Tarion

Sr. Cybersecurity Analyst SrCSA071624

Department: Information Systems

Type of Position: Full Time, Permanent

Location: 7th Floor, 5160 Yonge Street, Toronto, ON

Reporting to: Manager, Cybersecurity

Work Model: Hybrid – flexible work schedule (All remote work must be completed from your home office within the province of Ontario.)
Grade: L

About Tarion

Since 1976, Tarion has served new home buyers and new homeowners by ensuring that one of their life’s biggest investments is protected. Almost every new home in the province is covered by a new home warranty. This warranty protection is provided by Ontario’s builders and lasts up to seven years. It is backstopped by Tarion. More than 375,000 homes are currently enrolled in the warranty program. Every year about 55,000 new homes are enrolled.

How We Make a Difference

A home is one of life’s biggest purchases. As an independent, not-for-profit organization, Tarion provides Ontario’s new home buyers and owners with peace of mind that their purchase is safeguarded through the province’s new home warranty and protection program.

Almost every new home in the province is covered by a new home warranty. Tarion ensures consumer protection by providing free tools, guides and resources to help homeowners understand their builder’s warranty and navigate warranty claims with confidence.
If a builder does not meet their warranty commitments, Tarion offers guidance to help homeowners ensure they receive the coverage they’re entitled to, and when necessary, steps in to help resolve warranty claims.

This is a hybrid role requiring working two (2) days in the office and three (3) days remotely, per week. (All remote work must be completed from your home office within the province of Ontario.)


About the Role
The Senior Cybersecurity Analyst is responsible for protecting the company's hardware, software, users, network, and overall organization from cybercriminals. The primary role involves thoroughly understanding the company's IT infrastructure and technology landscape, continuously monitoring it, and evaluating potential threats that could breach the company's defenses.

The Senior Cybersecurity Analyst is dedicated to enhancing the company’s security posture and safeguarding sensitive information by implementing solutions and managing vendor relationships.

What you will be doing:

Identify

  • Identify, evaluate, and report on advanced threats and vulnerabilities, considering enterprise-level IT controls and technologies.
  • Responsible for the assessment of security requirements and controls during application development and acquisition processes as defined in the organization's security policies and standards.
  • Oversee and conduct comprehensive vulnerability testing on a broad spectrum of IT systems, identify security gaps, and recommend strategic actions to mitigate risks and enhance operational security.

Monitor

  • Oversee the monitoring of vulnerability business metrics and ensure the production of detailed security reports and dashboards.
  • Execute, oversee, and enhance activities within the Proactive Threat Management program to maintain high security standards.

Report

  • Maintain and analyze key business metrics for cybersecurity throughout the organization, producing detailed security reports.
  • Report to senior management on residual risks, vulnerabilities, and other security exposures, including the misuse of information assets and noncompliance.
  • Responsible for incident response activities and produce comprehensive security reports.

Vendor Management

  • Perform and oversee security risk assessments of third-party vendors, escalating issues that impact business objectives and priorities involving vendor selection.
  • Responsible for the execution of information security risk and control identification, evaluation, documentation, analysis, and reporting using advanced analytical tools.
  • Partner with cross-functional stakeholders (Finance, Legal, CIO, Business Unit Security teams, etc.) to ensure comprehensive vendor risk management.

Projects

  • Accountable for support of external and internal audits and audit remediation on information technology, generating strategic technical recommendations.
  • Design and oversee the implementation of information security controls and develop standard security configurations for new and existing information systems and processes.
  • Responsible for the review, analysis, and documentation of system, network, and application security vulnerabilities. Recommend and implement remedial actions in coordination with system owners, custodians, and business partners.
  • Develop, oversee, and deliver effective implementation of the Cyber Security Program, ensuring alignment with organizational goals.
  • Perform and oversee vulnerability assessments and tests, assisting technical teams in remediating identified vulnerabilities to maintain high security standards.
  • Provide in-depth risk analysis for configurations and procedures for existing and newly introduced systems, third-party providers, and processes.
  • Develop and maintain the organization’s Information Security Incident Response capability, procedures, and processes.
  • Develop and review Information Security related standards, procedures, and documented controls, identifying gaps and recommending process improvements.
  • Coordinate activities to mitigate and respond to identified risks.
  • Ensure corporate information security policies, standards, and practices are integrated into projects, new implementations, and operational tasks.
  • Create and maintain security playbooks for various scenarios.

Research New Technologies

  • Conduct advanced security research to stay abreast of the latest security threat landscape and current information technology trends.
  • Lead initiatives to evaluate and implement new security technologies and methodologies within the organization.


What you will need to succeed:

The Ideal candidate for this position will have experience in Enterprise Network & Systems and Cloud Architectures, Information Security & Risk Management Security Frameworks, Incident response lifecycle, Vulnerability Management and Security Awareness. While leading advanced threat identification, vulnerability assessments, and incident management. Ensure compliance with frameworks like ISO 27001 and NIST and drive the development of robust security policies and architectures. Proficient in risk analysis, performing comprehensive evaluations to mitigate risks and enhance security posture. Lead strategic planning, provide leadership to junior analysts, and foster a security-conscious culture through training and awareness programs. Staying abreast of the latest trends and technologies, they innovate and continuously improve the organization's cybersecurity defenses while effectively communicating with all levels of personnel.

Must Have:

  • Minimum Community College Diploma in Cybersecurity, Cybersecurity and Business Continuity Incident Response or equivalent
  • Minimum 6-10 years of experience working in an IT security function, specifically related to industry best practice compliance frameworks.
  • Security and privacy first mindset
  • Strong analytical skills to analyze security requirements and relate them to appropriate security controls.
  • Experience in ITIL, NIST or a comparable set of best practices for Information Technology Service Management
  • Working knowledge of the incident response lifecycle and MITRE ATT&CK Framework
  • Relevant accreditations/certifications and experience with ERM/GRC platforms an asset.
  • Bachelor's degree in information systems or equivalent experience
  • Experience with Enterprise Cybersecurity, Networks, Systems & Cloud Architectures
  • Experience with Information Security & Risk Management Security Frameworks
  • Relevant accreditations/certifications and experience with ERM/GRC platforms an asset.
  • Vulnerability Management and Security Awareness

Nice to Have:

  • Experience with Azure and Cloud Microsoft 365 Security Architectures


Why Choose Tarion?

We believe that Tarion’s employees are its most valuable asset. We strive to provide a welcoming work environment.

We offer employees a competitive compensation program, opportunities for learning and development, an employee discount program, access to wellness programs, and a variety of Employee Assistance Program tools and online resources to support well-being.

At Tarion, we believe that a strong commitment to diversity and inclusion allows employees to perform at their very best and underpins a culture in which everyone feels they have an equal opportunity to belong and build a career. Tarion is committed to developing and maintaining work environments and practices that ensure equality of opportunity in recruitment, selection and promotion, and to removing systemic barriers so that employees have every opportunity to feel included in the workplace.

If you are a person with a disability and have questions or would like help with your application, please contact a member of the Human Resources Department.

Application Submissions & Deadline:

Please submit a single file with a covering letter and resume with vacancy code SrCSA071624.

%FOOTER_POWERED_BY%breezy