22 Jan
Just Energy
Mississauga
Job Title: Information Security Analyst
Location: Mississauga, ON (Hybrid)
Reports To: Manager IT Cyber and Information Security
Just Energy and its subsidiaries are an equal opportunity employer. We are committed to building a workforce that reflects the communities we serve and to promote a diverse, inclusive, accessible, merit-based, respectful, and equitable workplace. We invite all interested individuals to apply.
Who is Just Energy?
Just Energy is a retail energy and consumer company focused on essential needs, including electricity and natural gas, health, and well-being, such as water quality and filtration devices; and utility conservation, bringing energy efficient solutions and renewable energy options to consumers.
Currently, operating in the United States and Canada, Just Energy serves residential and commercial customers. Just Energy is the parent company of Amigo Energy, Filter Group Inc., Hudson Energy, Interactive Energy Group, and Tara Energy. Learn more at: www.justenergy.com.
Job Summary
As the Information Security Analyst, reporting to the Manager, IT Cyber and Information Security, you will foster strong relationships with business partners, including IT, internal audit, SOC vendors, and other compliance and risk stakeholders within Just Energy. In your capacity, you will effectively position your team to understand, articulate, and influence the IT Risk and Compliance (ITRC) strategy, plans, results, issues, and outcomes. As a project leader, you will frequently communicate with executives to represent and discuss IT risks and compliance positions, including consultation with the Manager of IT Cyber and IS. You will also lead efforts to govern, communicate, and educate staff on the adherence to risk and compliance policies, standards, processes, and procedures.
You will lead in a highly complex, fast-paced matrixed environment, with tight deliverable timeframes and multiple internal and external stakeholders to IT. We expect you to act independently and demonstrate strong initiative, influence outcomes, minimize and address conflicts, and demonstrate an in-depth understanding of risk management activities and business risks and control environments.
The role requires a sense of urgency, passion for results, and personal accountability for achievement. The successful candidate must possess expertise in process, technology, and business acumen, along with strategic and innovative thinking and an unwavering focus on security and our customers. Your strong leadership and relationship skills, resilience,
and ability to effectively communicate will be vital in driving results the right way in our entrepreneurial environment.
Key Responsibilities
- Identification of Information Security issues.
- Participate in the development of security architecture solutions.
- Monitor emerging security threats, along with evaluate and recommend mitigation strategies.
- Maintain necessary documentation to support security strategy by outlining the requirements and benefits of specific security tools and/or solutions.
- Document and communicate security incidents, vulnerabilities, and the current state of the system.
- Facilitate security risk management activities, advise on threats, vulnerabilities, and mitigation strategies
- Daily Scanning, Implementing, and maintaining information security tools and documentation
- Provide support to internal teams with security concerns
- Responsible for spam prevention and monthly vulnerability Scanning
- Responsible for updating Blocklists and Allow lists for our various in-house rules.
- Working with 3rd party companies to resolve spam complaints, and backlisting.
- Supporting the annual external audit
- Perform other duties as assigned
- Monitor information security requirements, policies, and compliance
- Document and communicate security incidents, vulnerabilities, and the current state of the system.
- Facilitate security risk management activities, advise on threats, vulnerabilities, and mitigation strategies
- Daily Scanning, Implementing, and maintaining information security tools and documentation
- Provide support to internal teams with security concerns and with security incident response
- Responsible for Spam Prevention and monthly vulnerability Scanning
- Responsible for updating block lists and allowing lists for our various in-house rules.
- Working with 3rd party companies to resolve spam complaints and blacklistings.
- Supporting the annual external audit
- Perform other duties as assigned
Qualifications
- 2+ years of experience in Information Security, Cybersecurity, and advanced threat protection
- 2+ years of experience with Data Discovery and Data Classification strategies
- BA or BS degree in CS or IT preferred Computer Science or Engineering or related field.
- Experience in information security covering, Infrastructure, Web applications, software development, cloud, System, and Network Operating systems.
- Experience with computer network penetration testing and techniques.
- Ability to identify and mitigate network, web application, and software development vulnerabilities and explain how to avoid them.
- Understanding of patch management with the ability to deploy patches promptly while understanding business impact.
- Working knowledge of the following IT Compliance, Standards, and Frameworks:
o National Institute of Standards and Technology (NIST) Security Standard
o Cybersecurity and Information Security
o Payment Card Industry Data Security Standard (PCI-DSS) requirement.
o Open Web Application Security Project (OWSAP) Top Ten Vulnerabilities
o Common Vulnerabilities and Exposures/Weaknesses
o ISACA -COBIT for Information Security
o Microsoft Windows Server/Workstation administration and security
o Application and Network Penetration Testing with one or more of these products (Rapid7, Veracode, Qualys Guard, Burp Suite, etc.)
o Administration/Security of Cisco Routers/Switches and other WAN/LAN/WLAN/VPN/Firewall Technologies
o Mcafee ePO,
Solidcore, DLP (Devicelock), FIM (Cimtrak), DAM (Imperva), SIEM (Arcsight), and endpoint security management
o Working experience with the following tools – IDPS, MITRE, SIEM, SOAP, WS Security, PowerShell & Bash, and Python scripting
Professional Certificates and Registration Required
CISSP/GIAC/CCSP certification will be nice to have or work toward any of them.
Working knowledge of the following domains will be a plus
- ISO IEC 27001 L.A (ISMS)
- Certified Ethical Hacker (CEH)
- Qualys Certified Specialist (QCS)
- Cisco Certified Network Professional (CCNP)/ Cisco Certified Network Associate (CCNA)
- Microsoft Certified IT Professional (MCITP)
- Microsoft Certified Systems Administrator (MCSA)
- Microsoft Certified Technology Specialist (MCTS)
Understanding Knowledge of the following standards and frameworks will be an advantage.
- Knowledge of Microsoft O/S, Identity Management and AD, Azure AD, ADFS
- Good understanding of Network equipment, O/S, and configuration. Cisco IOS, NX-OS, PaloAlto Firewalls, Meraki
- Working knowledge of IT standards – ISO27001 and ITIL, Framework -, NIST, OWSAP
- Knowledge of routing protocols (OSPF, BGP, IGRP/EIGRP) and MPLS.
- Fundamental knowledge of IP-based applications, experience with security threats and security tools to mitigate the impacts of those threats preferred.
Benefits:
Just Energy offers a robust benefits plan for staff members, as well as Employee Assistance Programs that offer a wealth of tools and resources to enrich the employee experience. The company also provides several cost-free, self-development courses for those that wish to build on their skills and competencies. In addition, a variety of awards offer another opportunity to recognize and reward employees.
We offer:
- Competitive compensation and incentives
- Paid Holidays/Vacation
- Company paid L&AD; for employees plus Short-term disability.
- Personal and Career development resources with “growth” opportunity
- Hybrid -Remote Work Model depending on role
- Health and wellbeing tools and resources and more
#LI-AP1
#JESP
Impress this employer describing Your skills and abilities, fill out the form below and leave Your personal touch in the presentation letter.