Information Security Analyst

This position is a part of the Non-Academic Staff Association (NASA).

This position offers a comprehensive benefits package which can be viewed at: Faculty & Staff Benefits .

Location - This role is hybrid with a mix of remote and in-person work at North Campus Edmonton.

Working for the University of Alberta

The University of Alberta acknowledges that we are located on Treaty 6 territory, and respects the histories, languages and cultures of First Nations, Métis, Inuit and all First Peoples of Canada, whose presence continues to enrich our vibrant community.

The University of Alberta is teeming with change makers, community builders, and world shapers who lead with purpose each and every day. We are home to more than 40,000 students in 200+ undergraduate and 500+ graduate programs, over 13,000 faculty and staff, 260,000 alumni worldwide and have been recognized as one of Canada’s Greenest Employers for over a decade.

Your work will have a meaningful influence on a fascinating cross section of people—from our students and stakeholders, to our renowned researchers and innovators who are quite literally curing diseases, making discoveries and generating solutions that make the world healthier, safer, stronger, and more just.

Working for the Office of the Chief Information Security Officer

As part of the University of Alberta's Information Services and Technology (IST) portfolio, the Chief Information Security Officer (CISO) in a post-secondary environment oversees all aspects of information security within the institution. Their primary responsibilities include developing and implementing comprehensive security policies and procedures to safeguard sensitive data and intellectual property. The CISO also leads efforts to identify and mitigate cybersecurity risks, including monitoring network infrastructure and responding to security incidents. They collaborate closely with other departments to ensure compliance with relevant regulations and standards, as well as providing training and awareness programs to educate staff and students about best practices in cybersecurity. Ultimately, the CISO plays a critical role in maintaining the integrity and confidentiality of the institution's digital assets and infrastructure.

Position 

Reporting to the Manager, Information Security, the Information Security Analyst is responsible for the operation, application, investigation, and enforcement of IT/InformationSecurity systems and policy for the University of Alberta. The incumbent will be responsible for a wide range of technologies including next-generation firewalls, anti-malware systems, remote access technologies, security incident response and vulnerability management tools to ensure the availability, integrity, and confidentiality of University data and technical resources. The incumbent will also be responsible for education and awareness related to cybersecurity including presentations on the topic across campus. The Information Security Analyst will have a broad understanding of network, server, workstation and internet security concepts and be able to effectively communicate them to a wide variety of audiences. They will provide input and assistance to the Office of the Chief Information Security Officer on campus-wide initiatives and provide security subject matter expertise to all faculties, departments, and units at the University. The successful candidate can look forward to an energetic, professional team environment where there is a commitment to personal and professional growth.

Duties 

Security Configuration Management: 

• Ensures threat prevention and detection systems are updated and fully integrated.
• Maintains rule and policy aspects of next-generation firewall deployments.
• Collaborates with stakeholders on dependency and shared responsibilities. 

Vulnerability Management:

• Identifies and prioritizes vulnerabilities in University assets using automated and manual tools.
• Provides stakeholders with understandable assessment results.
• Ensures current code releases and bug fixes are implemented in vulnerability management tools. 

Security Incident Response:

• Acts as a first responder for potential system breaches and account compromises.
• Maintains forensic integrity and chain-of-custody for analyzed media.
• Investigates abuse involving University networks, adhering to privacy requirements. 

Anti-Malware Management: 

• Maintains various anti-malware technologies and integrates them with other security tools.
• Reviews logs for risk assessment and submits unknown files for analysis.
• Collaborates with external malware analysis service providers and manages anti-malware policies. 

Education, Awareness, and Consulting:

• Assesses security risks and assists in creating policies to mitigate them.
• Provides guidance on secure deployment of IT projects and delivers training on cybersecurity topics.
• Coordinates campus-wide campaigns promoting safe online habits and supports privacy and security reviews. 

On-Call and After-Hours Support:

• Participates in 24x7 on-call rotation and responds to after-hours security requests.
• Troubleshoots unexpected outages and collaborates with other teams for resolution.
• Ensures Information Security Analyst availability throughout the year.

Minimum Qualifications

• Post-secondary education in a related field OR 3 years experience in a pure security role is preferred. Consideration will be given for applicants with similar experience or qualifications. 
• Any combination of one or more of the following professional designations is preferred: CISSP, CEH, GSEC, CompTIA Security+, Cisco CyberOps, Cisco CCNP Security, Cisco CCIE Security. Consideration will be given for certifications not listed here that are relevant to the specific position.

Preferred Qualifications

• Knowledge of network protocols such as TCPIP/ICMP/UDP, encryption fundamentals, next-generation firewalls, virtual private networks, anti-malware techniques, vulnerability management, mobile device management, threat detection/prevention technique and security incident response processes are preferred.
• Knowledge of Windows, Mac and Linux operating systems.
• Knowledge of current and emerging threats and technologies related to information security.
• Knowledge of FreshService ticketing system.
• Knowledge of Information Technology Service Management (ITSM) concepts.
• Excellent written and oral communication skills.
• Excellent presentation skills and the ability to communicate complex topics and ideas to a wide variety of audiences.

At the University of Alberta, we are committed to creating an inclusive and accessible hiring process for all candidates. If you require accommodations to participate in the interview process, please let us know at the time of booking your interview and we will make every effort to accommodate your needs.

Note: Online applications are accepted until midnight Mountain Standard Time of the closing date.

We thank all applicants for their interest; however, only those individuals selected for an interview will be contacted.