Security Analyst

About the job

At the Trudell Medical Group of Companies our vision is to provide patients throughout the world with medical devices and services that make their lives better. The Group manufactures and globally markets some of the leading brands in respiratory care, including the AeroChamber® brand of valved holding chambers, the Aerobika® brand of OPEP devices, and the AeroEclipse® brand of nebulizers. Trudell Medical Limited is the Corporate entity within the Trudell Medical Group of Companies and operates out of our offices in London, Ontario Canada.

Security Analyst is a role in our Corporate IT Network and Security team.

This is an office-based role with the option of a hybrid work arrangement.

Must be available to come into the London, Ontario office 3 days per week.

Your success in this role will be grounded in your values as a person who always acts with integrity and who treats everyone with respect. You continuously improve the systems and processes around you, and you take accountability for your work. You thrive in a team environment where you are open to learning from others, adjust to others’ styles, and drive hard to reach shared objectives. You have the ability to manage requirements elicitation activities with a variety of stakeholders and manage a workload that involves tasks from concurrently running initiatives.

You have a post-secondary diploma in IT with a concentration in cybersecurity and 7+ years of experience in the cybersecurity field.

You possess knowledge of security and control-based frameworks such as NIST, COBIT, CSF, SOC2, and ISO as well as firewalls, proxies, SIEM, antivirus and IDPS concepts. You are also knowledgeable in MITRE ATT&CK and OWASP, cybersecurity certification (ISC, GIAC) and cloud security fundamentals.

Reporting to the Manager, Network and Security, you will analyze the design and operating effectiveness of controls within cybersecurity programs amongst the Trudell Medical Group of companies (“TMG”). You will also collaborate with operating company technology and development teams to ensure implementation and execution of cybersecurity deliverables, in support of risk reduction, compliance and reporting frameworks.

Specifically, you will focus on:

Design and Operating Effectiveness of Cybersecurity Controls

• In collaboration with TMG technology and development teams, and supported by third-party specialists, contribute to the design and implementation of cybersecurity controls
• Obtain a depth of understanding in company IT infrastructure, extending to include operating systems, development environments, firewalls, VPNs, proxies, security and information event management systems (SIEMs), among other technologies
• Assist in program management and task execution across multiple cybersecurity program and SOC2-specific deliverables, including: periodic penetration tests and network scans, threat risk assessments, security operations center alert configuration, business continuity and disaster response plans and tabletop exercises, ransomware simulations, incident response tabletop exercises and SOC2 readiness
• Proactively direct internal technical teams where required to facilitate contributions to, and timely completion of, cybersecurity control-related tasks, remediation, etc.
• Document process and procedure changes required to maintain program compliance
• Internally promote best practices for information security
• Assist with managing vendors and their third-party support

Auditing and Reporting

• Document cybersecurity program control effectiveness assessments and internal audits, and prepare reports for key stakeholders
• Validate cybersecurity control evidence where required to support SOC2 compliance
• Recommend changes to controls or areas of improvement where appropriate
• Contribute to updating cybersecurity policies where appropriate

Incident Response

• Investigate security alerts and breaches
• Assist with event response and vulnerability fixes when required
• Conduct threat research and stay current in the cybersecurity field
• Participate in cybersecurity training events for the benefit of the OpCos
• Perform forensic investigations of security control violations and escalated incidents

Apply today!