Senior Security Analyst

Vaughan, ON
Permanent
Full-time

16 days ago

DescriptionWe're seeking a Senior Security Analyst to play a key role in protecting Longo's systems, data, and customers. You'll combine hands-on technical expertise with leadership in compliance, governance, and security operations, all in a collaborative, fast-paced team environment.Position: Senior Security AnalystJob Overview:The Senior Security Analyst at Longo's is a key technical lead responsible for driving the successful execution of security initiatives, coordinating PCI-DSS compliance, and enhancing cybersecurity governance. Reporting directly to the Senior Manager Cybersecurity, this role combines advanced hands-on expertise with ownership of critical processes, including GRC tooling, compliance operations, and operational process development. This is a high-visibility role that delivers actionable insights to leadership, drives the implementation of effective security controls, and develops team capabilities through mentorship and knowledge sharing.Accountabilities:Threat Detection and Response:

Oversee monitoring and investigation of security alerts from tools such as SIEM, EDR, and WAF.
Coordinate with the MSSP to tune and enhance detection capabilities, ensuring threats are identified and contained promptly.
Act as an escalation lead for high-severity incidents, ensuring effective containment, remediation, and lessons learned.

Incident Management and On-Call Support:

Serve as an escalation point during critical incidents, providing technical direction and coordinating with internal and external teams.
Support after-hours response for priority IT security events as part of an on-call rotation when required.
Ensure incidents are fully documented with root cause analysis and recommendations for process improvement.

Security Tool Integration and Operations:

Lead deployment, configuration, and optimization of security technologies, including PAM, SIEM, EDR, and micro-segmentation solutions.
Work closely with IT and Infrastructure teams to operationalize new security tools and ensure proper control implementation.

Vulnerability and Patch Management:

Oversee vulnerability scanning using various vulnerability management tools, analyze results, and coordinate remediation efforts with relevant teams.
Ensure vulnerabilities are tracked, prioritized, and resolved in a timely manner.

PCI-DSS Compliance Operations:

Act as the primary coordinator for all PCI-DSS compliance activities, including evidence collection, control validation, and audit readiness.
Track control owners and compliance status, ensuring timely remediation of any gaps.
Coordinate with vendors, auditors, and internal stakeholders to ensure successful audit outcomes.

Governance, Risk, and Policy Management:

Own and maintain GRC tooling, procedures, and associated documentation.
Draft, update, and enforce IT Security policies, SOPs, and user guides to align with industry frameworks.
Track open risks, maintain a risk register, and follow up on remediation activities to closure.

Third-Party Risk and Security Assessments:

Conduct and coordinate third-party vendor security assessments, evaluating compliance with Longo's security requirements.
Track findings from assessments, penetration tests, and risk reviews, ensuring remediation is completed.

Security Awareness and Education:

Support monthly phishing simulations and awareness campaigns using security awareness and training tools.
Track user awareness metrics, follow up on findings, and recommend improvements to enhance the program's effectiveness.

Reporting and Leadership Support:

Prepare detailed security reports, including threat analysis, compliance metrics, and incident trends.
Provide regular updates and, when required, present project and compliance status directly to the Senior Manager Cybersecurity.
Offer technical insights to support leadership decision-making.

Mentorship and Knowledge Sharing:

Mentor junior analysts by providing technical guidance, sharing expertise, and supporting their development in detection, response, and compliance tasks.
Promote a collaborative environment and a culture of continuous improvement within the Cybersecurity team.

Knowledge, Skills & Competencies:

Experience: 4-7 years in cybersecurity or technical security-related roles, with proven experience leading security projects and compliance activities.
Technical Expertise:
Advanced knowledge of Cybersecurity frameworks, Windows, Active Directory, and Cloud security controls.
Hands-on experience with SIEM, EDR, PAM, WAF, vulnerability management, and other security solutions.
Strong working knowledge of PCI-DSS controls and evidence management.
Framework Knowledge: Familiarity with NIST CSF 2.0, CIS Controls, ISO 27001.
Soft Skills: Excellent collaboration, communication, and documentation skills; ability to prepare and present findings to leadership when needed.
Undergraduate or College Degree in IT/Computer Science/Engineering/Cybersecurity (or equivalent experience).
Certifications: Security+, CISSP, or CISA preferred. PCIP and cloud security certifications are an asset.

Working Conditions:

Hybrid (remote and on-site)
On-call responsibilities on a rotating schedule.

If you're ready to make a meaningful impact on Longo's cybersecurity posture and work in a collaborative, growth-focused environment, we'd love to hear from you.Longo's is committed to providing accommodations for people with disabilities throughout the recruitment process and, upon request, will work with qualified job applicants to provide suitable accommodation in a manner that takes into account the applicant's accessibility needs due to disability.Note: A qualified job applicant with a disability is one who possesses the required skills, education, experience and training and who can, with reasonable accommodation, perform the essential functions of the position applied for.If you require accommodation, please contact the Human Resources Coordinator at:Email:

Longo's

Apply Now