Information Security Analyst - Toronto, Ontario
Tilray is a federally licensed producer of medical cannabis. We are committed to setting the gold standard of care and excellence in our industry. We believe that commitment starts with a great work environment and benefits for our associates.
Looking to develop your career at the forefront of a rapidly expanding industry?
Reporting to the Manager, IT Operations, the incumbent is responsible for research, evaluation, assessment, operational, reporting, and analytical support for technology controls and information security programs and initiatives. The incumbent will be a subject matter expert in the technical areas of information security and supports the Manager, IT Operations in stakeholder management by maintaining strong relationships with IT Infrastructure and Operational Business Units. This is a hands-on role that directly contributes towards the day-to-day cyber-security operational support of all global sites, by monitoring and proactively responding to any cyber threat which materialized or might materialize at any company asset to prevent or minimize potential business, financial, or reputation impact.
Role and Responsibilities
- Identify and recommend appropriate risk treatment and response options to manage risk to an acceptable level based on risk appetite to meet organizational goals and objectives
- Plan, establish, and manage the capability to detect, investigate, respond, and recover from information security incidents to minimize business impact
- Develop business cases to support investments in information security
- Establish, monitor, evaluate, and report key information security metrics to provide management with accurate and meaningful information regarding the effectiveness of the information security strategy
- Identify legal, regulatory, organizational, and other applicable requirements to manage the risk of noncompliance to acceptable levels
- Participate in regular internal and external audits to ensure that applicable physical and logical controls are being complied to, and develop responses for identified exceptions
- Ensure that risk assessments, vulnerability assessments, and threat analyses are conducted consistently, and to identify and assess risk to the organization’s information
- Determine whether information security controls are appropriate and effectively manage risk to an acceptable level
- Develop, maintain, and enforce a role-based access control program by collaborating with various department stakeholders and applications owners while making sure all changes are properly documented and approved to satisfy audit requirements
- Conduct all on-boarding and off-boarding in accordance with RBAC policies and procedures
- Monitor the information security queue and action items accordingly in a timely manner
- Represent the information security team at CAB meetings, making sure the risk associated to every change is identified, assessed, and documented for further action
- Develop and maintain expertise through professional development opportunities and personal studies off-hours.
- Mandatory availability as an on-call resource evenings, weekends, and statutory holidays
Qualifications and Education Requirements
- University degree in Computer Science, Information Systems, Information Technology, or an acceptable combination of education and experience
- At least 3 years of direct work experience as an information security analyst
- Preferred certifications: CISSP and CCSP
- Extensive knowledge of multiple cyber-security domains such as governance, risk assessment, threat intelligence, user education, security operation, and security architecture
- Extensive knowledge of cyber-security standards such as ISO, NIST, PIPEDA, and GDPR
- Extensive knowledge of enterprise asset management, endpoint protection platforms, secure web gateways, secure email gateways, vulnerability assessment tools, identity and access management solutions, and intrusion detection and prevention systems
- Advanced knowledge of private and public cloud infrastructure tools and protocols
- Advanced knowledge of physical security tools such as Genetec Security Center
- Hands on experience with implementing security awareness and training containing various mediums like on-boarding presentation, online training modules, lunch and learns, periodic security communication, and simulated phishing campaigns
- Hands on experience with Role Based Access Control and User Access Administration
- Proven strong ability to write concise, detailed technical documentation for internal IT use and end-user training purposes, including detailed network diagrams, system processes, and maintaining accurate records of system configurations and inventory
- Able to interpret the operational requirements of end users, project managers, and other stakeholders, and develop detailed task lists from start-to-finish
- Effective time management, task prioritization, and ability to consistently meet deadlines
- Able to work independently or as part of a team. A proven self-starter and highly motivated to make proactive changes
- Possess excellent written and verbal communication skills, and highly analytical aptitude
Tilray welcomes applications from all qualified individuals and is committed to employment equity and diversity in the workplace.
Accommodations are available for applicants with disabilities throughout the recruitment process. If you require accommodations for interviews or other meetings, please advise when submitting your application.
Please note that Tilray does not authorize, engage, or sponsor any consultants, agencies or organizations that seek certain personal or financial information from you (e.g. passwords, login ids, credit card information). Tilray does not charge any application, processing or on-boarding fee at any stage of the recruitment or hiring process.
When replying to emails, please ensure the sender name and email address match exactly. Please also ensure the Reply-To address matches the sending address exactly.
If you are concerned about the authenticity of an email, letter, or call purportedly from, for, or on behalf of Tilray, please send an email inquiry to email@example.com