Description
Job Title: Information Security Analyst
Location: Mississauga, ON (Hybrid)
Reports To: Manager, IT Cyber and Information Security
Just Energy and its subsidiaries are an equal opportunity employer. We are committed to building a workforce that reflects the communities we serve and to promote a diverse, inclusive, accessible, merit-based, respectful, and equitable workplace. We invite all interested individuals to apply.
Who is Just Energy?
Just Energy is a retail energy and consumer company focused on essential needs, including electricity and natural gas, health, and well-being, such as water quality and filtration devices; and utility conservation, bringing energy efficient solutions and renewable energy options to consumers. Currently, operating in the United States and Canada, Just Energy serves residential and commercial customers. Just Energy is the parent company of Amigo Energy, Filter Group Inc., Hudson Energy, Interactive Energy Group, and Tara Energy. Learn more at: www.justenergy.com.
Job Summary
As the Information Security Analyst, reporting to the Manager, IT Cyber and Information Security, you will foster strong relationships with business partners, including IT, internal audit, SOC vendors, and other compliance and risk stakeholders within Just Energy. In your capacity, you will effectively position your team to understand, articulate, and influence the IT Risk and Compliance (ITRC) strategy, plans, results, issues, and outcomes. As a project leader, you will frequently communicate with executives to represent and discuss IT risks and compliance positions, including consultation with the Manager of IT Cyber and IS. You will also lead efforts to govern, communicate, and educate staff on the adherence to risk and compliance policies, standards, processes, and procedures.
You will lead in a highly complex, fast-paced matrixed environment, with tight deliverable timeframes and multiple internal and external stakeholders to IT. We expect you to act independently and demonstrate strong initiative, influence outcomes, minimize and address conflicts, and demonstrate an in-depth understanding of risk management activities and business risks and control environments.
The role requires a sense of urgency, passion for results, and personal accountability for achievement. The successful candidate must possess expertise in process, technology, and business acumen, along with strategic and innovative thinking and an unwavering focus on security and our customers. Your strong leadership and relationship skills, resilience, and ability to effectively communicate will be vital in driving results the right way in our entrepreneurial environment.
Key Responsibilities
Identification of Information Security issues.
Participate in the development of security architecture solutions.
Monitor emerging security threats, along with evaluate and recommend mitigation strategies.
Maintain necessary documentation to support security strategy by outlining the requirements and benefits of specific security tools and/or solutions.
Document and communicate security incidents, vulnerabilities, and the current state of the system.
Facilitate security risk management activities, advise on threats, vulnerabilities, and mitigation strategies
Daily Scanning, Implementing, and maintaining information security tools and documentation
Provide support to internal teams with security concerns
Responsible for spam prevention and monthly vulnerability Scanning
Responsible for updating Blocklists and Allow lists for our various in-house rules.
Working with 3rd party companies to resolve spam complaints, and backlisting.
Supporting the annual external audit
Perform other duties as assigned
Monitor information security requirements, policies, and compliance
Document and communicate security incidents, vulnerabilities, and the current state of the system.
Facilitate security risk management activities, advise on threats, vulnerabilities, and mitigation strategies
Daily Scanning, Implementing, and maintaining information security tools and documentation
Provide support to internal teams with security concerns and with security incident response
Responsible for Spam Prevention and monthly vulnerability Scanning
Responsible for updating block lists and allowing lists for our various in-house rules.
Working with 3rd party companies to resolve spam complaints and black listings.
Supporting the annual external audit
Perform other duties as assigned
Qualifications
2+ years of experience in Information Security, Cybersecurity, and advanced threat protection
2+ years of experience with Data Discovery and Data Classification strategies
BA or BS degree in CS or IT preferred Computer Science or Engineering or related field.
Experience in information security covering, Infrastructure, Web applications, software development, cloud, System, and Network Operating systems.
Experience with computer network penetration testing and techniques.
Ability to identify and mitigate network, web application, and software development vulnerabilities and explain how to avoid them.
Understanding of patch management with the ability to deploy patches promptly while understanding business impact.
Working knowledge of the following IT Compliance, Standards, and Frameworks:
o National Institute of Standards and Technology (NIST) Security Standard
o Cybersecurity and Information Security
o Payment Card Industry Data Security Standard (PCI-DSS) requirement.
o Open Web Application Security Project (OWSAP) Top Ten Vulnerabilities
o Common Vulnerabilities and Exposures/Weaknesses
o ISACA -COBIT for Information Security
o Microsoft Windows Server/Workstation administration and security
o Application and Network Penetration Testing with one or more of these products (Rapid7, Veracode, Qualys Guard, Burp Suite, etc.)
o Administration/Security of Cisco Routers/Switches and other WAN/LAN/WLAN/VPN/Firewall Technologies
o Mcafee ePO, Solidcore, DLP (Devicelock), FIM (Cimtrak), DAM (Imperva), SIEM (Arcsight), and endpoint security management
o Working experience with the following tools - IDPS, MITRE, SIEM, SOAP, WS Security, PowerShell & Bash, and Python scripting
Professional Certificates and Registration Required
CISSP/GIAC/CCSP certification will be nice to have or work toward any of them.
Working knowledge of the following domains will be a plus
ISO IEC 27001 L.A (ISMS)
Certified Ethical Hacker (CEH)
Qualys Certified Specialist (QCS)
Cisco Certified Network Professional (CCNP)/ Cisco Certified Network Associate (CCNA)
Microsoft Certified IT Professional (MCITP)
Microsoft Certified Systems Administrator (MCSA)
Microsoft Certified Technology Specialist (MCTS)
Understanding Knowledge of the following standards and frameworks will be an advantage.
Knowledge of Microsoft O/S, Identity Management and AD, Azure AD, ADFS
Good understanding of Network equipment, O/S, and configuration. Cisco IOS, NX-OS, PaloAlto Firewalls, Meraki
Working knowledge of IT standards - ISO27001 and ITIL, Framework -, NIST, OWSAP
Knowledge of routing protocols (OSPF, BGP, IGRP/EIGRP) and MPLS.
Fundamental knowledge of IP-based applications, experience with security threats and security tools to mitigate the impacts of those threats preferred.
Just Energy
5251 Westheimer Rd
Houston
Texas United States
www.justenergy.com
