Reporting to the Manager, Cyber Security & Governance, the Cyber Security Analyst will contribute to and influence the improvement of the organization’s cyber security posture through the establishment of services and processes that enable security-by-design as well as continuous control monitoring, assurance and provable security. The incumbent will participate in the execution of the enterprise cyber security roadmap and plan.
Backfill on security team members, as needed.
- Participate in the Cyber Security Response Team for all Security incidents.
- Participate in Incident Response Drills; including facilitation and developing scenarios for the drills.
- All other work, as assigned by the Manager, Cyber Security & Governance
Specific Responsibilities/Accountabilities – Governance & Control:
- Support the UFA PCI DSS compliance program; including maintaining the PCI evidence book, validating UFA PCI Scope, maintain the data flow diagram, testing PCI DSS control testing, and providing oversight of all PCI activities.
- Accountable for managing UFA IT & cybersecurity governance framework materials (policies, controls, standards). Facilitate IT governance conversations with IT and business stakeholders to help ensure positive and deliberate outcomes.
- Manage the Cyber Security Assessment & Authorization Process
- Deliver and report cybersecurity metrics that provide stakeholders with situational awareness and provide quality information for risk-based decision making.
- Collaborate with internal and external stakeholders to identify all related IT & cybersecurity effectiveness targets and metrics.
- Assist in developing business process maps and requirements based on analysis of metrics to develop continuous improvement initiatives.
- Evaluate IT & cybersecurity control gaps and work with applicable stakeholders to recommend solutions.
- Perform risk analysis (e.g., threat, vulnerability, and probability of occurrence) whenever an application or system undergoes a major change.
- Provide input to the Risk Management Framework process activities and related documentation (e.g., system life-cycle support plans, concept of operations, operational procedures, and maintenance training materials).
- Participate in Risk Governance process to provide security risks, mitigations, and input on other technical risk.
- Develop security compliance processes and/or audits for external services (e.g., cloud service providers, data centers).
- Promote the desired outcome of controls described in the UFA IT Control Framework.
- Provide assistance to stakeholders in identifying and resolving IT & cybersecurity control gaps and deficiencies.
- Monitor the remediation status of IT & cybersecurity control gaps and deficiencies.
- Maintain the IT governance dashboard and report on governance activities.
- Support the preparation of progress reports based on performance metrics for IT risk, the cyber security program, and the major risk mitigation plan and security incident resolution.
- Assist and participate in the execution of security control validation activities, including but not limited to penetration testing, vulnerability assessment, incident response drills and attack simulation exercises.
- University degree or post-secondary diploma in Computer Sciences, Information Systems, business or a related discipline. An equivalent combination of education, training and progressive related experience would also be considered
- Deep understanding of cyber security & IT control auditing in a hybrid cloud environment required.
- More than 9 years IT related background with 5+ years of experience in at least 4 of the following Cyber Security domains:
- Security & Risk Management
- Asset Security
- Security Architecture & Engineering
- Communications & Network Security
- Identity & Access Management
- Security Assessment & Testing
- Security Operations
- Software Development Security
- A strong working knowledge of security architectures in a hybrid cloud environment required.
- Strong knowledge of security standards and frameworks, including PCI-DSS, NIST CSF, and ISO 27002
- General cyber security certifications such as Certified Information Systems Security Professional (CISSP), Certified Information Security Auditor (CISA) or Certified in Risk & information Systems Control (CRISC) in good standing
- Knowledge of risk assessment procedures, policy formation, role-based authorization methodologies, authentication technologies, and security attack pathologies.
- Deep understanding of cyber security and the relationship between threat, vulnerability, and information value in the context of risk management.
- Experience implementing or leading Payment Card Industry - Data Security Standard (PCI DSS) programs. Candidate must be qualified to obtain the Internal Security Assessor (ISA) designation.
- Solid understanding of IT & security frameworks including ITIL, ISF, COBIT, NIST CSF and ISO 27001
- Strong knowledge of cloud architecture security and deployment of security controls in a cloud environment (e.g. MS Azure, etc.)
- Strong knowledge of Security Governance, Risk & Compliance, and security audit practices.
- Ability to work under pressure, facilitate discussion, decision-making, and conflict resolution.
- Proven interpersonal and collaborative skills, with the ability to communicate information security and risk-related concepts to technical and nontechnical audiences at various hierarchical levels
- Excellent organization/project planning, time management, and change management skills across multiple functional groups and departments.
- Familiarity with IT emerging trends such as cloud services, APIs, DevSecOps, and noOps.
- Background in IT auditing or risk advisory services is an asset.
External Applications: Please send your cover letter and resume to email@example.com and quote the posting number in the subject line.
Internal Applications: Please email your resumes and Complete Form – Application For In-House Position, posting number, and forward to firstname.lastname@example.org.
We thank all candidates for their interest, however only qualified candidates will be contacted for an interview.
UFA Co-operative Limited is an Alberta-based agricultural co-operative with more than 120,000 member-owners. Founded in 1909, UFA's network comprises more than 111 bulk fuel and Petroleum Cardlock locations, 34 Farm & Ranch Supply stores and a support office located in Calgary. Independent Petroleum agents and more than 950 employees provide products, services and agricultural solutions to farmers, ranchers, members, consumers and commercial customers in Alberta, British Columbia, and Saskatchewan.