Senior IT Security Analyst - Risk / Compliance

at  Sleep Country

Company Description
At Sleep Country Canada/Dormez-vous? (SCC/DV), we are inspired every day through our purpose to transform lives by awakening Canadians to the power of sleep and our vision to champion sleep as the key to healthier and happier lives, helping everyone achieve better tomorrows through better tonight’s.
Guided by our values – We CARE About People; We WIN Together; We DREAM Big and We DELIVER with Excellence – we are building on our 30-year foundation of taking care of each other and our customers’ sleep needs, with passion and commitment to be the best that we can be. We invest in our sleep ecosystem, innovative products, world-class customer experience, our communities and diverse best-in-class team to be Canada’s leading sleep partner.
Job Description
The Senior Technical Security Analyst ensures that all in-scope day to day, and project activities are properly defined; effectively managed; deliver the expected results; and meet SCC standards and policies, and that documentation, deployment, and testing is performed according to professional industry standards.

QUALIFICATIONS

• 8+ years of work experience in Information Security or equivalent combination of transferrable experience and education through university or college degree in an IT related field.
• Proven leadership abilities including effective knowledge sharing, conflict resolution, facilitation of open discussions, fairness and displaying appropriate levels of assertiveness.
• Proven ability to work under stress in emergencies with flexibility to handle multiple high-pressure situations simultaneously.
• Thorough knowledge and hands-on experience on Information security principles and framework (PCI, ISO, NIST, ZTNA, etc..).
• Thorough knowledge and hands-on experience in assessing and mitigating security controls and risk for on-prem infrastructure, Google Cloud and Azure.
• Thorough knowledge and hands-on experience in security incident investigation and resolution.
• Thorough knowledge and adequate experience on Microsoft security tools and processes.
• Adequate knowledge on technologies like: firewalls (Palo Alto), DNS, Cloudflare, Switches, Citrix, etc.
• Ability to communicate highly complex technical information clearly and articulately for all levels and audiences.
• Ability to manage tasks independently and take ownership of responsibilities
• Strong customer focus with ability to manage customer expectations and experience and build long-term relationships.
• Strong team-oriented interpersonal skills with the ability to interface with a broad range of people and roles including vendors and IT-business personnel.
• Ability to adapt to a rapidly changing environment
• High critical thinking skills to evaluate alternatives and present solutions that are consistent with business objectives and strategy.
• Thorough knowledge of patching and deployment technologies for windows platforms
• Strong technical knowledge of current systems, software, protocols and standards. Including TCP/IP and network administration/protocols
• Experience developing, documenting and maintaining procedures.
• Ability to learn from mistakes and apply constructive feedback to improve performance.
• Any one or more security certifications (CISSP, CISA, CEH, GIAC, SANS).
  Additional Information

• Lead the security compliance and design, implement and monitor controls to ensure adherence to PCI, ISO, NIST and other required company requirements.
• Lead and participate in assessment of technology risk, and to conduct security assessment and security audits.
• Assess information risk and facilitate remediation of identified vulnerabilities for IT security across the enterprise;
• Resolve security incidents in a timely and effective manner, ensuring minimal impact to the organization and learning from incidents to prevent future occurrences.
• Assist in design and execution of vulnerability assessments, penetration tests and threat assessments.
• Work with cross-functional teams to develop and implement incident response plans, including documenting procedures and conducting training exercises.
• Research, assess and provide gap analysis of the current processes leading to the completion of documenting current processes and identifying opportunities for process improvements.
• Evaluate internal and external environment for threats, changes, related to Information Security and perform the role as Information Security subject matter expert to ensure these are properly addressed and controlled.
• Ongoing management of the organization’s security awareness program; ensure that organizational processes adhere to regulatory compliance requirements.
• Conduct studies that evaluate, recommend, and implement security solutions to enhance core security capabilities in the areas of security infrastructure, access management, identity management, networking, databases, servers.
• Conduct research on emerging security threats and trends, and develop strategies to mitigate risks
• Provide reporting and data-driven insights on the organization’s security posture, including vulnerabilities, incidents, and remediation efforts to senior management.