Position Scope

The Information Security Analyst is responsible for the development, implementation, delivery, and support of the corporate cybersecurity strategy. The role provides direct technical expertise and support to management, IT teams, and special projects.

Job Responsibilities

• Lead security initiatives and conduct security audits to support ISO/IEC 27001 or SOC 2 certification.
• Coordinate risk assessments for new projects, applications, and third-party vendors using industry frameworks such as ISO 27001 and NIST CSF.
• Recommend, plan, and implement new security technologies, practices, and improvements.
• Work closely with business and technical leaders, including project teams, to determine appropriate courses of action within professional standards, departmental procedures, policy guidelines, and legislative requirements.
• Respond to security incidents, perform research, and investigate information systems security violations and abuses.
• Provide Tier 2 user support to enhance operational efficiency.
• Develop and deliver enterprise security awareness and training programs.

Education & Experience:

• Diploma in Computer Science with emphasis on computing and networking infrastructures.
• Minimum 5 years of practical experience in information systems, including at least 2 years in information security administration in a complex information systems environment.

Other Requirements / Skills:

• Advanced knowledge of current and emerging technology trends, developments, best security industry practices, current risks, and emerging threats.
• Advanced knowledge of information security guidelines, concepts, and technical security controls.
• Advanced business process and technology analysis skills.
• Advanced knowledge of EDR/XDR, vulnerability management practices, and tools.
• Knowledge of information security incident management and incident response.
• Experience with core security technologies such as SIEM, firewalls, network and host intrusion prevention/detection systems, proxies, vulnerability scanners, and antivirus solutions.
• Advanced experience with Microsoft 365 tools and features; experience with other cloud vendors, including design, architecture, and security management.
• Experience and understanding of AD, DNS, RADIUS, PKI, and virtualization.
• Experience with TCP/IP, routing, VLAN, and VPN.
• Strong analytical skills with high attention to detail.
• Strong written and verbal communication skills, with a track record of delivering exceptional IT service.
• One or more industry certifications preferred: Security+, CEH, CISA, SANS, CISM, CISSP.