Information Systems Security Analyst

at  National Research Council Canada

PRIORITY MAY BE GIVEN TO THE FOLLOWING DESIGNATED EMPLOYMENT EQUITY GROUPS: WOMEN, INDIGENOUS PEOPLES* (FIRST NATIONS, INUIT AND MÉTIS), PERSONS WITH DISABILITIES AND RACIALIZED PERSONS*.

• The Employment Equity Act, which is under review, uses the terminology Aboriginal peoples and visible minorities.
  Candidates are asked to self-declare when applying to this hiring process.
  City: Ottawa
  Organizational Unit: Security Branch
  Classification: CS-3
  Tenure: Continuing
  Language Requirements: English
  Work Arrangements: Due to the nature of the work and operational requirements, this position is eligible for a hybrid work arrangement (combination of working onsite and telework). Employees in this position who telework will be required to travel to the identified work site at least three times per week at their own expense.
  We recognize that Indigenous candidates may have important connections to their communities. If you are an Indigenous candidate, you may be eligible for an exception to this work arrangement. To learn more, please contact the hiring team, using the contact information below.
  Note: Assignments and secondments may be considered according to NRC’s policies.

EDUCATION

Post-secondary education and completion of a 2 or 3 year certificate/diploma program in computer systems applications, information systems and associated information protection and security applications; or equivalent, plus CISSP.
For information on certificates and diplomas issued abroad, please see Degree equivalency

EXPERIENCE

• Experience in collating incident and other security data to produce Briefing Notes and Forensic Reports.
• Experience in project management and project leadership.
• Experience investigating and analyzing serious security incidents.
• Experience in providing advice and assistance to individuals at many levels of technical knowledge and administrative responsibility.
• Experience evaluating and advising on security impacts.
• Experience reviewing and conducting vulnerability assessments on accounts, systems and interface devices.
• Experience in presenting to various large audiences, with different levels of knowledge (both technical and non-technical).

LANGUAGE REQUIREMENTS

English
Information on language requirements and self-assessment tests

We are looking for an Information Systems Security Analyst to support our Security Branch. The Information Systems Security Analyst would be someone who shares our core values of Integrity, Excellence, Respect and Creativity.
The Information Systems Security Analyst is responsible for providing information protection and IT security services in support of NRC’s strategic objectives.
Provision of IT security operations such as, but no limited to, evaluating and advising on the security impact of any changes to NRC’s IT and network infrastructure, responding to and, where appropriate, resolving or escalating reported security incidents, acting as a “clearinghouse” for threat and vulnerability information within NRC, by monitoring sources of threat and vulnerability data and sharing that data with IT staff across NRC.
The Information Systems Security Analyst acts as the IT security subject matter expert on IT projects in collaboration with corporate IT/IM service providers to ensure that security issues are addressed throughout the project lifecycle.
Performs and provides technical support to the Risk Management team by correcting system deficiencies and maintaining a good understanding of the overall security posture of the organization.
Provide Technical Information Systems support to Shared Services Canada functions such as email, directory services, desktop mitigation tools/services, antivirus applications, and vulnerability analysis.
The Information Systems Security Analyst will support Security Branch’s administration investigation function including seizure and storage of evidence and digital forensics.
The work requires continuous study of network and IT security processes, systems and software, to remain aware of new features and requirements. It also requires regular and ongoing study of trends and developments in the IT field in general, and the IT security field in particular.