ON-CHEC Security Analyst

About ORION:

ORION is a not-for-profit organization dedicated to empowering Ontario researchers, educators and innovators. We foster a community of 1.7 million users at more than a hundred universities, colleges, hospitals and research institutions, school boards and regional innovation centres across the province. We enable ground-breaking discoveries and cutting-edge education by connecting institutions and regions through our network, facilitating collaboration, and providing our community with the digital tools and expert support they need to make the world a better place.

As a core pillar of our mission serving Ontario’s higher education and research sector, ORION is committed to keeping our digital community safe by helping improve their cybersecurity posture. ORION is directly engaged in providing cybersecurity support and advice to approximately 40 universities and colleges in Ontario, and for some institutions in other provinces.

As a workplace, ORION has a culture of inclusion, mutual respect and teamwork. Equity and diversity are an integral part of our commitment to innovation, connectivity and community. We encourage applicants from women, persons with disabilities*, Indigenous peoples, racialized people and others who may contribute to the further evolution of our network.

Reporting Relationship:

  • This position reports directly to the CISO.

Salary and Benefits:

  • Flexible work-from-home policy
  • Comprehensive health and dental benefits
  • Generous vacation and holidays
  • Many other perks

What We Need:

The ON-CHEC Security Analyst will support the universities and colleges participating in ON-CHEC (Ontario Cybersecurity Higher Education Consortium) from both strategic and tactical perspectives. The successful candidate will work in partnership with member groups to support cybersecurity related governance, technical and operational solutions. These may include supporting institutions in building or updating roadmaps; testing/assessing security controls; conducting risk assessments; crafting security programs and projects; conducting tabletop IRP exercises; as well as the sharing of threat intelligence and best practices among ON-CHEC members.

Candidates will be self-starters with excellent written and spoken communication abilities, and an exceptional capacity to understand our community’s needs. We are looking for a team-oriented individual with strong professional ethics.

Key Activities:

  • Responsible for key deliverables of the ON-CHEC Program, while assisting constituents with cybersecurity projects, solutions, and deliverables
  • Provide our constituents (universities and colleges) with support for their cybersecurity program & roadmap
  • Working with a number of frameworks such as NIST and CIS
  • Provide advice regarding institution security tools, best practices, and incident response/recovery approaches
  • Develop content for monthly ON-CHEC webinars
  • Participate in and/or lead ON-CHEC working group activities
  • Advise on Information security programs to counter evolving threat landscapes
  • Advise on strategies and recovery plans in the event of an incident
  • Advise on the performance of penetration tests or “red teaming” on infrastructures, networks (internal/external), physical security, wireless technologies
  • Provide regular security analytics reports for management review with identified risks, identities, threats, and vulnerabilities along with recommended remediation actions
  • Analyze and decipher information from multiple systems to identify cyber events and promptly alarm through reporting chain
  • Perform security monitoring and traffic/data analysis
  • Interface with other functional areas (internal/external) – examples include SECOPS and industry partners

Qualifications:

  • Bachelors or master’s degree in computer science or information systems security or equivalent experience
  • Assets include:
    • CISSP or other relevant certifications
    • 5+ years of experience in Cybersecurity or Information technology, ideally as part of a higher education institution

Knowledge and Skills:

  • Passion for cybersecurity and knowledge of attack methods, tools, tactics, and techniques
  • Experience in, or appreciation of, the unique challenges and risks faced by the higher education sector in Canada
  • Basic knowledge of NIST CSF and CIS controls framework
  • Experience with risk management and governance
  • Basic ITSM foundation knowledge regarding Incident Management, Service Request Management and Change Management
  • Foundational knowledge of IT including Cloud technologies and technical security controls
  • Real world experience with Incident Response
  • Knowledge of behaviours of different types of threat actors
  • Excellent analytical capacity
  • Dynamic and self-directed
  • Curiosity and well-informed of current trends in cybersecurity
  • Excellent written and spoken communication qualities are essential

Applications:

Please apply to jobs@orion.on.ca with the subject line: ORION ON-CHEC Security Analyst

*Accommodations are available on request for candidates taking part in all aspects of the selection process.