IT Security Analyst

CANDIDATES MUST BE ABLE TO WORK CST HOURS 

The IT Security Analyst is responsible for ensuring that technical controls align with information security policies and regulatory requirements. This role supports security education, training, and awareness initiatives; monitors compliance with information security policies and applicable laws; and coordinates the investigation, response, and reporting of security incidents.

Working closely with Core IT Services (ITS), the IT Security Analyst monitors, assesses, and enhances security procedures and controls. The role includes conducting periodic vulnerability assessments of systems, networks, and applications, evaluating risks, and recommending corrective actions based on risk assessments, audit findings, and security reviews. The analyst also plays a key role in responding to cybersecurity incidents, working to contain, remediate, and mitigate threats while minimizing business impact.

Key Responsibilities

• Monitor and respond to information security issues across systems and business workflows to ensure security controls are effective and operating as intended.
• Administer, manage, and maintain security technologies, including firewalls, intrusion detection/prevention systems (IDS/IPS), content filtering solutions, endpoint protection platforms, and other security controls.
• Utilize and manage security tools such as SIEM platforms, vulnerability scanners, forensic tools, and threat monitoring solutions to identify, assess, and respond to security risks and incidents.
• Enforce security policies and procedures by administering security profiles, reviewing security violation reports, investigating exceptions, and maintaining documentation of security controls.
• Coordinate and support incident response activities, including investigation, containment, remediation, recovery, and reporting.
• Partner with IT, Legal, Compliance, and other stakeholders to identify and manage security vulnerabilities and risk exposures.
• Assist in the development, implementation, and maintenance of security policies, standards, and procedures, including authentication controls, security monitoring, incident escalation, auditing, encryption, and firewall management.
• Develop, deliver, and maintain security awareness and training programs to promote a strong security culture.
• Conduct ongoing security research to stay informed of emerging threats, vulnerabilities, technologies, and industry best practices.
• Participate in the evaluation and implementation of security products, technologies, and processes to improve organizational security, efficiency, and effectiveness.
• Support internal and external audits, risk assessments, and compliance initiatives as required.