Job Description
Title: Information Security Analyst, Contract Location: Mississauga, Ontario (Hybrid) Who We Are Just Energy is a consumer company focused on essential needs, including electricity and natural gas; health and well-being, such as water quality and filtration devices; and utility conservation, bringing energy efficient solutions and renewable energy options to consumers. Currently operating in the United States and Canada, Just Energy serves both residential and commercial customers. Just Energy is the parent company of Amigo Energy, Filter Group Inc., Hudson Energy, Interactive Energy Group, and Tara Energy.
As the Information Security Analyst, Contract reporting to the Manager, IT Cyber and Information Security, you will foster strong relationships with business partners, including IT, internal audit, SOC vendors, and other compliance and risk stakeholders within Just Energy. In your capacity, you will effectively position your team to understand, articulate, and influence the IT Risk and Compliance (ITRC) strategy, plans, results, issues, and outcomes. As a project leader, you will frequently communicate with executives to represent and discuss IT risks and compliance positions, including consultation with the Manager of IT Cyber and IS. You will also lead efforts to govern, communicate, and educate staff on the adherence to risk and compliance policies, standards, processes, and procedures.
You will work in a highly complex, fast-paced matrixed environment, with tight deliverables, timelines and communications with multiple internal and external stakeholders to IT. We expect you to act independently and demonstrate strong initiative, influence outcomes, minimize and address conflicts, and demonstrate an in-depth understanding of risk management activities and business risks and control environments. The role requires a sense of urgency, passion for results, and personal accountability for achievement. The successful candidate must possess expertise in process, technology, and business acumen, along with strategic and innovative thinking and an unwavering focus on security and our customers. Your strong leadership and relationship skills, resilience, and ability to effectively communicate will be vital in driving results the right way in our entrepreneurial environment.
Key Responsibilities - Identification of Information Security issues.
- Participate in the development of security architecture solutions.
- Monitor emerging security threats and evaluate and recommend mitigation strategies.
- Maintain necessary documentation to support security strategy by outlining the requirements and benefits of specific security tools and/or solutions.
- Document and communicate security incidents, vulnerabilities, and the current state of the system.
- Facilitate security risk management activities, advise on threats, vulnerabilities, and mitigation strategies.
- Daily Scanning, Implementing, and maintaining information security tools and documentation.
- Provide support to internal teams with security concerns.
- Responsible for spam prevention and monthly vulnerability Scanning
- Working with third party companies to resolve spam complaints, and backlisting.
- Supporting the annual external audit
- Responsible for updating Blocklists and Allow lists for our various in-house rules.
- Monitor information security requirements, policies, and compliance.
- Document and communicate security incidents, vulnerabilities, and the current state of the system.
- Facilitate security risk management activities, advise on threats, vulnerabilities, and mitigation strategies.
- Daily Scanning, Implementing, and maintaining information security tools and documentation.
- Provide support to internal teams with security concerns and with security incident response.
- Working with third party companies to resolve spam complaints and blacklistings.
- Supporting the annual external audit
- Perform other duties as assigned.
Qualifications - 2+ years of experience in Information Security, Cybersecurity, and advanced threat protection.
- 2+ years of experience with Data Discovery and Data Classification strategies.
- BA or BS degree in CS or IT preferred Computer Science or Engineering or related field.
- Experience in information security covering, Infrastructure, Web applications, software development, cloud, System, and Network Operating systems.
- Strong knowledge of IT infrastructure, networking, applications, databases, and both Windows and Linux operating systems.
- Experience with computer network penetration testing and techniques.
- Ability to identify and mitigate network, web application, and software development vulnerabilities and explain how to avoid them.
- Understanding of patch management with the ability to deploy patches promptly while understanding business impact.
- Working knowledge of the following IT Compliance, Standards, and Frameworks:
- National Institute of Standards and Technology (NIST) Security Standard
- Cybersecurity and Information Security
- Payment Card Industry Data Security Standard (PCI-DSS) requirement.
- Open Web Application Security Project (OWSAP) Top Ten Vulnerabilities
- Common Vulnerabilities and Exposures/Weaknesses
- ISACA -COBIT for Information Security
- Microsoft Windows Server/Workstation administration and security
- Application and Network Penetration Testing with one or more of these products (Rapid7, Veracode, Qualys, etc.)
- Administration/Security of Cisco Routers/Switches and other WAN/LAN/WLAN/VPN/Firewall Technologies
- Defender, DLP FIM, SIEM and endpoint security management
- Working experience with the following tools – IDPS, MITRE, SIEM, SOAP, WS Security, PowerShell, and Python scripting
Professional Certificates And Registration Required CISSP/GIAC/CCSP certification will be nice to have or work toward any of them.
Working knowledge of the following domains will be a plus. - ISO IEC 27001 L.A (ISMS)
- Certified Ethical Hacker (CEH)
- Qualys Certified Specialist (QCS)
- Cisco Certified Network Professional (CCNP)/ Cisco Certified Network Associate (CCNA)
- Microsoft Certified IT Professional (MCITP)
- Microsoft Certified Systems Administrator (MCSA)
- Microsoft Certified Technology Specialist (MCTS)
Understanding Knowledge of the following standards and frameworks will be an advantage. - Knowledge of Microsoft O/S, Identity Management and AD, Azure AD, ADFS
- Good understanding of Network equipment, O/S, and configuration. Cisco IOS, NX-OS, Palo Alto Firewalls, Meraki
- Working knowledge of IT standards – ISO27001 and ITIL, Framework -, NIST, OWSAP
- Knowledge of routing protocols (OSPF, BGP, IGRP/EIGRP) and MPLS.
- Fundamental knowledge of IP-based applications and experience with security threats and security tools to mitigate the impacts of those threats preferred.
Just Energy and its subsidiaries are an equal opportunity employer. We are committed to building a workforce that reflects the communities we serve and to promote a diverse, anti-racist, inclusive, accessible, merit-based, respectful and equitable workplace. We invite all interested individuals to apply. Primary Location CA-ON-Mississauga
Job Information Technology
Organization Canada
Schedule Temporary
Shift Temporary Work
Employee Status Non-Management
Job Type Full-time
Job Level Day Job
Travel No
Job Tags
Full time, Contract work, Temporary work, Shift work,