Information Security Analyst

Banff Centre for Arts and Creativity aims to inspire everyone who attends our campus – artists, leaders, and thinkers – to unleash their creative potential. 

We acknowledge, with deep respect and gratitude, our home on the side of Sacred Buffalo Guardian Mountain. In the spirit of respect and truth, we honour and acknowledge the Banff area, known as "Minhrpa" (translated in Stoney Nakoda as "the waterfalls") and the Treaty 7 territory and oral practices of the Îyârhe Nakoda (Stoney Nakoda) – comprised of the Bearspaw, Chiniki, and Goodstoney Nations – as well as the Tsuut'ina First Nation and the Blackfoot Confederacy comprised of the Siksika, Piikani, Kainai. We acknowledge that this territory is home to the Shuswap Nations, Ktunaxa Nations, and Metis Nation of Alberta, Rockyview District 4. We acknowledge all Nations who live, work, and play, help us steward this land, and honour and celebrate this place. 

The primary purpose of the Information Security Analyst role is to help reduce the risk of a major cyber incident at Banff Centre while significantly shortening the detection and containment time of any cyber incidents that occur. 

To support this overall goal, the incumbent will work closely with the Manager to recommend policy and standard components, conduct research on best practices, develop staff awareness of cyber security through the cyber security program, manage and monitor technical threat detection, analysis, and control systems, and act quickly to contain breaches when they occur.

A critical success factor for this role will be responding to security incidents by conducting thorough investigations and implementing incident response plans, in coordination with the Manager and cross-functional teams.

This is a technical hands-on role, supporting day-to-day security operations in collaboration with the IT/S team and third-party vendors.

Reporting to Manager, Information Security, below are some key accountabilities: 

• Monitor applications, devices, and network infrastructure for significant threats and work with service owners to patch and mitigate risks.
• Conduct forensic examination of equipment suspected of breach or infection, working closely with the ITS team in responding to security incidents, including investigation, containment, and remediation. 
• Work independently and with other teams to manage and support remediation projects to resolve identified risks. This includes reviewing, investigating and escalating security incidents such as phishing, malware, infections, etc.
• Actively participate in cross-functional teams to provide security guidance and advice for all information technology projects, acquisitions and services, including an assessment of the software security controls to be implemented for system architecture and applications. This may take the form of engaging with various stakeholders and application owners and work through the tasks required to ensure that access to an application in the scope is only limited to relevant users.
• Prepare and provide written and verbal recommendations for assessing information technology risks and compliance across a wide array of technologies, advising the Manager, Information Security of mitigations and solutions recommended.
• Stay current on the latest cyber threats, malware and attack methods to anticipate and defend against them.
• Be a champion for cybersecurity awareness by contributing to the following security goals for Banff Centre:
  • Help to design and deliver cybersecurity awareness training that is designed to help protect employees and stakeholders from identity theft, fraud and reputational harm;
  • Contribute to overall security goals designed to protect Banff Centre's operational infrastructure including computers, servers, network, building management systems, 
• Help to design and deliver cybersecurity awareness training.
• Recommend to the Manager, Information Security, additional security solutions or enhancements to improve overall enterprise security, to reduce identified risks based on their impact and likelihood of occurrence, 
• Contribute to and maintain security documentation and the supporting knowledge base.
• Conduct risk and vulnerability assessments and analysis using industry frameworks (ISO 27001, NIST CSFT) and CIS controls for new projects, applications, and 3rd party vendors.
• Assist in internal and external security audits and risk assessments, ensuring evidence collection and control verification.

• Minimum 5 years' Information Technology experience in a mid-to-large company, including at least one to two years with some experience in cyber security.
• Knowledge specific to the academic sector would be an asset.
• Possessing or working toward a post-secondary education in Information Technology or with certifications in cyber security.
• Some experience in identifying, analyzing, containing and documenting security incidents.
• Good knowledge of server and workstation operating systems.
• Knowledge of general networking concepts, technologies and tools.
• Proficient understanding of core Microsoft technologies such as Microsoft Defender, Intune, Active Directory, Group Policies, DNS, and DHCP.
• Practical understanding of patch and vulnerability management.
• Design, implement and enforce Role-Based Access Control policies and maintain Identity and Access Management(IAM) controls across enterprise systems and cloud platforms.
• Excellent communication skills, both verbal and written, with the ability to convey technical information to non-technical stakeholders.
• Working knowledge of OWASP & NIST CyberSecurity Framework.
• Strong team player.
• Strong analytical and critical thinking skills and the ability to meet multiple demands and deadlines in high-pressure environments.
• High level of professionalism and ethics.
• Ability to manage tasks independently and take ownership of responsibilities.
• Enthusiastic about learning new security tools and technologies and stay current with cybersecurity trends and certifications.

• In accordance with CUPE 4318, this is a unionized, salaried support staff position, subject to a 6 month probation period. 
• The annual salary for this position is between $72,654.40 and $85,196.80, depending on experience, based on working 40 hours per week.
• The successful candidate will have access to a range of benefits through Alberta Blue Cross and will be eligible to participate in our defined benefit pension plan. 
• Benefits of working at Banff Centre are:
  • Transitional staff housing options (based on availability) 
  • Professional development
  • Employee Assistance Program 
  • Hybrid work environment (3 days in the office, 2 days remote)
  • Health care spending account
  • Staff cafeteria and restaurant discounts 
  • Onsite fitness facility at a discounted rate – first month free for new staff

• We are accepting applications for the Information Security Analyst position until a suitable candidate is found. 
• Candidates offered a position with Banff Centre, in this capacity, will be required to obtain a criminal record check verifying a clear record before a final job offer can be finalized. 
• Visa Requirements: Candidates must be legally eligible to work in Canada. Banff Centre is unable to assist candidates in obtaining Canadian work authorization.