Senior IT Security Analyst - Risk / Compliance

Job Description

The Senior Technical Security Analyst ensures that all in-scope day to day, and project activities are properly defined; effectively managed;

deliver the expected results; and meet SCC standards and policies, and that documentation, deployment, and testing is performed according to professional industry standards.

• Reporting to the Director, Information Security, responsibilities include but are not limited to;
• Lead the security compliance and design, implementation and monitoring of controls to ensure adherence to PCI, ISO, NIST and other required company requirements;
• Assess information risk and facilitate remediation of identified vulnerabilities for IT Infrastructure and application security across the enterprise;
• Conduct security assessment and security audits to ensure adherence to security requirements, standards and policies;
• Lead and participate in assessment of technology and vendor information risk;
• Lead vulnerability assessments, penetration tests and threat assessments projects;
• Provide reporting and data-driven insights on the organization’s security posture, including vulnerabilities, incidents, and remediation efforts to senior management;
• Work with cross-functional teams to develop and implement security procedural documents and processes;
• Resolve security incidents in a timely and effective manner, ensuring minimal impact to the organization and learning from incidents to prevent future occurrences;
• Research, assess and provide gap analysis of the current processes leading to the completion of documenting current processes and identifying opportunities for process improvements;
• Evaluate internal and external environment for threats, changes, related to Information Security and perform the role as Information Security subject matter expert to ensure these are properly addressed and controlled;
• Ongoing management of the organization’s security awareness program; ensure that organizational processes adhere to regulatory compliance requirements;
• Conduct research on emerging security threats and trends, and develop strategies to mitigate risks.

Qualifications

• 8+ years of work experience in Information Security or equivalent combination of transferrable experience and education through university or college degree in Cybersecurity related field.
• Proven leadership abilities including effective knowledge sharing, conflict resolution, facilitation of open discussions, fairness and displaying appropriate levels of assertiveness.
• Proven ability to work under stress in emergencies with flexibility to handle multiple high-pressure situations simultaneously.
• Thorough knowledge and hands-on experience on Information security principles and framework (PCI, ISO, NIST, ZTNA, etc..).
• Thorough knowledge and hands-on experience in assessing and mitigating security controls and risk for on-prem infrastructure, Google Cloud and Azure.
• Thorough knowledge and hands-on experience in conducting security risk assessment of IT Infra including cloud, application and third-party.
• Ability to communicate highly complex technical information clearly and articulately for all levels and audiences.
• Ability to manage tasks independently and take ownership of responsibilities
• Strong customer focus with ability to manage customer expectations and experience and build long-term relationships.
• Strong team-oriented interpersonal skills with the ability to interface with a broad range of people and roles including vendors and IT-business personnel.
• Ability to adapt to a rapidly changing environment
• High critical thinking skills to evaluate alternatives and present solutions that are consistent with business objectives and strategy.
• Thorough knowledge of patching and deployment technologies for windows platforms
• Strong technical knowledge of current systems, software, protocols and standards. Including TCP / IP and network administration / protocols
• Experience developing, documenting and maintaining procedures.
• Ability to learn from mistakes and apply constructive feedback to improve performance.
• Any one or more security certifications (CISSP, CISA, CEH, GIAC, SANS).

Additional Information

Why members of our Corporate team love working at Sleep Country Canada / Dormez-vous? :

• This is not a job but a CAREER with opportunities for growth and advancement
• Diverse and inclusive work environment
• We will invest in you and provide extensive training, mentoring and continuous development
• Access to training and development platforms
• Full medical, dental benefits and a Deferred Profit Sharing Program
• Annual Wellness Credit of up to $250.00 for any products / services that improve your health and well-being, i.e., health assessments, nutrition counselling, hiking shoes, a yoga outfit or fitness equipment!
• Associate Discount Program where you will be able to enjoy some of the world’s best sleep products
• Maternity / Parental leave top up benefits
• Tuition Reimbursement Program that covers professional AND personal development
• Long service awards, celebrations and other social events
• Associate Referral Program
• Paid day off to volunteer at your local charity of choice
• Recognized as one of Canada’s Most Admired Corporate Cultures in 2023 by Waterstone Human Capital

Commitment to Equity, Diversity, Inclusion & Belonging (EDI&B)

At SCC / DV, we are committed to building a company culture of inclusion and diversity where differences are embraced and valued, this allows us to better understand and meet the needs of our customers and the communities we serve.

We want to ensure every job applicant is treated fairly and with respect regarding race, national or ethnic origin, religion, age, gender, sexual orientation, or disability.

About Sleep Country Canada / Dormez-vous?

Sleep Country is Canada’s leading specialty sleep retailer with a purpose to transform lives by awakening Canadians to the power of sleep.

Sleep Country Canada operates under the retailer banners; Sleep Country, Dormez-vous, the rest, Endy, Hush, Silk & Snow and most recently acquired, Casper Canada .

The Company has omnichannel and ecommerce operations including over 300 corporate-owned stores and 18 distribution centers warehouses across Canada.

Recognized as one of Canada’s Most Admired Corporate Cultures in 2023 by Waterstone Human Capital, Sleep Country is committed to building a company culture of inclusion and diversity where differences are embraced and valued.

The Company actively invests in its sleep ecosystem, innovative products, world-class customer experience, communities and its people.

For more information about Sleep Country, please visit www.sleepcountry.ca .