Position Title: Senior Cybersecurity Analyst
Location: Toronto
Duration: Permanent
Type: Hybrid (3 days onsite)

POSITION SUMMARY
We are looking for a highly skilled and motivated Senior Cybersecurity Analyst to safeguard the organization's digital assets and improve its security posture. The ideal candidate will have expertise in identifying, analyzing, and mitigating advanced threats and vulnerabilities, while working closely with internal and external stakeholders to implement cutting-edge security solutions.

KEY RESPONSIBILITIES:

• Identify Threats:
  Identify, evaluate, and report on advanced cybersecurity threats and vulnerabilities across the organization's IT systems. Conduct vulnerability assessments and collaborate with development teams to integrate security controls into application development and procurement processes.

• Monitor Security:
  Oversee the monitoring of vulnerability metrics and ensure the delivery of detailed security reports and dashboards. Enhance the Proactive Threat Management program and maintain a high standard of security monitoring.
• Reporting:
  Analyze key cybersecurity metrics and produce comprehensive security reports for senior management, highlighting residual risks, vulnerabilities, and security exposures. Lead incident response activities and provide reports on identified threats and mitigation measures.
• Vendor Management:
  Perform security risk assessments of third-party vendors, ensuring alignment with business priorities. Partner with internal teams such as Finance, Legal, and Security to manage vendor risks and ensure compliance with security standards.
• Project Management:
  Support internal and external audits, assist in the design and implementation of security controls, and oversee system vulnerability assessments. Provide security guidance on system configurations and new technologies. Develop and maintain the organizations Cyber Security Program in alignment with organizational goals.
• Technology Research:
  Conduct security research to stay informed about the latest threat landscapes and emerging security technologies. Lead initiatives to assess and implement new security solutions to improve the organizations cybersecurity infrastructure.

QUALIFICATIONS:

• 6-10 years of experience in an IT security function, particularly in risk management and security compliance frameworks.
• Bachelors degree in Information Systems or a related field.
• Strong analytical skills for identifying security threats and implementing appropriate controls.
• Experience with ITIL, NIST, or similar best practices for IT Service Management.
• Expertise in Enterprise Cybersecurity, Networks, Systems & Cloud Architectures, and Vulnerability Management.
• Relevant certifications such as CISSP, CISM, or CEH are preferred.
• Familiarity with incident response lifecycle and frameworks like MITRE ATT&CK.

MUST HAVES:

• Hands-on experience with cybersecurity frameworks such as ISO 27001, NIST, and other risk management standards.
• Strong communication and problem-solving skills, with the ability to manage multiple projects simultaneously.
• Expertise in vendor management and incident response.
• Nice to have: Experience with Azure and Microsoft 365 Cloud Security Architectures.

FSIN