H&R Block, the leader in the tax preparation industry, is looking for an Information Security Analyst to join its fast-paced and dynamic Information Technology team. The location for this great opportunity is Calgary, AB.

 

Becoming an H&R Block associate means more than just a pay cheque; it’s an opportunity to grow with the strongest brand in the Tax Preparation industry. We are looking for people who want to help us look at peoples’ lives through tax and find ways to help. We know that the ability to deliver outstanding client service starts with having the best talent on our team, and if you want to be part of our success story then we want to hear from you!

 

We have proudly served clients in Canada for over 50 years, constantly evolving to meet our clients’ ever-changing needs. From our digital solutions to our offices, we constantly seek new ways to create frictionless and memorable client experiences.

The Opportunity:

 

This position is responsible for providing general support for the Information Security Team as well as performing security activities under the direction of the Lead Security Analyst.

 

Reporting to the Director of Infrastructure and Security, the Information Security Analyst is responsible for maintaining the security and integrity of data and must have experience with Security Information and Event Management Systems (SIEM). The security analyst is responsible for the development, monitoring, and response to security related use cases. The analyst will also be involved in the evaluation of existing solutions and solutions that are on our roadmap.

Duties and Responsibilities:

 

Focus on day to day operations of our SIEM including responding to alerts, building new use cases, searching for threats, and providing recommendations for improvements.

Investigating security incidents and aiding in the incident response process

Assist or provide security-based risk assessments of business and technology sponsored projects and initiatives, including engagements with third parties.

Offering remediation and mitigation solutions based on vulnerability discoveries

Provides support and guidance regarding best practice, regulatory, and legal compliance, including SOX and PCI.

Evaluate security controls and identify potential risk.

Maintain up to date procedure documentation of assessments and controls.

Work with process owners to ensure that they understand risks, and remediation plans and target dates are developed and documented.

Initiates, facilitates, and promotes activities to create information security awareness within the organization.

Monitor compliance with information security policies and procedures.

Develop and support meaningful metrics and reports to communicate to executive management.

 

Key Qualifications:

 

Bachelor Degree in Information Security / Assurance, Computer Science, Information Technology, or a related discipline from an accredited institution.

Demonstrated knowledge of information security discipline via relevant industry certifications such as CISSP, CAP, CISM, GSNA, GPEN, CEH, PCI ISA, etc.

Minimum of seven (7) years of experience in information technology or business analysis, with at least five (5) years in an information security specific field, such as user access management, computer forensics, network perimeter security, incident response, system security, risk, audit, or other related discipline.

Working knowledge or prior experience of SIEM’s (Splunk Preferred)

Strong understanding of event analysis, incident response, threat intelligence, cyber investigation methodology.

Good understanding of security controls, such as DLP, encryption, identity and access management, and vulnerability scanning.

Working knowledge of authentication technologies like MFA/2FA, SAML, and ADFS is preferred.

Working knowledge of IT related regulations, like SOX and PCI, and frameworks, like NIST, CSF and ISO 27001.

Knowledge of network-based services, client/server applications, mobile applications, enterprise systems and infrastructure, network architecture, and security infrastructure.

 

Other Required Skills

 

Ability to take initiative, work independently, and effectively manage multiple projects.

Ability to build and maintain high credibility with all business partners.

Strong verbal, written communications and task management skills.

Ability to document and explain technical details clearly and concisely.

Strong analytical and problem resolution skills with the ability to react quickly.

Proven self-starter and willing to accept additional responsibilities as position expands.

 

Preferred Qualifications

 

Experience analyzing log files and correlating security related events

Familiarity with Cloud based platforms including securing and monitoring access

Experience performing information security reviews of third party service providers.

Experience with GRC systems.

Project management knowledge and experience.

Experience with software development and programming/scripting languages and security testing of applications.

 

If you meet the skills and qualifications required for this great opportunity, and are truly passionate about leading business initiatives, we invite you to send your cover letter stating compensation expectations along with your resume to employment.opportunities@hrblock.ca.

 

Successful candidates must have legal authorization to work in Canada on a full-time basis for any employer. Only those candidates selected for interview will be contacted.

 

H&R Block Canada welcomes and encourages applications from people from all backgrounds, including people with disabilities. Accommodations are available on request for candidates taking part in all aspects of the recruitment and selection process.