Security Analyst

Position: Security Analyst Position Type: Full-time, Permanent (Existing Vacancy) Location: Toronto, ON (Remote)   The Company:    Postmedia is a Canadian news media company representing more than 110 brands across multiple print, online and mobile platforms. Award-winning journalists and innovative product development teams bring engaging content to millions of people every week whenever and wherever they want it.     This exceptional content, reach and scope offers advertisers and marketers compelling solutions to effectively reach target audiences. We are always on the lookout for talented individuals to join our team.     The Opportunity:  The Regina Leader-Post is seeking a talented photographer/multimedia journalist with exceptional photo and video skills to capture compelling visual stories that inform and engage our audiences, with emphasis on Regina and southern Saskatchewan.   As part of a collaborative newsroom team - including reporters, editors, and digital specialists - you will cover breaking and non-breaking news, sports, entertainment, business and related events, and be enterprising to find other visuals that tell stories in their own right. The successful candidate will also find ways to creatively and proactively illustrate our needs. The emphasis is on timely visual content to enhance storytelling online and in print, while thriving in a fast-paced news environment with tight deadlines.   What you’ll do:  Assist in the maintenance and documentation of security policies, procedures, and standards under the guidance of senior security team members.  Manage account lifecycle tasks (enable/disable accounts, approve access requests); enforce BYOD, MFA, and secure remote access.  Assist with IT audits by collecting documentation, preparing evidence, and supporting coordination with internal teams.  Provide security guidelines for employees traveling internationally (VPN usage, device protection).  Advise on security best practices, including safe handling of company devices and data protection during travel or remote work.  Participate in incident response activities by performing initial analysis, documentation, and evidence collection, escalating findings to senior analysts as required.  Support security awareness initiatives by assisting with content preparation, communications, and tracking participation.  Maintain up-to-date detailed knowledge of the IT Security industry including awareness of new or revised security solutions, improved security processes and the development of new attacks and threat vectors.  Collaborate with IT leadership, privacy analysts, and external vendors to maintain security posture and resolve compliance issues.  Participate in the implementation of new security solutions, policies, standards, baselines guidelines and procedures to support those as established by Postmedia’s security goals and to actively work towards upholding those goals.  Assist with vulnerability scanning, risk assessments, and remediation tracking under defined processes and supervision.  Participate in the planning and design of the Business Continuity Plan and Disaster Recovery Plan.  Recommend additional security solutions or enhancements to existing security solutions to improve overall security.  Provide support as required for MSSP Level 2 and 3 Support for all in-place security solutions.  Maintain operational configurations and baselines for all in-place security solutions.  Learn to automate repetitive security tasks such as reporting, alert enrichment, and evidence collection using scripting and workflow tools.  Assist in the development and maintenance of security automation workflows under supervision.  Explore the use of AI-assisted tools for log analysis, reporting, and security operations in accordance with Postmedia governance and security standards.  Document automation workflows and contribute to continuous improvement initiatives.  Regular hours apply. Occasional after-hours support may be required for learning, shadowing, or supervised activities.  Perform other duties as assigned.    Who you are:  One or more of the following certifications would be an asset: Security+, CySA+, or equivalent (or “working towards”)  Knowledge of endpoint detection and response (EDR), CASB, IDPS and other security related concepts.  Knowledge of security frameworks or standards such as CIS Top 20, NIST and ISO 27001, 27017, 27018.  Knowledge of GDPR, CASL, PIPEDA and PCI compliance requirements.  Understanding of IP, TCP/IP and other network administration protocols.  Understanding of Windows and Linux operating systems.  Exposure to scripting or automation using Python, PowerShell, Bash, or similar, with an interest in expanding automation and AI skills.  Ability to effectively prioritize and execute tasks.  Ability to conduct research into IT security issues and products.  Able to work independently on assigned tasks while seeking guidance and feedback as part of a collaborative team.  Team-oriented and skilled in working within a collaborative environment with strong communications skills.   Be naturally innovative and forward thinking when problem solving, be analytical and detail oriented.  Inherently demonstrate a high level of integrity, discretion, and trustworthiness.  Willingness to travel on occasion as required.    Must-Haves: Foundational understanding of information security concepts and frameworks, with a willingness to learn and develop deeper expertise.  Experience with identity and access management tools, firewalls, antivirus, IDS/IPS, endpoint security.  Familiarity with VPNs, MFA, and cloud security solutions.  Experience conducting vulnerability assessments and penetration tests.  Excellent communication and documentation skills.  Ability to manage multiple tasks in a fast-paced environment.    Compensation:  Employment offers presented to the selected candidate are based on a combination of qualifications, experience, responsibilities of the role and the candidate's location.  Base Salary: $45,000-$60,000