Description
Information Security Analyst
Job Title: Information Security Analyst
Company: Direct IT Recruiting Inc.
Location: Toronto, Ontario
Status: 6 Month Contract
Job Category: Information Security
Career Level: Intermediate to Senior
Work Experience: 5+ years information security, SSCP Systems Security Certified Practitioner, AS400, AD Active Directory, DLP data loss prevention, user access provisioning
Industry: Financial
DESCRIPTION:
The Information Security Analyst is responsible for provisioning/de-provisioning access to applications/systems, and ensures regular user access review/attestation across the enterprise.
The Information Security Analyst administers access to the Data Loss Prevention (DLP) and URL filtering application, and provides ongoing DLP reporting.
The Information Security Analyst administers changes to anti-malware and database monitoring software.
RESPONSIBILITIES:
- Accountable for effectively provisioning and de-provisioning user access across multiple applications and systems including: Active Directory, AS400 and VPN(RSA).
- AS400 provisioning experience is a must.
- Assists in administering the DLP software (DLP policies, and URL filtering), anti-malware and database monitoring software
- Accountable for ensuring user access attestation for systems and applications administered by the Information Security Operations team, is performed across the enterprise
- Responsible for investigating and reporting on suspected security access violations
- Participates in the development and implementation of information security standards, procedures, and guidelines for user access provisioning, de-provisioning and attestation
- Develops, recommends and implements enhancements to the Information Security Operation provisioning, de-provisioning and attestation processes/practices
- Informs management of any exposures or potential exposures related to user access, and DLP, and makes appropriate recommendations for mitigating the exposure and business impact
- Responsible for assurance that access rights are provisioning and de-provisioning according to agreed upon standards
- troubleshooting decision making to resolve problems in the most appropriate manner
- Configuration and technical procedure changes
- Timely execution of issues
- Changes to processes under management direction
- Has the ability to independently operate a portfolio of technologies, activities within set guidelines, goals, objectives and boundaries set by the Information Security leadership or defined in Information Security processes, practices or policies. Errors could have significant impact including information losses, significant delays, reworks, or lost opportunities.
- Required to effectively communicate technical details to colleagues and customers
ACCOUNTABILITY:
- Builds strong relationships with stakeholders and demonstrates effective partnership throughout the Enterprise Operations Division
- Maintains good working knowledge and expertise related to user access provisioning and de-provisioning practices
- Plans work assignments and projects that may have an effect on others work and/or service areas
- Coordination with others within and outside own area
- Influences changes to schedules or timelines within the overall project timelines and priorities of a project
- Accountable for technical activities performed
- Accountable for proactive management of assigned systems
SKILLS:
- 5 + years of progressive technical information security experience in user access provisioning and de-provisioning software, applications and Microsoft Active Directory, on an enterprise-wide basis
- Practical experience in user access provisioning and de-provisioning on AS400 systems
- Computer Science degree or equivalent working experience
- Information Security Designations such as Systems Security Certified Practitioner (SSCP) designation
- Strong knowledge and expertise related to user access provisioning and de-provisioning
- Working knowledge of Microsoft Active Directory
- Proficient in critical thinking, problem solving, planning and organizing
- Strong interpersonal, negotiation and conflict management skills
- Strong organizational skills to co-ordinate and manage priorities and deadline.
- Strong communication skills, both verbal and written, are required to work with individuals throughout the Enterprise Operations Division at various levels
- Excellent working knowledge of Identity and Access Management software.