Bennett Jones LLP is a top tier, full service international law firm with offices in Calgary, Toronto, Edmonton, Ottawa, Vancouver, Montreal and New York. We are proud that Bennett Jones was ranked as a Platinum Level Best Employer in the 2023 "Best Employers in Canada" survey conducted by Kincentric.  The firm has also been recognized for 2023 as one of "Alberta's Top 75 Employers" and as a Top Employer for Young People in a study conducted by Mediacorp.  The firm has been ranked as one of the top places to work in Canada for 23 consecutive years.

We are currently recruiting for the following role in our Toronto office:

Senior Security Analyst

The Role:

We are looking for a senior security analyst to join the information security GRC team in Calgary. The successful candidate will lead specific security projects and assist with daily security operations. The position requires a minimum of three years of information security experience in a similar operational position and excellent communication skills. The successful candidate will work in a formal ISO 27001 environment, use advanced security tools, interact with business and IT stakeholders, and contribute to making the organization more resilient against cyber threats.

Essential Functions:

• Manage the Firm’s NDR and Firewall auditing solutions, among other tools, including ensuring proper configuration, maintenance, troubleshooting, and required upgrades.
• Manage specific network security tools, participate in information security operations, play a key role in maintaining ISO 27001 compliance, and lead various security projects.
• Respond to new security alerts and user requests related to information security, including conducting a thorough investigation to confirm root cause and risk level, and making appropriate recommendations.
• Develop and maintain Security Standard Operating Procedures (SOPs) for relevant security operations and security tools.
• Prepare and present regular metrics and reports in relation to security activities, performance, monitoring, alerts, and incidents.
• Maintain compliance with ISO 27001/2 by assisting with internal audits, making suggestions to improve the security posture, and updating or improving existing information security standards and procedures.
• Communicate with internal and external stakeholders (including Firm’s lawyers, assistants, and staff, other members of the IT department, and third-party security service providers), as required.

Qualifications:

• Bachelor’s degree in computer science/ engineering, technology, cybersecurity, or related fields.
• Minimum three years’ experience of technical information security operations, including:
  • System administration of a security solution (preferably NDR or XDR).
  • Conducting security investigations and incident response activities, analyzing events such as: suspicious network traffic, phishing email, malicious files and URLs, or failed authentications.
  • Hands-on usage of (1) network security solutions, including network threat detection, network Intrusion Detection/Prevention Systems (IDS/IPS), network traffic analysis and traffic capture tools, and firewalls, as well as (2) web content filtering tools, and Security Information and Event Management (SIEM) solutions (preferably Splunk)
• Minimum two years' experience of information security compliance, with the development, implementation and operations of information security policy and procedure.
• Minimum five years of IT and security experience with exposure to a broad range of security topics and technologies, including networking, web applications, Microsoft cloud and desktop environment (Microsoft Azure, Office365, Windows domain, Servers, SQL databases, Windows 10/11, etc.), and IT project management.

  Skills and Abilities:

• Strong analytical and technical abilities to investigate security events, including by obtaining the right data, running advanced log queries, and using strong common-sense reasoning.
• Ability to perform a sound assessment of security risks, including properly identifying the most likely scenario, obtaining appropriate evidence, providing appropriate recommendations, and clearly presenting the risks and related recommendations to management.
• Up to date knowledge of existing and emerging threats, with a deep understanding of common attack vectors, such as malware behavior, botnet pattern, vulnerabilities exploits, the landscape of cyber criminals, Advanced Persistent Attacks (APT), and the motive and methods of attack of cyber-criminals.
• In-depth knowledge and understanding of Internet and networking principles and protocols, including TCP/IP, UDP, DNS, DHCP, FTP, SSH, etc.
• Outstanding oral and written communication skills.
• Excellent interpersonal relationship skills.
• High level of attention to detail and accuracy.
• High degree of personal initiative and maturity with an ability to work with minimal supervision.
• Ability to prioritize tasks effectively, respect deadlines, and report any issues or conflict in the performance of operational activities, and the planning and scheduling of tasks and projects.

Professional Security Certifications as follows are an asset

• CISSP, CISA, CISM, CRISC
• SANS/GIAC, CompTIA Security+, CEH

Apply To:

Human Resources
Bennett Jones Services Limited Partnership
4500 Bankers Hall East, 855 – 2 Street SW
Calgary, AB T2P 4K7
E-mail:  hrdeptcal@bennettjones.com
#LI-Hybrid

#LI\Hybrid