Lead Analyst – IT Security Risk & Compliance (Application Security)

Follow us on LinkedIn

Posting Reason:

Job Type:

Anticipated Duration in Months (for contracts and temporary assignments):

Job Family:

# of Open Positions:

Faculty/Service - Department:

Campus:

Union Affiliation:

Date Posted (YYYY/MM/DD):

Applications must be received BEFORE (YYYY/MM/DD):

Hours per week:

Salary Grade:

Salary Range:

Position Purpose

Reporting to the Senior Manager IT Security the incumbent directs the design development implementation integration testing and ongoing management of application security across all University systems. This includes mission-critical applications such as Oracle PeopleSoft containerized environments (Kubernetes) cloud platforms (Microsoft Azure) and application delivery systems (F5). The incumbent works with minimal supervision and acts as a subject matter expert in application security ensuring secure development practices and compliance with industry standards. The role also provides security education to the University community and leads monitoring investigation and resolution of application-related security issues.

In this role your responsibilities will include:

• Application Security Planning Design and Deployment: Develop plans and approaches to designing and configuring security system requirements for University enterprise systems. Responsible for establishing and/or implementing frameworks and templates to standardize information security solutions and application integration activities.
• Application Security Administration and Platforms: Assess security configuration lead system security administration and recommend process improvements on select University enterprise Systems. Lead the implementation operationalization customization configuration programming testing and maintenance of complex security platforms/solutions using multiple technologies.
• Development: Develop program code/scripts according to technical standards and security policies. Build/develop use cases for Security Operations Centre. Responsible for ensuring all code is properly versioned maintained and reviewed within enterprise code repositories and SDLC practices.
• Problem Resolution: Analyze operational/complex problems and implement solutions to resolve these problems. Communicate with vendors technical representatives to resolve complex problems by providing detailed information and following up with documentation. Investigate and analyze security incidents risks and breaches to security policy/procedures. Conduct and document root cause analysis. Participate in the design of solutions to IT Security problems.
• Knowledge and Enforcement: Maintain a solid working knowledge of Information Security principles and practices. Conduct research of the current trends of information security and event monitoring and keep up-to-date with issues and technologies. Participate in knowledge sharing with other team members to advance the security monitoring program. Enforce IT security policies procedures and specific security standards that govern various level of security.

What you will bring:

• University degree in Computer Science or Information Technology or a related field or an equivalent combination of education and experience.
• Minimum of 7 years experience in design development implementation and management of applications/systems related to Information Security in a complex and diverse IT environment.
• Proven experience designing and securing large-scale enterprise applications in a multi-platform environment including Oracle PeopleSoft Kubernetes F5 BIG-IP and Microsoft Azure.
• Advanced knowledge of application security principles secure SDLC and DevSecOps practices.
• Strong expertise in ERP security (PeopleSoft) container security (Kubernetes) and cloud-native security (Azure).
• Experience with security technologies such as SIEM platforms (Splunk is an asset) vulnerability scanners penetration testing frameworks and application firewalls.
• Proficiency in programming and scripting languages for automation and security integration within CI/CD pipelines.
• Leadership skills with the ability to coach mentor and influence development and operations teams on secure practices.
• In-depth analytical skills for complex problem solving including threat modeling and risk assessment.
• Knowledge of the Universitys IT and security policies procedures and standards is an asset.
• Experience managing security projects and meeting strict deadlines.
• Excellent communication skills to interact with technical and non-technical stakeholders and provide expert guidance.
• Professional certifications such as CISSP CSSLP or cloud security certifications (Azure Security Engineer) are preferred.
• Ability to work a flexible schedule including occasional weekends and evenings.
• Bilingual: French and English (spoken and written).

#LI-Hybrid #LI-DP1

Key Competencies at uOttawa:
Here are the required competencies for all or our employees at uOttawa:

Planning: Organize in time a series of actions or events in order to realize an objective or a project. Plan and organize own work and priorities in regular daily activities.
Initiative: Demonstrate creativity and initiative to suggest improvements and encourage positive results. Is proactive and self-starting. Show availability and willingness to go above and beyond whenever it is possible.
Client Service Orientation: Help or serve others to meet their needs. This implies anticipating and identifying the needs of internal and external clients and finding solutions on how to meet them.
Teamwork and Cooperation: Cooperate and work well with other members of the team to reach common goal(s). Accept and give constructive feedback. Able to adjust own behaviour to reach the goals of the team.

The University of Ottawa embraces diversity and inclusion in the workplace. We are passionate about our people and committed to employment equity. We foster a culture of respect teamwork and inclusion where collaboration innovation and creativity fuel our quest for research and teaching excellence. While all qualified persons are invited to apply we welcome applications from qualified Indigenous persons racialized persons persons with disabilities women and LGBTQIA2S persons. The University is committed to creating and maintaining an accessible barrier-free work environment. The University is also committed to working with applicants with disabilities requesting accommodation during the recruitment assessment and selection processes. Applicants with disabilities may contact to communicate the accommodation need. All qualified candidates are encouraged to apply; however Canadians and permanent residents will be given priority.

Note: if this is a union position: The hiring process will be governed by the current collective agreement related to the union affiliation noted above; you can click here to find out more.

If this is a front-line position with responsibilities to interact with students selected candidates must be rated at the Low Advanced proficiency level or higher for both oral comprehension and reading comprehension in their second official language. The rating is determined by a proficiency test designed by the Official Languages and Bilingualism Institute.

Prior to May 1 2022 the University required all students faculty staff and visitors (including contractors) to be fully vaccinated against Covid-19 as defined in Policy 129 Covid-19 Vaccination. This policy was suspended effective May 1 2022 but may be reinstated at any point in the future depending on public health guidelines and the recommendations of experts.