Senior Security Analyst

Town of Oakville -
Oakville, ON

Postuler dès maintenant

Détails du poste

Temps plein
De 100 397 $ à 122 426 $ par an
Il y a 5 jours

Profil recherché

TCP
Informatique
Chiffrement
CISSP
Audit informatique
Systèmes d'information
Sécurité de l'information
Développement d'applications
CEH
Esprit d'analyse
Réponse aux incidents
Capacités de présentation
Protocoles de réseau
Scriptage
Réseaux informatiques
ISO 27001
Linux
TCP/IP
Cybersécurité
CompTIA Security+
Active Directory

Description complète du poste

Job Details:
Permanent Full Time (CUPE 1329)

Posting Status:
Open to all current Town of Oakville employees and external applicants

Closing Date:
Applications for this position must be received at oakville.ca by no later than 11:59p.m. on June 11, 2026.

This job posting is for an existing vacancy and therefore will be filled accordingly.

Reporting to the Information Security Officer & Program Manager, the Senior Security Analyst is a key member of the Security operations team which architect, design, deploy, implement, and support the operational services that align with the security technology supporting the Town of Oakville’s cybersecurity program.

Job Responsibilities

Provide strategic guidance to ensure alignment with cybersecurity governance frameworks, policies, and regulatory compliance requirements.
Identify, assess, and document cybersecurity risks; recommend and track remediation and mitigation strategies in line with organizational risk tolerance.
Oversee secure system configuration standards and ensure alignment with established hardening benchmarks and compliance frameworks.
Monitor the effectiveness of the organization’s cybersecurity controls, ensuring ongoing compliance with internal policies and external standards.
Maintain awareness of evolving cybersecurity threats, regulatory requirements, and industry best practices to inform organizational security strategy.
Establish and oversee certificate and encryption management practices to ensure compliance with security policies and standards.
Guide security operations and infrastructure from a risk and compliance perspective, including vulnerability management, patch governance, and adherence to service level agreements (SLAs).
Act as a key liaison between cybersecurity, and business units to communicate risk posture, compliance status, and remediation priorities.
Lead cybersecurity initiatives with a focus on governance, risk reduction, and regulatory compliance outcomes.
Coordinate and support incident response activities, ensuring root cause analysis, control improvements, and reporting obligations are met.
Drive continuous improvement of cybersecurity governance processes, including policies, standards, procedures, and control effectiveness metrics.
Mentor and guide team members on risk management practices, compliance requirements, and governance processes.
Manage and oversee third-party/vendor security risk, including due diligence, ongoing assessments, and contract compliance.
Translate complex technical risks into business-impacting insights for stakeholders, enabling informed decision-making. Support operational requirements as needed while maintaining a focus on governance, risk, and compliance priorities.

Qualifications

Completion of a three-year Diploma or Degree in Computer Science, Information Systems, Science Technology, or related field.
Minimum of 7 years' IT Security experience.
Current security certifications such as CISSP, CEH, ISC2, and Security+ are considered an asset.
An aptitude to identify and resolve problems with strong analytical and problem-solving skills.
Ability to automate solutions to repetitive problems/tasks using scripting languages
Demonstrated experience in TCP/IP and common network protocols.
Thorough understanding of enterprise security controls in Active Directory / Windows / Linux environments.
Experience with enterprise security technologies.
Experience in information security, data privacy, or information technology auditing.
Experience with support, patching, and remediation in response to security flaws.
In-depth knowledge of security monitoring and incident response.
Knowledge of application development lifecycle (SSDLC)
Technical writing experience is an asset
Excellent verbal, written and presentation skills.
Strong decision-making skills.
Knowledge of cybersecurity frameworks and standards (e.g., NIST CSF, ISO 27001, CIS Controls) and their application in enterprise environments is considered an asset.
Experience assessing and managing risks across network and infrastructure environments, including understanding of common protocols and security architectures is considered an asset.
Experience supporting vulnerability management programs, including risk-based prioritization, remediation tracking, and reporting is considered an asset.
Experience supporting audits, compliance activities, and regulatory reviews is considered an asset.

Please note that this position requires a satisfactory criminal record check dated within the last 30 days as a condition of employment.

DATED: May 29, 2026

The Town’s recruitment software includes elements of artificial intelligence to assist in the screening and short-listing of qualified candidates.

This job profile reflects the general requirements necessary to perform the principal functions of the job. This does not include all of the work requirements of the job. Applicants are required to demonstrate through their application and in the interview process that their qualifications match those specified. The minimum threshold score for the interview is 75%.

We thank all applicants and advise that only those selected for an interview will be contacted.

Postuler dès maintenant

Outils pour les chercheurs d'emploi

Outils Employeurs

Parcourir

Garder le contact