JOB SUMMARY

As the Information Security Analyst, reporting to the Manager, IT Cyber and Information Security, you will foster strong relationships with business partners, including IT, internal audit, SOC vendors, and other compliance and risk stakeholders within Just Energy. In your capacity, you will effectively position your team to understand, articulate, and influence the IT Risk and Compliance (ITRC) strategy, plans, results, issues, and outcomes. As a project leader, you will frequently communicate with executives to represent and discuss IT risks and compliance positions, including consultation with the Manager of IT Cyber and IS. You will also lead efforts to govern, communicate, and educate staff on the adherence to risk and compliance policies, standards, processes, and procedures.
You will lead in a highly complex, fast-paced matrixed environment, with tight deliverable timeframes and multiple internal and external stakeholders to IT. We expect you to act independently and demonstrate strong initiative, influence outcomes, minimize and address conflicts, and demonstrate an in-depth understanding of risk management activities and business risks and control environments.
The role requires a sense of urgency, passion for results, and personal accountability for achievement. The successful candidate must possess expertise in process, technology, and business acumen, along with strategic and innovative thinking and an unwavering focus on security and our customers. Your strong leadership and relationship skills, resilience, and ability to effectively communicate will be vital in driving results the right way in our entrepreneurial environment.

QUALIFICATIONS

• 2+ years of experience in Information Security, Cybersecurity, and advanced threat protection
• 2+ years of experience with Data Discovery and Data Classification strategies
• BA or BS degree in CS or IT preferred Computer Science or Engineering or related field.
• Experience in information security covering, Infrastructure, Web applications, software development, cloud, System, and Network Operating systems.
• Experience with computer network penetration testing and techniques.
• Ability to identify and mitigate network, web application, and software development vulnerabilities and explain how to avoid them.
• Understanding of patch management with the ability to deploy patches promptly while understanding business impact.
• Working knowledge of the following IT Compliance, Standards, and Frameworks:
  o National Institute of Standards and Technology (NIST) Security Standard
  o Cybersecurity and Information Security
  o Payment Card Industry Data Security Standard (PCI-DSS) requirement.
  o Open Web Application Security Project (OWSAP) Top Ten Vulnerabilities
  o Common Vulnerabilities and Exposures/Weaknesses
  o ISACA -COBIT for Information Security
  o Microsoft Windows Server/Workstation administration and security
  o Application and Network Penetration Testing with one or more of these products (Rapid7, Veracode, Qualys Guard, Burp Suite, etc.)
  o Administration/Security of Cisco Routers/Switches and other WAN/LAN/WLAN/VPN/Firewall Technologies
  o Mcafee ePO, Solidcore, DLP (Devicelock), FIM (Cimtrak), DAM (Imperva), SIEM (Arcsight), and endpoint security management
  o Working experience with the following tools – IDPS, MITRE, SIEM, SOAP, WS Security, PowerShell & Bash, and Python scripting

UNDERSTANDING KNOWLEDGE OF THE FOLLOWING STANDARDS AND FRAMEWORKS WILL BE AN ADVANTAGE.

• Knowledge of Microsoft O/S, Identity Management and AD, Azure AD, ADFS
• Good understanding of Network equipment, O/S, and configuration. Cisco IOS, NX-OS, PaloAlto Firewalls, Meraki
• Working knowledge of IT standards – ISO27001 and ITIL, Framework -, NIST, OWSAP
• Knowledge of routing protocols (OSPF, BGP, IGRP/EIGRP) and MPLS.
• Fundamental knowledge of IP-based applications, experience with security threats and security tools to mitigate the impacts of those threats preferred.

• Identification of Information Security issues.
• Participate in the development of security architecture solutions.
• Monitor emerging security threats, along with evaluate and recommend mitigation strategies.
• Maintain necessary documentation to support security strategy by outlining the requirements and benefits of specific security tools and/or solutions.
• Document and communicate security incidents, vulnerabilities, and the current state of the system.
• Facilitate security risk management activities, advise on threats, vulnerabilities, and mitigation strategies
• Daily Scanning, Implementing, and maintaining information security tools and documentation
• Provide support to internal teams with security concerns
• Responsible for spam prevention and monthly vulnerability Scanning
• Responsible for updating Blocklists and Allow lists for our various in-house rules.
• Working with 3rd party companies to resolve spam complaints, and backlisting.
• Supporting the annual external audit
• Perform other duties as assigned
• Monitor information security requirements, policies, and compliance
• Document and communicate security incidents, vulnerabilities, and the current state of the system.
• Facilitate security risk management activities, advise on threats, vulnerabilities, and mitigation strategies
• Daily Scanning, Implementing, and maintaining information security tools and documentation
• Provide support to internal teams with security concerns and with security incident response
• Responsible for Spam Prevention and monthly vulnerability Scanning
• Responsible for updating block lists and allowing lists for our various in-house rules.
• Working with 3rd party companies to resolve spam complaints and blacklistings.
• Supporting the annual external audit
• Perform other duties as assigned