Cybersecurity Analyst

at  GieseckeDevrient

JOB SUMMARY

The position is responsible for ensuring that G+D Canada (Markham and Dorval) complies with all applicable industry, client and company Information Security requirements, policies, and procedures. The Cybersecurity Analyst will collaborate with other members of the local Security department, with all other colleagues at G+D Canada and colleagues within various regions and Munich head office.

QUALIFICATIONS, EXPERIENCE AND EDUCATIONAL REQUIREMENTS

Work Experience:

• One or more relevant industry certifications – e.g., CISSP, CISA, CRISC, CEH.
• Experience in the administration of Information Technology infrastructures such as servers and firewalls
• Experience in performing vulnerability assessments using Qualys Cloud Platform
• Strong Microsoft Office skills, including Excel, Word, PowerPoint, and Visio
• Strong English communication skills required (written and verbal) with French an asset.

SKILLS AND COMPETENCIES:

• Previous experience with vulnerability scanning tools.
• Proficient with Excel, Word, PowerPoint, and Acrobat Adobe Pro
• Excellent investigation and communication skills
• Ability to clearly capture and articulate details for reporting.
• Open to constructive feedback and structure performance management

EDUCATION:

• Minimum 2 yrs. post-secondary education (e.g., Community College) in the field of Information Technology or Information Security and/or five years’ experience in an Information Security role

PHYSICAL REQUIREMENTS

• Significant amount of walking throughout facilities

PRIMARY RESPONSIBILITIES

• Ensure that the company’s Information Security controls are relevant, properly documented and maintained for ongoing recertification and governance activities with a primary focus on Payment Card Industry Card Production and Provisioning (PCI CPP) Logical Security Requirements, G+D guidelines and policies and the security requirements of G+D’s clients. Ensure the business maintains appropriate, demonstrable, auditable, and coordinated security procedures and practices that are compliant with related laws, regulations, policies, and professional standards.
• Coordinate external audits, including the completion of security questionnaires and related pre-audit and post-audit activities. Manage the maintenance of facility security certifications and related compliance and governance activities. Maintain G+D Canada’s Security Risk Register, tracking security requirements and nonconformances while working with the appropriate stakeholders to track progress and close audit findings.
• Perform internal network vulnerability scanning, including wireless scanning, in accordance with payment industry and G+D requirements. Monitor and review firewall configurations to ensure ongoing compliance with network architecture and change management security requirements.
• Perform internal Information Security audits utilizing G+D’s assessment and risk reporting methodology. In a collaborative manner, assist the managers and supervisors of affected departments regarding security concerns and opportunities for continual improvement.
• Monitor and investigate the output of SIEM and DLP systems and develop local reports as necessary to keep management apprised of information security threats and active attacks, incident response and follow-up activities. Provide constructive feedback to the global SIEM team to support their efforts in producing effective and accurate alerting and reporting.
• Plan and coordinate the external penetration test, vulnerability assessment and internal scan process, including remediation tracking and reporting as required.
• Perform Information Security investigations as required. Serve as primary Information Security Investigator. Assist local Head of Security and other management in performing internal investigations pertaining to discrepancies and other breaches of security, including identifying root causes, necessary remediation, and any other opportunities for improvement.
• Maintain and administer the Physical Access Control System, CCTV and DVR / NVR systems ensuring that the systems are functional and patched. Update / create documented procedures for the infrastructure as required to support compliance requirements and end-users.
• Actively contribute to the preparation and delivery of Security Awareness and Privacy Training and other Security-related communication and awareness programs.
• The Cybersecurity Analyst will perform Risk Assessments as required for existing lines of business, new products, and services and when required for special projects. The Cybersecurity Analyst serves as a local Information Security Subject Matter Expert (SME) and consultant to the business.

SECONDARY RESPONSIBILITIES

• Act as a backup to the Security Auditor position in performing tasks such as:
• Respond to emergency situations and alarms.
• Employee and vendor security screening
• New hire processing
• CCTV Reviews
• Secure destruction escorting
• Access card replacements