Reporting to the Information Security Officer (ISO), Information Technology Services (IT Services) the Information Security Analyst (IS Analyst) participates in activities pertaining to protecting the confidentiality, integrity, and availability of information assets and information systems of importance to the University. The IS Analyst’s primary focus is to develop and maintain cybersecurity awareness and education for staff, faculty and students across the University so that they become great cybercitizens and fulfill their mandate with confidence. The IS Analyst is an experienced technologist who is creative and curious with an insatiable drive to solve problems beyond a tactical level. Possessing an ability to transform meaningful data into digestible insight for diverse audiences, the IS Analyst enjoys sharing information, stories, and insight to foster a secure-aware culture while advocating for information security and providing expert knowledge and education to the Queen’s community.
Cybersecurity Education and Awareness:
Designs, develops and maintains a comprehensive cybersecurity education and awareness program for Queen’s University using automated tools for the purposes of ongoing awareness about cyber threats and education. This includes the development of the goals, approach, roles and responsibilities, tools, resources, delivery model, and activities for ongoing employee awareness and training.
Evolves the cybersecurity education and awareness program in a changing threat landscape.
Designs, develops, maintains, and administers the security awareness and education training material and associated tools. This includes the development of a service used anytime by the University community to gain awareness and knowledge of cyber threats and how to prevent, identify and respond.
Delivers security awareness training through extensive coordination with Queen’s administration, department, and faculties. This includes the creation of awareness campaigns, corresponding exercises and performance reporting.
Develops and maintains policy instruments that support the cybersecurity education and awareness program goals such as continual training in cybersecurity practices.
In collaboration with the Security Operations team and IT Support Centre, develops and maintains a guidance program and services for IT Support staff to address commonly known cybersecurity conditions.
Develops procedures and technical specifications to support the day-to-day operations of the training tool including technology configurations, data sources, recovery time objective, SLA, etc.
Information Security Program Management Support:
Maintains the document repository and associated workflows for the Information Security Management Program and associated programs, services, and activities.
Supports the ISO in the development of measurement criteria for evaluating the performance of the University’s Information Security Management Program and associated services. Identifies, collects and analyzes data, and recommends changes for improvement.
Collaborates and fosters partnerships with administration and academic peers and managers on information security practices and issues. Liaises on security matters with other institutions, vendors, and external partners on behalf of the University.
Updates the IT Services Security Website ensuring website content reflects the information security services.
Prepares, conducts, and participates in IT Business Continuity exercises.
Maintains the University’s cybersecurity incident management and response plan.
Assists the ISO with coordination of security projects and activities.
Acts as an information security subject matter expert, providing technical and business advice and guidance.
Governance, Risk and Compliance Support:
Assists the ISO with technical implementation and changes to security policy instruments for compliance with internal and external policies, requirements, and applicable laws.
Maintains the University’s data classification standard and associated tools.
Participates in security audits and attestations, and practice reviews.
Assists the ISO with the coordination of information security plans with outside vendors.
Conducts research on threats and emerging security technologies and recommends changes to practices and services.
May participate in business, technical, and other projects as a security subject matter expert.
When called upon to participate on an incident response team, may: analyze security incidents to determine the root cause, identify actions to threats and breaches, and recommend appropriate tools and countermeasures.
University degree in Computer Science, Information Management, Cybersecurity Management, or related field with a minimum of 3 years experience in a security related role.
Completion or working toward a recognized security certification such as CISSP, CSX or GSEC.
Experience with enterprise level information security is considered an asset.
Analyst experience in Information Technology domains of practice such as networks, applications, database management at the enterprise level.
Excellent verbal and written communication skills including experience in writing technical documentation.
Experience delivering security awareness information to general users.
Experience configuring technology (e.g. operating systems, applications, database).
Knowledge of access principles and role-based access, threat risk assessment methodologies, risk management principles and procedures, disaster recovery and enterprise high-availability, attack scenarios and preventative security practices.
Knowledge of cybersecurity standards and frameworks (e.g. NIST, Cloud Security Alliance), information security products, and data protection techniques.
Understands the IT industry best practices, and resources to ensure continuous optimization of delivery effectiveness.
Consideration may be given to an equivalent combination of education and experience.
Working with Others: actively seeks ideas from multiple sources for consideration to improve the performance of the team(s). Shares thoughts and information with all levels of expertise. Ensures that one’s own behaviour does not negatively impact others when faced with complex situations.
Inclusivity: welcomes an inclusive environment and coach’s others to address and support those who may feel vulnerable. Ensures the diverse group receives opportunities for fair treatment regardless of background.
Communication: takes a lead role to communicate to multiple audiences and easily explains complex information to ensure the message is understood.
Customer Service and Support: actively engages the customer or team member and evaluates their needs in a timely manner. Establishes plans and organizes work to meet or exceed the deadlines. Periodically, conducts plan reviews and provides an update to client/customer and recommends any process efficiencies.
Planning/Organizing: takes an active role in analyzing problems regarding resources/deliverables that may impact deadlines or standards and escalates for discussion and resolution. Plans medium-term requirements and provides insight into scope of potential problems and identifies possible solutions.
Continuous Improvement: coordinates team(s) and together they identify ways to improve department processes, and quality of customer service. Solicits feedback from multiple sources to identify ways to become a more highly functioning team. Actively participates in continuous learning and sets the department standard.
Attention to Detail: takes a lead role to implement efficient systems to ensure that high quality work is consistently maintained by self and others. These actions include careful monitoring of work that meets standards and project plan deadlines.
Adaptability and Support for Change: takes an active role to positively support team members through change. Supports change by generating new ideas and offering suggestions that will benefit the team.
Assesses, determines and recommends security requirements for data and systems protection.
Determines functional requirements, assesses technical solutions relative to functional requirements, conformance to the University standards, and ability to integrate within the Queen’s security reference architecture.
Assists with the planning of new initiatives within the security team or unit and, upon request, technological initiatives for other units and departments. Contributes information to project planning and execution.
Allocates one’s own time such that objectives are achieved, operational requirements are met, or to ensure project completion, based on the workload priority.
Determines when to involve senior staff in resolving complex or sensitive problems.
Applicants apply using the link below: