Security Operations Compliance Specialist

COVID 19 On-Campus Requirements

Prior to May 1 2022 the University required all students faculty staff and visitors (including contractors) to declare their COVID-19 vaccination status and provide proof that they were fully vaccinated or had an approved accommodation to engage in in-person University activities. These requirements were suspended effective May 1 2022 but the University may reinstate them at any point.

About Queens University

Queens University is the Canadian research intensive university with a transformative student learning experience. Here the employment experience is as diverse as it is interesting. We have opportunities in multiple areas of globally recognized research faculty administration engineering & construction athletics & recreation power generation corporate shared services and many more.

We are committed to employment equity and diversity in the workplace and welcome applications from individuals from equity seeking groups such as women racialized/visible minorities Indigenous/Aboriginal peoples persons with a disability persons who identify in the LGBTQ community and others who reflect the diversity of Canadian society.

Come work with us!

Applicant Guidance & Information

At Queens we are committed to helping people achieve their best. Whether you are beginning your career at Queens or seeking your next opportunity we are here to support you. Visit our Applicant Resources for guidance on applying showcasing your skills and experience and preparing for interviews.

Disclaimer: As part of the application process at Queens University our recruitment system uses Artificial Intelligence (AI) as defined under the Ontario Employment Standards Act to ask job-related questions and confirm eligibility for hire. All final hiring decisions are made using non-AI related processes.

Job Summary

JOB SUMMARY:
Reporting to the Director Technology Operations Centre for Advanced Computing (CAC) the Security Operations Compliance Specialist (Specialist) is part of a team responsible ensuring compliance with CACs policies practices recognized cybersecurity frameworks while investigating cyber risk to facilitate remediation of identified vulnerabilities across the centre.

CAC is a regional partner in Canadas national digital research infrastructure and works closely with the Digital Research Alliance of Canada to support secure high-performance research computing environments for researchers at across this context the Specialist contributes to a trusted and compliant security posture that enables advanced research data stewardship and national collaboration.

The Specialist identifies and assesses risk documents remediation and risk acceptance options and provides subject matter expertise on security operations and compliance. As a subject matter expert the Specialist also maintains oversight of the security maintenance program as well as reporting on findings and recommending corrective action.

The Specialist maintains a strong collaborative working relationships with internal teams external partners and clients supporting the CACs mission to deliver secure scalable and reliable research computing services.

Job Description

KEY RESPONSIBILITIES:
Follows established security frameworks to provide input into compliance requirements security design solutions security training material workshops and communication updates.
Maintains the security of numerous systems ensuring configuration monitoring reporting and policies support the privacy requirements and security standards.
Participates in the development of cybersecurity operations capabilities and activities which include security design requirements operational maintenance activities documentation and the collection of evidence necessary for compliance objectives.
Participates in the delivery of security assessments to ensure compliance with security policies standards and procedures.
Participates in the delivery of security services including the collection of cyber-threat intelligence security vulnerability management perpetual scanning (VA) logging and monitoring SIEM event correlation operational metrics and reporting as well as specialized security needs and services pertaining to the network.
Supports and contributes to security-focused workshops training sessions and knowledge-transfer activities for researchers technical staff and partners aligned with CAC priorities and the Digital Research Alliance of Canada standards.
Anticipates security breaches and remains up to date on intelligence including hackers methodologies; maintains high degree of knowledge by tracking trends and best practices.
Develops and deploys security monitoring use cases.
Triages and analyzes security events to prioritize and escalate alerts that exceed thresholds.
Analyzes cybersecurity events and incidents to determine the root cause and apply the appropriate mitigation measures.
Creates scripts and implements tools to automate and develop a variety of configuration and update tasks including signature updates rule changes and policy updates on security devices.
Assists in the delivery of vulnerability assessments to ensure compliance with security policies standards and procedures and takes corrective action to mitigate identified security vulnerability.
Collaborates with diverse groups of internal and external IT teams and key stakeholders by interacting effectively and persuasively to investigate and resolve security violations.
Participates in the development and management of security metrics for cybersecurity operations with the aim of strengthening the security posture.
Creates maintains and publishes security documentation.
Participates in change review boards as requested; reviews network security requirements for firewall changes data encryption and other network security measures to ensure access and authorization controls are in place.
Research more effective security processes and implements application/processes that prevent data loss and service interruptions.
Works occasional extended hours and an on-call rotation outside regular work hours.
Undertake other duties as delegated in support of the CAC.

