About ORION: ORION is a not-for-profit organization dedicated to empowering Ontario researchers, educators and innovators. We foster a community of 1.7 million users at more than a hundred universities, colleges, hospitals and research institutions, school boards and regional innovation centres across the province. We enable ground-breaking discoveries and cutting-edge education by connecting institutions and regions through our network, facilitating collaboration, and providing our community with the digital tools and expert support they need to make the world a better place. As pioneers of cybersecurity thought leadership in Canada\xe2\x80\x99s research and education sector, ORION is committed to keeping our digital community safe by helping improve their cybersecurity posture. ORION is directly engaged in providing cybersecurity support and advice to approximately 40 universities and colleges in Ontario, and for some institutions in other provinces. As a workplace, ORION has a culture of inclusion, mutual respect and teamwork. Equity and diversity are an integral part of our commitment to innovation, connectivity and community. We encourage applicants from women, persons with disabilities*, Indigenous peoples, racialized people and others who may contribute to the further evolution of our network. Reporting Relationship:

• This entry level position reports directly to the Director, ON-CHEC Security Program

Salary and Benefits:

• Flexible work-from-home policy

• Comprehensive benefits package

• Career-training and development

• Generous holidays/vacations

• Many other perks

What we need: National Cybersecurity Assessment Program Analyst will support the universities and colleges participating in the National Cybersecurity Assessment program. The successful candidate will work in partnership with member groups to develop network security guidelines, assist in assessment of network security risk, and provide support and direction to constituents. Candidates will be a self-starter with excellent written and spoken communication abilities, and an exceptional capacity to understand our community\xe2\x80\x99s needs. We are looking for a teamoriented individual with strong professional ethics. Key Activities:

• Responsible for key deliverables of the National Cybersecurity Assessment Program,

while providing required project management, communication, documentation, and knowledge management support

• Provide our constituents (universities and colleges) with support for their

cybersecurity program & roadmap

• Support the National Cybersecurity Assessment program which may include:

o Manage the collection of security self-assessment responses based on CIS controls and NIST CyberSecurity Framework (CSF) o Provide technical advice regarding campus network security tools, best practices, and incident recovery approaches o Write monthly security digests for constituents o Participate in and/or lead working group activities o Evaluate security postures, frameworks and roadmaps o Advise on Information security programs o Advise on strategies and recovery plans in the event of an incident o Advise on the performance of penetration tests or \xe2\x80\x9cred teaming\xe2\x80\x9d on infrastructures, networks (internal/external), physical security, wireless technologies o Advise on IT internal audit mandates as a cybersecurity expert o Advise on methods and processes for security development in software solutions

• Provide regular security analytics reports for management review with identified risks,

identities, threats, and system vulnerabilities along with recommended remediation actions

• Analyze and decipher information from multiple systems to identify cyber events and

promptly alarm through reporting chain

• Perform security monitoring and traffic/data analysis

• Monitoring for Security Information and Event Management (SIEM), Intrusion

Prevention/Detection systems (IPS/IDS) and Threat Intelligence systems

• Collect and preserve the legally acceptable evidence of the malicious activity

Qualifications:

• Bachelors or Masters degree in Computer Science or Information Systems Security

• Training or equivalent experience in cybersecurity and/or IS security, either as part of

your degree program, or post-graduation.

• Assets include:

• CISSP, CEH, CRISC, CISM, C|CISO certification or equivalent

• 1-3 years of experience in Information security, ideally as part of a higher

education institution or consulting firm Knowledge and Skills:

• Passion for cybersecurity and knowledge of attack methods, tools, tactics, and techniques

• Experience in, or appreciation of, the unique challenges and risks faced by the higher

education sector in Canada

• Basic knowledge of NIST CSF and CIS controls framework

• Basic level knowledge of commonly used operating systems and their hardened

configuration

• Operational knowledge of Identity and Access management using AD/Azure AD

• Basic ITSM foundation knowledge regarding Incident Management, Service Request

Management and Change Management

• Foundational knowledge of ERP systems to advise on platform security

• Foundational knowledge of Cloud technologies and their inherent risks

• Basic experience with Incident Response

• Knowledge of behaviours of different types of threat actors

• Excellent analytical capacity

• Dynamic and self-directed

• Curiosity and well-informed of current trends in cybersecurity

• Excellent written and spoken communication qualities are essential

Job Types: Full-time, Permanent Salary: $75,000.00 per year Benefits:

• Dental care
• Employee assistance program
• Flexible schedule
• Life insurance
• Paid time off
• RRSP match
• Tuition reimbursement
• Vision care

Flexible Language Requirement:

• French not required

Schedule:

• Monday to Friday

Supplemental pay types:

• Bonus pay

Ability to commute/relocate:

• Toronto, ON: reliably commute or plan to relocate before starting work (required)

Work Location: Hybrid remote in Toronto, ON