About the role

Senior Security Analyst at McCarthy Tétrault in Canada focusing on security and IT compliance initiatives. Collaborating with teams on incident response and vulnerability management in a hybrid workspace.

Responsibilities

Working with IT/ Security stakeholders during investigations and incident response activities.
Working with internal stakeholders to lead a strong vulnerability and patch management program.
Liaising with clients on external audit and compliance requests.
Leading security risk assessments against internal and external clients and technologies, as required.
Supporting IT and Business projects as the Security SME and conducting project risk assessments where necessary.
Contributing to the identification and evaluation of information security threats through internal technology and process reviews of existing security controls.
Participating in the periodic review of the firewall rule-set and regular reviews of identity access management.
Developing and executing penetration testing process, as well as follow up remediation activities.
Maintaining awareness of current and emerging threats and staying abreast of current and developing technologies, risks, and security best practices.
Developing and coordinating the Department’s Security Awareness Training program.

University degree or equivalent in Information Technology or Information Security.
Minimum of 7 years of relevant work experience, including a minimum of 5 years of hands-on experience as a Security Administrator, Support Desk Consultant or similar IT roles involving frequent customer contact.
Minimum of 3 years of experience with an EDR solution such as Crowdstrike/ Defender / SentinelOne.
Minimum of 3 years of experience with cloud security technologies within AWS/ GCP/ Azure.
Experience with ISO 27001/27002 and/or Top 20 Critical Controls required.
Experience with information security risk assessment methodologies required.
CISSP or CISM certification preferred.
GCIH or GCFA certifications a strong asset.
Strong written and verbal communication skills.
Strong written and verbal communication skills; interpersonal and collaborative skills; and the ability to communicate security and risk-related concepts to technical and non-technical audiences.
A critical thinker with strong problem-solving skills.
Knowledge of technological trends and developments in the area of information security and risk management.
High level of personal integrity, and the ability to professionally handle confidential matters and exude the appropriate level of judgment and maturity.
Strong organizational skills, with a high attention to detail.
Bilingualism (French, English) would be an asset.

Outstanding benefits from day one, including insurance premiums paid by the Firm and wellness and technology reimbursements.
Competitive compensation, paid overtime and generous time off, including a day off to volunteer and a day off for your birthday.
A commitment to professional development and growth opportunities for our people at all levels, supported by a culture that fully embraces and encourages two-way feedback.
Strong community involvement and a commitment to equity, diversity and inclusion.
A collaborative, cohesive culture that connects lawyers and business teams through collective purpose.