees thrive, grow, and are empowered to learn and contribute their best.

Joining CIRO means becoming part of a dynamic and transparent organization that values accountability and is committed to maintaining the highest standards of regulatory oversight in the financial industry.

Our Commitment

CIRO is an equal opportunity employer and is committed to providing employment accommodation in accordance with the Ontario Human Rights Code and the Accessibility for Ontarians with Disabilities Act, 2005 (AODA). CIRO will provide accommodation to job applicants with disabilities throughout the recruitment process. Should you require accommodation, please contact Human Resources.

We are committed to creating an inclusive and barrier-free recruitment and selection process across Canada. We welcome applications from all qualified individuals and are dedicated to providing accommodations upon request for candidates participating in all aspects of the recruitment process, in accordance with applicable human rights and accessibility legislation.

Our Recruitment Process

• This posting reflects an active vacancy on our team

• We use automated (AI) tools to assist with candidate sourcing and communications. Applications are reviewed by our hiring team and hiring decisions are made by people.

• This role has a hiring range of $77,647 - $95,917 with the placement and offered salary being based on knowledge, skills, education/training and experience, as well as external market conditions and internal equity.

While we appreciate receiving applications, only those applicants who closely meet the position requirements will be contacted. #LI-HYBRID #hiring