IT Security Specialist
Do you thrive in a fast-paced, dynamic environment? Are you a collaborative team member with experience providing technical support and analysis of the IT Security environment?
Are looking to take on a new challenge? If you answered yes to these questions, consider applying for the role of It Security Specialist at CARFAX Canada!
Every day, Canadians rely on our insights to make one of the biggest decisions of their lives. As the country’s #1 provider of automotive history and valuation insights, we’re always innovating to make buying and selling used vehicles easier for all Canadians.
At CARFAX Canada, you’re not just another employee. You’re a critical contributor to the big picture and rely on data when making important decisions. You have a future mindset and are motivated to grow with us. You have a thirst for learning new things and building your skillset. You dream big and chart your own career path. You don’t settle for what’s quick and easy because you value quality. You know that the best teams are built on trust, so you use your voice to collaborate and create real change. You believe in taking the time to celebrate wins and have fun. You know leading a balanced lifestyle in a supportive work environment is important. You’re not just another employee. You are a CARFAX Canadian!
CARFAX Canada is looking for an IT Security Analyst who will own the security portion of the company and all of its products and services. Reporting to the Director of Technical Operations, they will support the development, implementation, monitoring, and maintenance of security controls, processes, procedures, and systems. This role provides guidance and management for information security projects and technical requirements.
If you love a challenge and have a passion for cloud-based software, we want to hear from you!
- Owns the security position of the company and all its products and services, including PCI compliance, security monitoring, audits, and overall compliance tasks related to security.
- Supports security technology to ensure proper operation, including upgrades and installations
- Responsible for initiating, architecting and implementing CFC security program.
- Conduct system security and vulnerability analyses and perform risk assessments.
- Act as an internal security consultant for system and network architecture design reviews.
- Perform network and code vulnerability testing as well as assist responsible parties in understanding and addressing vulnerabilities.
- Create cybersecurity awareness content and educate personnel on security threats and best practices.
- Performs product evaluations, recommends and/or implements products and services for the security stack.
- Act as the primary technical lead for information security incidents and performs forensic investigations of intrusions and other cyber security events to determine root cause.
- Provide recommendations for appropriate adaptation of the security environment to meet new demands.Reports, records and works with departments to resolve security related issues and incidents.
- Responsible for analyzing, developing, implementing and enforcement of security, privacy and data protection requirements, policies and corporate technical guidelines.
- Identify risks to the business by evaluating business objectives, system requirements, designs and integration points.
- Monitor and continually improve overall cybersecurity, including application security, network security, data security, and mobile security.
- Establish actionable security levels to address risk, define mitigation strategies, metrics, reporting and program services.
- Create maturity models and roadmaps that ensure continual program improvements.
- Research information security standards.
- Coordinate and track third-party penetration testing including scope, timelines and outcomes.
- Evaluate, source, implement, and support managed security services and consultants.
Education, skill and experience required:
- Bachelor's degree in computer science/related technical field or equivalent experience.
- 10+ years’ experience in the IT industry with at least 5 years’ experience in security/ cyber security.
- Strong experience and knowledge in IT security standards, risk, compliance regulations and best practices such as ISO 27001, ISO 27002, NIST, Soc1&Soc2 for Cyber security, OWASP, PCI DSS
- Strong familiarity with architecting and executing security program, designing and writing security policies and procedures, communicating and evangelizing security principles and concepts
- Experience in security architecture and implementation on native cloud environment preferably Microsoft Azure.
- Extensive experience in log analysis processes and technologies such as Splunk.
- Hands on experience in implementing security solution such as configuring firewall and installing, and configuring WAF tools such as Akamai, and Identity and Access Management (IAM).
- Strong understanding and knowledge in all aspect of Application Security Testing (AST) tools and processes.
- Knowledge of IP protocols, networks, security architectures and security threats in an IP network.
- Knowledge of incident handling and response, exploit analysis, tool deployment, network intelligence gathering, incident analysis, reverse engineering of attacker methods, digital forensics methods and procedures, eDiscovery, and demonstrated analytical analysis of information security and intrusion analysis.
CARFAX Canada’s core values are: Integrity, Objective, Customer Advocate, Solutions-Oriented and Transparent. The successful candidate will share these values.
Compensation includes base salary commensurate with experience, performance bonuses, health/dental benefits and an optional RRSP match program.
If you are interested in applying for this position, please visit our website. https://www.carfax.ca/about-carfax/work-at-carfax. Applications will be accepted until a suitable candidate is found.
We thank all applicants for their interest; however only those selected for an interview will be contacted.
CARFAX Canada is committed to providing accommodations for people with disabilities. If you require an accommodation during the application or selection processes, please advise in your cover letter.