Information Security Analyst
Toronto, Ontario /
Inkblot Labs – Security /
At Inkblot Labs, we believe in helping Canadians get the health care they need, when and where they need it.
We create apps and services that make it easier, more accessible and more affordable for Canadians to get the care they need. We believe in the power of technology to let you live a healthier, happier and more meaningful life. And with this passion, we’re making practical solutions to everyday problems..
Interested in building high-impact health products? You’ll fit right in.
Life at Inkblot Labs
We are founders, entrepreneurs, designers, and technologists coming together to build, launch, and scale products and companies solving painful problems in the Canadian health space. We love solving big challenges and are focused on providing Canadians with better access to the care they need.
About the opportunity
We are looking for someone to develop and implement technological controls and Information Security related policies, programs and tools. You will provide specialized expertise and guidance on assessing risks, identifying potential gaps and providing security solutions to mitigate risks and protect assets.
What you'll be doing
- Perform all tasks necessary to ensure the protection of information systems assets from intentional or inadvertent access or destruction.
- Analyze security needs based on the sensitivity or proprietary nature of the data, and ensure all systems are utilized for management-approved purposes only
- Provide information security governance expertise and guide the administration of security tools that control and monitor information security, including:
- Update access control tables
- Set up user logon IDs and assigning/resetting passwords
- Design computer system access reports to identify possible security violations
- Assist in developing and maintaining effective business continuity plans, processes, and procedures necessary to recover business services in the event of a declared disaster, providing direction and in-house consulting in these areas
- Provide working knowledge of the day-to-day operating environment, available tools, operating techniques, and customer applications.
- Train information owners and officers in the implementation of necessary computer security controls or new upgraded security software and devices. Assist with development and implementation of information security educational programs, conducting awareness seminars and workshops as appropriate
- Contributes to the maintenance of technical reference library; assists with development of technical information materials and workshops on these new areas for IT as appropriate
- Coordinates efforts with various project teams ensuring control techniques are incorporated into the overall security model regarding operating systems, applications, database management and network management.
- Generates information security governance reports, performs testing of security modifications.
- Contributes to the development and maintenance of regular reporting and metrics
- Contributes to the development and maintenance of KPIs, KRIs, and SLAs
- Assist in the coordination and completion of security documentation (build documentation, and end-user job aides/training)
- Represent IT Security as a subject matter expert for security requirements and controls
- Define and recommend/implement security requirements, controls, policies, processes/procedures, and best practices to meet and facilitate various business requirements and enforce compliance
- Develop and manage implementation plans for Security projects, applications, and operations.
- As a project lead or stakeholder assist with the resolution of complex technical problems that will have an impact on project deliverables or integration engagements.
- Keep abreast of security trends, emerging cyber security threats, security tools, best practices, and applicable compliance regulations.
- Participate in the selection of security tools and/or partners that will improve security posture.
- Assist in the development of business cases, and detail requirements for security-related technologies.
- Work with vendors to provide security guidelines and ensure security and privacy standards are met.
- Lead or assist with simulated events to evaluate and improve security preparedness and response plan.
- Participate and assist in incident response and forensics activities.
- Foster and Promote security awareness and security culture among all levels of stakeholders in day-to-day projects and operations.
- Assist with the creation and delivery of cybersecurity awareness training.
- Assist with internal and 3rd party security audits.
- Assist with RFP/RFI response assessments, Acquisition analysis and risk assessments, and 3rd party provider analysis and risk assessments
- Maintain an information security risk register and track remediation efforts.
- Provides coverage for off-business hours and weekends.
Skills and Experience Needed
- Technical proficiency in security-related hardware and software; ability to function as a consultant to other IT groups on security matters as a recognized information security governance expert and to lead teams
- IT Security designations (CISSP, SANS GIAC, CCSP/CCSK, CRISC, CISA, CDPSE) considered an asset.
- Experience with Data Protection Programs and Data Loss Prevention technical solutions (Microsoft, Zscaler, Proofpoint, etc.)
- Experience in analyzing business problems, defining conceptual and detailed security requirements for enterprise applications and information technology.
- Knowledge of cryptography (PKI, digital signatures, SSL/TLS).
- Experience with NIST Cybersecurity Framework, CIS Top 20 Critical Controls and Benchmarks, and ISO 27001/27002 would be considered an asset.
- Knowledge of MITRE ATT&CK framework
- Knowledge of security controls and measures to take within a Cloud Native environment.
- Familiarity with Cloud Security and experience in infrastructure, data protection, identity, or auditing security (Azure, AWS, GCP).
- Extensive theoretical and technical knowledge of Endpoint/Server security, Application defense strategies, Application-level security, Storage and Network configuration security, Identity, and Authentication strategies, and technologies would be considered an asset.
- Clear and effective written and oral communication skills and the ability to communicate to all levels of internal and external customers including Auditors.
- Proven analytical abilities, problem-solving skills, and able to work at an abstract level.
- Experience with security tools; Identity Lifecycle Management, authentication technologies, and network monitoring would be considered an asset.
- Ability to effectively adapt to and apply rapidly changing technology to business needs
- Strong knowledge and understanding of business needs, with the ability to establish and maintain a high level of customer trust and confidence
- Strong analytical and problem-solving skills
- Strong customer focus and ability to manage client expectations
- Solid oral and written communications skills; ability to present and discuss technical information in a way that establishes rapport, persuades others, and gains understanding
- Solid project management skills, especially in a cross-functional environment
- Strong team-oriented interpersonal skills; ability to effectively interface with a wide variety of people
Our Commitment to Your Health:
We pride ourselves on offering flexible and comprehensive benefits for you and your dependents, covering medical, dental, mental health and more. At Inkblot, we also understand that life happens. When it does, we offer flexible work hours for the times when you need to put your health, family, or well-being first.
We believe the best workplace cultures are where every voice is valued and every person feels comfortable bringing their authentic selves to work. Diversity and inclusion are ingrained in our DNA.
Inkblot Technologies Inc. is an equal opportunity employer. Whatever you need to be successful, we will support you. If you need accommodation during the recruitment process or a few questions answered, please let us know at firstname.lastname@example.org