Information Security Analyst 3

Who We Are 

BGIS is a leading provider of customized facility management and real estate services. With our combined team of over 6,500 globally, we relentlessly focus on enabling innovation through the services we deliver, while actively looking for new opportunities that will enable innovation for our clients’ businesses. Globally, we manage over 320 million square feet of client portfolios across 30,000+ locations in North America, Europe, Middle East, Australia and Asia. Further information is available at www.bgis.com 

SUMMARY  

We are seeking an experienced and highly skilled Information Security Analyst III to join our dynamic team. The ideal candidate will have extensive experience in risk assessments, security testing, participating in audits and assessments, resolving security issues, investigating security incidents and administering security tools. This role is critical in ensuring the security and integrity of our organization's information systems and data.

KEY DUTIES & RESPONSIBILITIES  

Risk Assessments

• Conduct thorough risk and threat assessments to identify potential security concerns and vulnerabilities.
• Develop and implement risk mitigation strategies to protect the organization's assets.
• Regularly review and update risk assessment methodologies to align with industry best practices.

Security Testing

• Perform comprehensive security testing, including penetration testing and vulnerability assessments.
• Analyze results and provide detailed reports with actionable recommendations.
• Work closely with development and IT teams to remediate identified vulnerabilities.

Audits and Assessments

• Participate in internal and external security audits to ensure compliance with client and regulatory requirements, industry standards.
• Conduct security assessments of third-party vendors and partners.
• Collaborate with auditors to address findings and implement corrective actions.

Security Problem Resolution

• Identify and resolve security issues promptly to minimize impact on the organization.
• Develop and implement security policies and procedures to prevent future incidents.
• Provide guidance and support to other departments in addressing security concerns.

Incident Investigation

• Lead investigations into security incidents, including data breaches, malware infections, and unauthorized access.
• Analyze incident data to determine root causes and develop strategies to prevent recurrence.
• Prepare detailed incident reports and present findings to senior management.

KNOWLEDGE & SKILLS 

• Bachelor’s degree in Computer Science, Information Technology, or a related field.
• Licenses and/or professional accreditation such as GIAC, CISSP, CISM, CCSP, CEH Security+, or other Information Security certificates.
• Strong knowledge of cybersecurity frameworks and standards, including NIST, ISO 27001, OWASP, MITRE and PCI DSS.
• Familiarity with regulatory requirements and compliance standards (e.g., GDPR, HIPAA, PIPEDA).
• Strong problem-solving and analytical skills.
• Ability to lead teams to completion of special projects.
• Strong team player with excellent communication skills.
• Experience with security information and event management (SIEM) tools, SOAR, privileged access management, identity access management.
• Understanding and knowledge of Cloud (Azure, AWS, etc.) / F-SSO security practices
• Knowledge of SIEM / MDR / Mail managed services.
• Knowledge and experienced with network security services, including: IAM, DLP, AV, NAC.
• Experience with AI tools, such as CoPilot, Amazon Bedrock and ChatGPT 
• Familiarity with PowerBI to build dashboards and generate meaningful reporting.

Preferred Experience

• Minimum of 5 years of experience in cybersecurity, with a focus on risk assessments, security testing, and conducting incident investigation.
• Experience with endpoint security solutions and network security technologies.
• Experience with security information and event management (SIEM) tools, SOAR, privileged access management, identity access management
• Experienced with Cloud Security practices (Azure, Amazon, etc.).
• Proficient in monitoring various security administrative consoles as well as IT related administrative consoles to determine root causes for security events (Security Incident and Event Management, Endpoint Protection, Cloud Access Security Broker, Email Security, Privilege Access Management, Identity Provider).
• Experience in dealing with 3rd party vendors and/or service providers.
• Experience with email security solutions such as Proofpoint, including implementation of DMARC and other best practices.
• Experience in developing and maintain DLP policies and procedures. 

Work Environment

• Collaborative and fast-paced environment.
• Opportunities for professional development and growth.
• Partial remote work options available.
• Join us to make a significant impact in the field of cyber security and help protect our BGIS's critical assets.

At BGIS we believe that diversity and inclusion is a key business driver, such that we never lose sight of its importance as it is woven into the fabric of our organization. We are committed to maintaining a barrier-free recruitment process by providing equal employment opportunities through recruiting and retention of individuals of all backgrounds. We recognize that promoting diversity is an essential component of our continuing pursuit for organizational success! 

BGIS is an equal opportunity employer and we welcome you to apply for a position with us! If you require accommodation during the recruitment process, please contact us at askHR. Upon request for accommodation, we will consult with the applicant in question and provide, or arrange for the provision of, a suitable accommodation in a manner that takes into account the applicant’s accessibility needs due to disability.