Location: Canada, ON, WaterlooApply Now
Working in the Global Information Security team, the Security Analyst will be expected to understand a wide array of IT security controls, secure product and solution development, processes and concepts. The Security Analyst will provide extensive support for product and solution security architecture reviews, network connectivity analysis, data protection strategies, secure access gates, and security incident and event processes (data logging and event management). The role will also be required to apply risk review concepts in support of audit controls for ISO27001, SOC1, and SOC2 on the Open Text Commercial platforms for external customers. This is a hands-on role that will require detailed knowledge of security concepts, secure commercial platform architecture, secure software and product development, secure cloud and web application architecture and best practices, risk models, security controls, security audits and other common IT security domain concepts.
You are great at:
• Leading efforts on behalf of the Global Information Security (GIS) team to service and support governance and risk management initiatives.
• Conducting security architecture reviews, risk analysis, and controls reviews in adherence to security policy.
• Working cross functionally with multiple teams and organizations in a collaborative and instructive manner to drive security best practices and ensure the secure implementation of web and cloud-based applications and solutions.
What it takes:
• 5+ years in security engineering or security compliance, risk and governance
• Bachelor’s Degree in Information Systems, Business Administration, or similar degree, or equivalent experience preferred.
• Familiar with commonly used information security concepts, best practices and standard procedures
• Deep understanding of network security and commercial infrastructure security concepts.
• Strong knowledge of and experience with secure cloud and web application and product development and implementation paradigms, frameworks, and best practices.
• Strong working knowledge with securing web containers and best practices.
• Strong knowledge of security controls, and risk management frameworks and models is a must.
• Must be able to evaluate and apply concepts of risk management and prioritization models for security related risk items.
• Capable of working under pressure in a continually changing environment.
• Ability and desire to stay current with emerging cybersecurity best practices, recommendations, and events and incorporate these into business processes, procedures, and policies where it makes sense.
• Is resourceful in knowing how to research problems and find information or documentation on related topics.
• Strong knowledge of Open Text Commercial products and solutions is desired.
• Strong inter-personal skills are required to work across multiple internal teams and to handle customer interface meetings on security related topics.
• Audit framework knowledge for ISO27001, PCI, SOC1 & SCO2 desired
• Good analytic, troubleshooting and problem solving
• Strong written and verbal communication skills
• Ability to work alone with minimal supervision effectively and efficiently
• Ability to participate in key proactive security programs.
• CISA, CISM, CISSP or ISSMP certifications preferred
At OpenText we understand and value diversity in our employees and are proud to be an Equal Opportunity Employer. We hire the best talent regardless of sex, national origin, disability or race. If you require accommodation at any time during the recruitment process please email firstname.lastname@example.org.