REQUIRED QUALIFICATIONS:
University degree in computer science or related field combined with a minimum of 5 to 10 years experience in a cybersecurity or information security role.
Professional certifications such as ITIL ISACA ISC2 CISSP CEH PCIP SANS GIAC GSEC are considered an asset.
Experience with information security standards and frameworks: NIST CSF SOC 2 ISO27001 etc.
Experience in cybersecurity in a multi-platform environment in three or more areas: research computing web applications virtualization environments SaaS models desktop applications networking concepts; fluent in multiple Windows and Linux operating systems.
Experience with network security operating system security Internet/web security DLP anti-malware IDS/IPS penetration & vulnerability testing cyber security and the ability to read and understand vulnerability bulletins and security event data.
Experience with troubleshooting network encrypted protocols: HTTPS TLS PPP Kerberos and Enterprise certificate management.
Demonstrated technical proficiency in the implementation and maintenance of multi-user Windows and Linux computer systems.
Experience analyzing security events and exploits with an in-depth knowledge of security event management network monitoring log collection and correlation and a good understanding of SIEM technology from architecture and engineering perspectives.
Experience with scripting languages: Unix scripting and Python.
Consideration may be given to an equivalent combination of education and work experience.

SPECIAL SKILLS:
Working with Others: actively seeks ideas from multiple sources for consideration to improve the performance of the team(s). Shares thoughts and information with all levels of expertise. Ensures that ones own behaviour does not negatively impact others when faced with complex situations.
Inclusivity: welcomes an inclusive environment and coachs others to address and support those who may feel vulnerable. Ensures the diverse group receives opportunities for fair treatment regardless of background.
Communication: takes an active role to communicate to multiple audiences and easily explains complex information to ensure the message is understood.
Customer Service and Support: actively engages the customer or team member and evaluates their needs in a timely manner. Establishes plans and organizes work to meet or exceed the deadlines. Periodically conducts plan reviews and provides an update to client/customer and recommends any process efficiencies.
Planning/Organizing: takes an active role in analyzing problems regarding resources/deliverables that may impact deadlines or standards and escalates for discussion and resolution. Plans medium-term requirements and provides insight into scope of potential problems and identifies possible solutions.
Continuous Improvement: takes an active role within a team(s) and together they identify ways to improve processes and quality of customer service. Solicits feedback from multiple sources to identify ways to become a more highly functioning team.
Attention to Detail: takes an active role to implement efficient systems to ensure that high quality work is consistently maintained by self and others. These actions include careful monitoring of work that meets standards and project plan deadlines.
Adaptability and Support for Change: takes an active role to positively support team members through change. Supports change by generating new ideas and offering suggestions that will benefit the team.

DECISION MAKING:
Prioritizes own work and work of project team members in accordance with evolving and/or competing priorities. Determine appropriate assignment of resources assists in solving problems analyze implication and decide on course of action that would result in timely and accurate completion of tasks.
Formulates evaluates and implements solutions to problems alone or cooperatively with senior staff and/or CAC staff.
Assesses the nature of a request and assists as appropriate.
Confidentiality is paramount; therefore aptitude to differentiate what information is sharable when and with whom.
Determine what information should be distributed to whom and in what format; decisions will be made based on the relevance of the information and the impact that recipients can have on the process or project outcome. Determine when to advise or involve senior staff.
Self motivates and prioritizes workloads.
Determines how to deal with operational problems that occur outside of working hours to avoid major customer impact.

Employment Equity and Accessibility Statement

The University invites applications from all qualified individuals. Queens is strongly committed to employment equity diversity and inclusion in the workplace and encourages applications from Black racialized persons Indigenous people women persons with disabilities and 2SLGBTQI accordance with Canadian Immigration requirements priority will be given to those who are legally eligible to work in Canada.

The University provides support in its recruitment processes to all applicants who require accommodation due to a protected ground under the Ontario Human Rights Code including those with disabilities. Candidates requiring accommodation during the recruitment process are asked to contact Human Resources at .