Payband : 10
Range of Pay : $73,401 - $91,752
Posting Date : July 12th, 2018
Closing Date : July 25th, 2018 at 7 : 00pm EST
JOB SUMMARY :
The IT Security Analyst supports Mohawk College’s Cyber Security Framework and will collaborate with leaders across the college as well as the broader Mohawk College community to ensure that technology is procured, designed, built, operated, maintained and monitored with consistent practices that respect the confidentiality, integrity and availability of our systems and data.
The incumbent will work to constantly review the current threat landscape by receiving news feeds including the Canadian Cyber Incident Response Centre’s distribution list and monitor other IT Security channels as applicable.
The incumbent will understand these threats and their relationship to College infrastructure by building out a vulnerability management program which will strategically feed the College’s Patch Advisory Group and Operations teams with actionable and prioritized intelligence with instruction on remediating exposure.
To be compliant with the Acceptance of Payment Card Policy and PCI Requirements, this position is required to provide a Police Check prior to the commencement of employment.
The duties of this position will include, but are not limited to the following :
Strategy, Governance and Oversight
With a detailed understanding of all layers of technology and fundamental understanding of the defense in depth model along with the cyber security killchain the incumbent will advise, contribute, and update Mohawk College’s Cyber Security Strategy and roadmap.
Design, facilitate and continuously improve technology risk assessment methodologies including Threat and Risk Assessments, Cloud Risk Assessments and Project Risk Assessments which help express the likelihood and impact of IT Security incidents and contribute to Mohawk College’s Enterprise Risk Management Framework.
Provide assessment and recommendations related to threat and risk mitigation of IT projects to ensure that new systems have adequate protection and are optimally configured to provide the appropriate security visibility.
Develop, advise, and update IT Security Policies, Standards, Procedures and Guidelines as required to reduce risks as identified.
Proactively and collaboratively, work and instruct each IT Operational Area within the IT Department to maintain IT Security best practices and ensure compliance with Mohawk College’s IT Security Standards.
Assist departments across the College with understanding the sensitivity of data based on data classification standard
Proactively maintain currency with evolving industry trends in cyber security and understand and communicate how that may impact the IT Strategy and IT Security Strategy.
Develop and maintain IT Security metrics to express security coverage and visibility, policy compliance, security event and incident trends, vulnerability exposure, patch latency and e-
mail security trends.Continually work to map these metrics to business problems or outcomes.
Audit and Compliance
Conduct gap analysis’s of current policies, standards, procedures and guidelines to determine next steps in delivering additional controls based on risk.
Conduct technical assessments, gap analysis’s and audits of existing technology infrastructure to validate or identify missing controls.
Provide input into compliance management by monitoring whether key policy, regulatory or legal requirements are being met.
Create, deliver, and monitor a framework for accountability in remediation activities and track timelines for delivery of controls linking to the College Enterprise Risk Management Program.
Work collaboratively within a team environment to guide Payment Card Industry Data Security Standards (PCI DSS) compliance activities.
Vulnerability and Threat Management with Penetration Testing
Design, build, maintain, and monitor the College wide vulnerability management program.
Track, update, and on-board assets into the vulnerability management program.
Ensure that assets are classified for the correct context with data classification and data volumes identifying the most critical assets within the infrastructure.
Ensure that vulnerabilities are mitigated in a prioritized approach using threat intelligence.
Make complex decisions on how mitigate specific vulnerabilities that cannot be patched.
Conduct tests and attempt penetration to ensure that vulnerabilities have been appropriately mitigated and come up with alternative attack methodologies to retest the mitigations.
Build reports, dashboards, and track trends related to patching and configuration management activities.
Ensure consistent authentication of scanning infrastructure to improve scan accuracy.
Develop scripts in PowerShell that integrate with the API of the vulnerability management platform.
Monitor threat feeds to understand current industry threats against existing College infrastructure and understand how these threats affect delivery of future projects.
Security Event Management and Monitoring
Monitor and triage end point and network security platforms and conduct investigations based on risk of reviewed events.
Build use cases and alerting within end point, data centre, and network security platforms to quickly alert to events that require investigation and those which directly invoke incident response.
The incumbent will need to deeply analyse risk and consider all factors in the creation of dashboards and alarms.
Build, monitor, maintain and develop a centralized log management or SIEM infrastructure to monitor all systems and users at all campuses and have the flexibility to ingest data from cloud applications and API’s.
Ensure that log management or SIEM infrastructure have assets classified for appropriate context to express the appropriate level of risk and exposure and to prioritize alarms and notifications.
Conduct technical maintenance tasks on log management or SIEM infrastructure and ensure hardware and software are updated at regular intervals.
Use feedback from incident response and threat hunting activities to further develop use cases, tuning, and data points required to arrive at defensible and clear conclusions.
Understand machine generated event messages in detail and make sound judgement on whether events attribute to identifying the who / what / where and when or if they should be discarded from log management storage.
Invoke, lead, and instruct incident response activities derived from security monitoring operations event data and user reported incidents and information.
During security events, incidents and forensic investigations :
oprovide significant risk based judgment for just-in-time decisions to manage and mitigate further damage, preserve evidence, enable systems to resume operations, mitigate damaging reputational risks and brief all levels of Senior Management as required.
oexercise judgement to identify when additional resources are required such as technical expertise, technologies, or leverage external incident response providers.
Build and maintain incident response playbooks to model the activities that must take place when responding to IT security incidents.
Develop and acquire tooling for forensic capabilities to leverage during incident response activities.
Work with departments and provide instruction and feedback as to what caused the events and how to avoid the events in the future.
Identity Management Governance
Research, advise, and work collaboratively to build out the College’s identity and access management tooling with collaboration between Human Resources and IT departments.
Ensure that identity is consistently monitored throughout IT security architecture.
Surmise that adversaries have compromised the College network and develop threat hunting hypotheses to test the existence of intruders in the College network.
Leverage open source tooling and deception technologies to bait and lure adversaries into exposing themselves on the network.
Use sound judgement to place deceptive technologies on the network in locations that create early alarms and indicators of compromise to identify and eradicate intruders.
Cyber Security Education and Awareness
Support the planning, preparation and delivery of all IT Security related education, awareness and training.
Track, monitor, and report compliance of IT Security Education and Awareness programs and provide reminders, suggestions, and recommendations to improve participation levels.
Proactively identify areas of need for IT Security Education and Awareness.
Design, prepare and delivery IT Security Education and Awareness sessions, presentations, videos, or other activities.
Identify newly emerging threats that relate to end user computer environments and develop and deliver training material to mitigate risks.
The successful applicant must have :
A three year Diploma / Degree in Computer Sciences, Sciences, Mathematics or equivalent experience in IT Security.
Certification in IT Security such as a CISSP, CISM, CCSP, SSCP, CEH or other is an asset.
Ability to absorb large amounts of information, analyzing and synthesizing key ideas and recommendations, and effectively presenting across a spectrum of business and technical audiences.
Exceptional people, interpersonal, political acuity and business acumen skills.
Experience with IT technology across endpoint, data centre, server systems, cloud, and network technologies is mandatory.
Knowledge and experience with technology and the Cyber risk environment in higher education.
A minimum of five years of experience in similar roles where the individual interacted with security functionality and event data across an organization.
Proven collaborative and inclusive operating style.
Experience and proven ability to work in a fast pace, dynamic environment with highly restricted information.