IT Security Analyst
FirstGroup plc
Surrey, Canada
7d ago

First Transit is a leading provider of transportation contract and management services, moving more than 350 million passengers annually.

First Transit employs more than 19,500 dedicated transit professionals through fixed-route, paratransit, college / airport shuttle services and rail operations at more than 300 locations in the US, Canada, Puerto Rico, Panama and India.

With a dedication to safety and outstanding customer service, First Transit sets itself apart from other providers in the industry.

First Transit is proud to offer :

  • Tremendous career advancement opportunities due to a strong presence across North America.
  • A comprehensive benefits package with paid holidays & vacation, medical, vision, and dental coverage, and 401(k) savings plan.
  • A great work environment.
  • JOB PURPOSE :

    The IT Security Analyst is primarily responsible for IT Security practices including Security Incident Response, Awareness and Reporting.

    Responsibilities include, but are not limited to, application and maintenance of best practices in the areas of IT security and risk.

    First Transit is a leading provider of transportation contract and management services, moving more than 350 million passengers annually.

    First Transit employs more than 19,500 dedicated transit professionals through fixed-route, paratransit, college / airport shuttle services and rail operations at more than 300 locations in the US, Canada, Puerto Rico, Panama and India.

    With a dedication to safety and outstanding customer service, First Transit sets itself apart from other providers in the industry.

    RESPONSIBILITIES

  • Service Desk Incident Tickets assigned to IT Security Operations queue - Oversee service desk incident tickets including planning and investigation around security breach activities.
  • Examples could be : SPAM email, Phishing, Virus, Network access request (reviewing business justification to view certain sites).

    Work with suppliers to ensure the proper attention and resolution is provided.

  • IT Security Awareness Program - Develop and implement a security awareness and ensure regular IT and business communications around best practices for IT Security.
  • This could develop into additional IT Training.

  • IT Business Continuity and IT Disaster Recovery support. Provides input and assistance in maintaining processes to support identified key business processes.
  • Highlight current state and recommended actions. Work within IT Disaster Recovery Governance documentation and IT Disaster Recovery Coordination Plan.

    Highlight areas where Business Continuity or risk appetite need to be addressed.

  • IT Risk Assessment Review and support IT Risk Assessment areas for exposure; provide status to of organization’s security risks, including cyber assessments
  • Manages risk reporting to risk governance committees
  • Incident Response Completes Security Incident Response processes to remediate security events as they arise. Recommends improvements to the environment to mitigate future security risks.
  • PC & Server Hardening - Ensures regular vulnerability scans are completed on respective systems. Ensures remediation reviews are completed and where possible, implemented via proper change control and documentation of such actions.
  • Monitors various Anti-Virus, Zero Day Threat and other applicable patches and tools are in place to help keep the workstations and systems safe.

  • Assist with IT Policy documentation and refinement
  • Assists with compliance with requirements imposed by governmental bodies, regulators, industry mandates or internal policies to provide guidance to develop repeatable processes and internal controls to provide sustainability at a lower cost to the company.
  • Knowledge of FOIPAA a plus

  • Supports ongoing process improvement to deliver increasing effectiveness & efficiency in Security and Risk functions.
  • Complies with Code of Business Conduct and Ethics.
  • Develops successful relationships with other business areas and key vendors. Builds / Maintains high performance collaborations through own actions & support provided to others
  • Performs all of the above independently and with limited supervision beyond initial direction
  • EXPERIENCE

  • 1 to 3 years relevant experience on process documentation preferred
  • General knowledge in security management and risk management
  • General knowledge of project management
  • Strong work ethic
  • Ability to practically support principles of IT security and IT audit
  • Speed and responsiveness in the facilitation of requests
  • Good presentation skills
  • Strong relationship-building skills
  • Strong communication and interaction skills; is comfortable working with individuals from different teams and suppliers
  • Demonstrated high level of integrity, ability to work with ambiguity, and strong sense of confidence to deliver on responsibilities
  • Excellent oral and written communication skills and presentation skills
  • Microsoft Office experience a must
  • Rapid 7 Nexpose and Metasploit (Scanning tools) experience a plus
  • SharePoint experience a plus
  • EXAMPLES OF COMMON DECISIONS MADE

  • Determines level of escalation required when security incidents are indentified.
  • Reviews security projects high-level requirements to determine level of involvement required.
  • Provides guidance in the creation and implementation of security process functions and risk controls.
  • Provides oversight and direction to address changes to company policies and processes to address current and proposed regulations and standards.
  • Directs the review of all data security policies periodically to assess the need for changes and guide implementation of improvements as necessary.
  • Works with Business Leadership to confirm critical processes to ensure the proper level of service exists for business continuity.
  • Works with IT and Business Leadership to corroborate the proper level of disaster recovery processes are in place to support critical business processes in the event of a disaster.
  • Engages with IT and Business Leaders to understand indentified risks and validate proper controls are in place to manage risk impact.
  • Engages with IT and Business Leaders to properly assess data security processes to provide guidance for data security improvements
  • EDUCATION

  • Bachelors in Business or Information Technology.
  • Industry certifications a plus (CISSP, CRISC, PMP, ITIL, CISA, CISM)
  • PHYSICAL WORKING CONDITIONS

  • Incumbent must be able to move about the office and between floors; utilize standard office equipment; access filing system / cabinets;
  • and communicate effectively and efficiently in person or by telephone

    First Canada is an equal opportunity employer that welcomes a diverse workforce. We encourage applications from women, persons with a disability, Aboriginal peoples and members of a visible minority

    Apply
    Add to favourites
    Remove from favorites
    Apply
    My Email
    By clicking on "Continue", I give neuvoo consent to process my data and to send me email alerts, as detailed in neuvoo's Privacy Policy . I may withdraw my consent or unsubscribe at any time.
    Continue
    Application form