About ORION:

ORION is a not-for-profit organization dedicated to empowering Ontario researchers, educators and innovators. We foster a community of 1.7 million users at more than a hundred universities, colleges, hospitals and research institutions, school boards and regional innovation centres across the province. We enable ground-breaking discoveries and cutting-edge education by connecting institutions and regions through our network, facilitating collaboration, and providing our community with the digital tools and expert support they need to make the world a better place.

As pioneers of cybersecurity thought leadership in Canada’s research and education sector, ORION is committed to keeping our digital community safe by helping improve their cybersecurity posture. ORION is directly engaged in providing cybersecurity support and advice to approximately 40 universities and colleges in Ontario, and for some institutions in other provinces.

As a workplace, ORION has a culture of inclusion, mutual respect and teamwork. Equity and diversity are an integral part of our commitment to innovation, connectivity and community. We encourage applicants from women, persons with disabilities*, Indigenous peoples, racialized people and others who may contribute to the further evolution of our network.

Reporting Relationship:

  • This entry level position reports directly to the Director, ON-CHEC Security Program

Salary and Benefits:

  • Flexible work-from-home policy
  • Comprehensive benefits package
  • Career-training and development
  • Generous holidays/vacation
  • Many other perks

What we need:

The National Cybersecurity Assessment Program Analyst will support the universities and colleges participating in the National Cybersecurity Assessment program. The successful candidate will work in partnership with member groups to develop network security guidelines, assist in assessment of network security risk, and provide support and direction to constituents.

Key Activities:

  • Responsible for key deliverables of the National Cybersecurity Assessment Program, while providing required project management, communication, documentation, and knowledge management support
  • Provide our constituents (universities and colleges) with support for their cybersecurity program & roadmap
  • Support the National Cybersecurity Assessment program which may include:
    • Manage the collection of security self-assessment responses based on CIS controls and NIST CyberSecurity Framework (CSF)
    • Provide technical advice regarding campus network security tools, best practices, and incident recovery approaches
    • Write monthly security digests for constituents
    • Participate in and/or lead working group activities
    • Evaluate security postures, frameworks and roadmaps
    • Advise on information security programs
    • Advise on strategies and recovery plans in the event of an incident
    • Advise on the performance of penetration tests or “red teaming” on infrastructures, networks (internal/external), physical security, wireless technologies
    • Advise on IT internal audit mandates as a cybersecurity expert
    • Advise on methods and processes for security development in software solutions
  • Provide regular security analytics reports for management review with identified risks, identities, threats, and system vulnerabilities along with recommended remediation actions
  • Analyze and decipher information from multiple systems to identify cyber events and promptly alarm through reporting chain
  • Perform security monitoring and traffic/data analysis
  • Monitoring for Security Information and Event Management (SIEM), Intrusion Prevention/Detection systems (IPS/IDS) and Threat Intelligence systems
  • Collect and preserve the legally acceptable evidence of the malicious activity


  • Bachelors or Masters degree in Computer Science or Information Systems Security
  • Training or equivalent experience in cybersecurity and/or IS security, either as part of your degree program, or post-graduation.
  • Assets include:
    • CISSP, CEH, CRISC, CISM, C|CISO certification or equivalent
    • 1-3 years of experience in information security, ideally as part of a higher education institution or consulting firm

Knowledge and Skills:

  • Passion for cybersecurity and knowledge of attack methods, tools, tactics, and techniques
  • Experience in, or appreciation of, the unique challenges and risks faced by the higher education sector in Canada
  • Basic knowledge of NIST CSF and CIS controls framework
  • Basic level knowledge of commonly used operating systems and their hardened configuration
  • Operational knowledge of Identity and Access management using AD/Azure AD
  • Basic ITSM foundation knowledge regarding Incident Management, Service Request Management and Change Management
  • Foundational knowledge of ERP systems to advise on platform security
  • Foundational knowledge of cloud technologies and their inherent risks
  • Basic experience with Incident Response
  • Knowledge of behaviours of different types of threat actors
  • Excellent analytical capacity
  • Dynamic and self-directed
  • Curiosity and well-informed of current trends in cybersecurity
  • Excellent written and spoken communication qualities are essential

Please apply to jobs@orion.on.ca with subject line: National Cybersecurity Assessment Program Analyst

*Accommodations are available on request for candidates taking part in all aspects of the selection process.