Four Seasons Hotels and Resorts is a global, luxury hotel management company. We manage over 120 hotels and resorts and 50 private residences in 47 countries around the world and growing. Central to Four Seasons employee experience and social impact programming is the company\xe2\x80\x99s commitment to supporting cancer research, and the advancement of diversity, inclusion, equality and belonging at Four Seasons corporate offices and properties worldwide. At Four Seasons, we are powered by people and our culture enables everything we do. Four Seasons has an exciting opportunity in our Information Systems Technology department for a Security Operations Analyst. Working with the Security Operations team, the Security Operations Analyst will define, enforce, and audit security policies across multiple business enabling technologies. The Analyst will ensure that all technologies are configured efficiently and operated effectively. This role is based in Four Seasons Hotels and Resorts, Toronto Corporate Office, reporting to the Manager, Security Operations. Key Activities/ What You\xe2\x80\x99ll Be Doing Security Technology Implementation
Assist in selection, deployment, and administration of key security technologies.
Act as the gatekeeper of deployed security technologies and ensure alerts are acted upon in timely manner to maintain a solid security posture across the organization.
Participate in the activities related to testing, monitoring, and deployment of new security technologies.
Information Security Policies and Procedures
Assume responsibility for keeping the set of Four Seasons Information Security Policies and Procedures up to date.
Review and provide consultation on Four Seasons\xe2\x80\x99 technology risk assessments
Define and ensure that that these policies are translated into day-to-day operational procedures that are diligently followed globally
Continue to improve overall Security processes working with stakeholders from differing functions as required.
Incident Response
Assist in conducting investigations of security breaches and non-adherence to IT security policies and procedures, including those of a sensitive and confidential nature
Reports findings and recommendations to Manager.
Participate in Improving and updating, as required, the company\xe2\x80\x99s documented incident response procedures in the including invocation of C.I.R.T.
Security Operations
Investigate and Analyze security-related events, review the risk and validity, and engage the right teams for mitigation.
Ability to understand system data, including, security event logs, system logs, and firewall logs for in-depth investigations and Root Cause Analysis.
Report and investigate potential security incidents
Contribute to the development/delivery of awareness training and general Information Security education
Leverage knowledge of attacks/investigations to establish a feedback loop; engage with and influence key stakeholders to enhance security posture.
Vulnerability Management
Conduct Network and System Vulnerability assessments and documentation of corrective/remediation actions
Drive the end-to-end vulnerability lifecycle from discovery to closure
Identify internal and external threats that could result in unauthorized disclosure, misuse, alteration, or destruction of customer\xe2\x80\x99s information assets
Ensure timely follow up with patch management and vulnerability remediation with impacted stakeholders
Assist in investigations where necessary as dictated by monitoring, requests from Security & Investigations and/or Executives.
Desired Skills/ Who You Are
Passion for Information Security and Privacy disciplines
Highly critical and analytical disposition
High attention to detail and strong listening skills
Ability to work independently with minimal supervision
Natural curiosity and an ability to undertake creative exploration
Self-motivated, with critical attention to deadlines and reporting
The ability to manage tasks simultaneously and meet deadlines within a high energy, fast paced and evolving environment
The ability to grasp and communicate technical issues to a variety of audiences
Technical Skills and Knowledge
Very strong working knowledge of security tools such as firewalls, IDS/IPS, A/V, EDR, anti-spam, content management, server and network device hardening, etc.
Competence in using an internal and external ticketing system for ITIL-based incident, problem and change management
Proficiency in running, adjudicating and remediating results from vulnerability scans
Working knowledge of OWASP Top 10 and application security fundamentals
Understanding an experience with enterprise SIEM
Understanding of secure application development techniques and tools.
Familiarity with ISO 27001/2, COBIT are assets.
Experience, Education and Professional Qualifications / What You Bring
Bachelor\xe2\x80\x99s degree or equivalent business qualifications.
Information Security certification required (CISSP, GSEC, GMON, or similar)
Networking certification preferred (CCNP, CCNA, or similar)
Minimum 2 years of relevant experience in an IT Security role
Proven experience performing analysis of security events to determine root cause and provide resolution
Strong experience with cloud operations \xe2\x80\x93 security focused (AWS, Azure)
Experience with IT/Network operations including server and network/firewall configuration
Strong understanding of PCI DSS
Very strong working knowledge of security tools such as firewalls, IDS/IPS, A/V, EDR, anti-spam, content management, server and network device hardening, etc.
Previous experience in troubleshooting day-to-day operational processes such as report generation, data verification, data correlation, etc.
Strong experience with cloud operations \xe2\x80\x93 security focused (AWS, Azure)
Experience in WAF technologies
Experience with IT/Network operations including server and network/firewall configurations
Experience and/or knowledge of security and privacy enhancing technologies such as identity management, application security and network security technologies
Proven experience performing analysis of security events to determine root cause and provide resolution
Exposure to Disaster Recovery and Business Continuity processes are assets
Preferred experience with above systems in a hotel/hospitality environment
All internal applications must be submitted and approved in Workday by April 10, 2023. This role will be a Hybrid working model, which will require 3 days per week in the Four Seasons Corporate Office located at 1165 Leslie Street, Toronto, Ontario #LI-Hybrid Four Seasons is committed to providing employment accommodation in accordance with the Ontario Human Rights Code and the Accessibility for Ontarians with Disabilities Act. If contacted for an employment opportunity, please advise Human Resources if you require accommodation.
Beware of fraud agents! do not pay money to get a job
MNCJobz.com will not be responsible for any payment made to a third-party. All Terms of Use are applicable.