Achieving success through the diversity of our people
We welcome applications from all talented professionals and will consider each applicant on their individual merits. Browse through our current opportunities to find your place at Norton Rose Fulbright and apply online.
Not currently receiving applications. For agency users and internal applicant, please login, or register.
Job Title
Senior IT Security Analyst
Work Type
Full Time
Job Location
Calgary
Practice Group/Department
Information Technology
Role
Business Services
Description
Senior IT Security Analyst
Hybrid work schedule - please note that this
position can also be filled in any of our offices across Canada
Join our team as a senior IT security
analyst and play a vital role in safeguarding our
organization and clients against IT security threats. Reporting to
the Chief Information Officer, you'll lead efforts to remediate and
mitigate information security risks within Norton Rose Fulbright
Canada, and ensure our staff are well prepared to respond
appropriately to cyber risks in their day-to-day functions. Your
expertise will ensure our IT environment remains secure, enabling us
to deliver the highest level of service to our clients.
You will be focusing on:
Act as a champion in Canada for information security
best practice and policies both internally in the IT department
and with staff (including lawyers);
Maintain up-to-date knowledge of IT security best practices;
Assist the firm IT department in maintaining a
current security posture across all aspects of the IT environment;
Work with the global IT security team to identify and
mitigate risks and vulnerabilities in the Canada region;
Assist the global IT security team with developing
and maintaining the firm-wide security infrastructure
configuration, policies and procedures, identifying improvements
to procedures, and reporting on incidents;
Assist product owners in ensuring the
confidentiality, integrity and availability of the data in their systems;
Contribute to investigations into problematic
activity and provide on-going communication with senior management;
Contribute to the design and execution of
vulnerability assessments, penetration tests and security audits;
Develop content and campaigns and perform regular
security awareness training for all employees;
Follow up with users who failed phishing simulations,
and users who have not attended cyber training ensuring 100% compliance;
Encourage cooperative working with all business
functions. This includes writing process documents and conducting
training;
Coach and mentor internal IT staff on information
security best practices, and contribute to solution designs to
ensure a best-in-class organization;
Work with Canada IT to identify gaps in asset
management relating to security applications / controls missing
from all endpoints;
Work cooperatively with project teams to ensure that
new project and changes adhere to information security policies
and governance standards;
Create and maintain the IT Business Continuity Plan
and Disaster Recovery Plan;
Audit patch deployment processes to resolve root
cause of failed installations;
Contribute to client IT security audits;
Actively manage and monitor IT security systems such
as BitSight to highlight priority vulnerabilities in region;
Comply with the in-house information technology
procedures and protocols to ensure a high level of service to all users;
Document all security procedures and guidelines for
IT and the user community to ensure adherence to national and
global IT standards;
Be prepared to work after-hours.
What you bring to the role:
Education:College diploma or university degree in the field of
computer science, 10 years' equivalent work experience including,
preferably, 4 years as an IT Security Analyst
Certifications: One or more of the following certifications:
AZ-900 (mandatory), GIAC Security Essentials
Certification, GIAC Security Leadership Certification, (ISC)2
SCCP, (ISC)2 CISSP, (ISC)2 ISSAP, AZ-500 (asset), Comptia Security
Plus (asset), ITIL ( Achieved or pursuing)
Multi-Location Experience: Experience with maintaining IT security across a
multi-location, multi-DC environment
Vulnerability Management: Experience with vulnerability management and
scanning tools, including Qualys and BitSight, or similar toolsets
Compliance: Experience implementing strategies and technology to
maintain compliance with IT security best practice, including
ISO27001 and the ASD Essential Eight
Key skills: Effective communication with all levels of an
organization, facilitation and coordination skills, able to cope
with conflicting demands and high-pressure environment
Language skills: Written and spoken English is required, French is
an asset
Why join our team:
Hybrid work environment
Retirement savings plan with employer contribution
Benefit premiums paid by the firm
Telemedicine services
Wellness matters: Flexible health and wellness
allowance that covers much more than gym memberships!
Training and development programs based on your
interests and needs
Ready to join a proactive and modern firm that provides an
exceptional career experience in an inclusive and collaborative
environment? Come join us!
As a global law firm, we embrace a culture of excellence and working
hard, but always with a focus on flexibility, respect, diversity and
openness. We strive to create an equitable, inclusive environment
where everyone can bring their whole self to work and realize their
career potential.
If you are unable to apply for a position online or require any
reasonable adjustments during the recruiting process, please contact
cancalhr_rh@nortonrosefulbright.comto further discuss your needs.
Please note that applicants who receive an employment offer may be
required during their employment with Norton Rose Fulbright to provide
proof of vaccinations recommended from time to time by government or
public health authorities. Norton Rose Fulbright has a duty to
accommodate those who are unable to get vaccinated due to protected
grounds. For applicants who require an accommodation, please contact
cancalhr_rh@nortonrosefulbright.comto
discuss further.
We thank all candidates for their applications, but please note that
we will be contacting only those whom we invite for an interview.