Senior Security Analyst

one year salaried contract 94K-110K 3 weeks vacation 35 hr /week can opt in to pension contribution net new role -team expanding 3 x on site GTA two interviews - both onsite second round there is an assignment/presentation given ahead of time Mandatory: NEED ALL FOUR MANFATORIES as admin not USER only? PCI Splunk Crowd Strike Checkpoint Above as administrator, not user only Position Title: Security Analyst Reports To: Associate Director, Information Management RESPONSIBILITIES • Threat Monitoring: Continuously monitor network traffic, security alerts, and system logs to identify potential security incidents and vulnerabilities, with a focus on cardholder data protection. • PCI-DSS Compliance: Ensure adherence to PCI-DSS requirements, including maintaining compliance with all relevant standards and controls for handling and protecting cardholder data. • Incident Response: Respond promptly to security breaches or attacks, including investigating and analyzing incidents involving cardholder data, and implementing corrective measures to address any PCI-DSS violations. • Risk Assessment: Conduct regular risk assessments and security audits with a focus on PCI-DSS compliance to identify potential threats and vulnerabilities and recommend mitigation strategies. • Security Measures: Develop, implement, and enforce security policies, procedures, and best practices to enhance overall security and ensure PCI-DSS compliance. • Vulnerability Management: Perform regular vulnerability scans and assessments, addressing identified weaknesses in systems and applications, and ensuring compliance with PCI-DSS requirements. • Compliance Monitoring: Monitor compliance with PCI-DSS controls and procedures, including data encryption, access control, and network security measures. • Documentation: Maintain detailed records of PCI-DSS compliance activities, security incidents, investigations, and responses, and prepare reports for management and regulatory bodies. • Security Awareness: Educate and train staff on PCI-DSS requirements, security best practices, and organizational policies to promote a culture of security awareness and compliance. • Collaboration: Work closely with IT, development, and management teams to integrate PCI-DSS requirements into system designs and operational procedures. • Tool Management: Utilize and manage security tools and technologies, including firewalls, intrusion detection systems, and encryption software, to safeguard the organization's digital assets in compliance with PCI-DSS. • Engage with QSA: Collaborate with Qualified Security Assessors (QSAs) to ensure compliance with PCI-DSS standards, prepare for formal assessments, and address any identified gaps or recommendations. QUALIFICATIONS: • Bachelor's degree in computer science, Information Security, or a related field. • Relevant certification (e.g., CISSP, CEH, CompTIA Security+, PCI Professional) are considered an asset. • Minimum 5 years of experience in an Information Security role. • Minimum 5 years of experience with administration of various security products such as Palo Alto, CrowdStrike, Cisco ASA and Checkpoint, Microsoft Defender, Microsoft Purview and Symantec endpoint protection, Qualys and Tenable network and web application scanner, CIS benchmarks. • Demonstrated knowledge of and/or familiarity with standards and frameworks such as PCI-DDS, ITIL, COBIT, ISO/IEC 31000 series, ISO/IEC 27000 series, SOC 2. • Demonstrated experience in undertaking security threat and risk assessment using an industry recognized framework equivalent to the Harmonized Threat and Risk Assessment methodology. • Proven experience with LogRhythm or Splunk solutions. • Previous experience conducting IT audits considered an asset. • Threat Risk Vulnerability Assessment (TRVA) training. • Knowledge of current network, operating systems, hardware, protocols, and standards. • Excellent analytical skills • Demonstrated ability in solving I.T. issues, problems and possessing a sense of urgency. • Demonstrated integrity in dealing with information and issues of a highly confidential and sensitive nature.