IT Security Analyst

Position Overview

We are seeking an experienced IT Security Analyst to join our Security Operations team at BMO, supporting the AIR MILES Reward Program. This role operates in a fast-paced environment where responsibilities such as vulnerability management, SIEM monitoring, incident response, security awareness activities, and metrics reporting may occur simultaneously—often alongside troubleshooting and internal consulting.

In addition to detecting and responding to security threats across the organization’s digital infrastructure, the IT Security Analyst will be expected to demonstrate strong expertise in vulnerability management, system hardening, endpoint security, and cybersecurity incident response. The ideal candidate will bring a proven track record in these areas, supported by relevant industry-recognized certifications.

Key Responsibilities

• Vulnerability and Configuration Management: Conduct regular vulnerability scans, assess risks, and advise on remediation efforts to minimize exposure to cyber threats, ensuring adherence to remediation timelines.
• Monitor, Detect, and Respond to Security Threats: Utilize Security Information and Event Management (SIEM) tools to identify, correlate, and escalate potential security incidents.
• Endpoint and Email Security: Manage and enhance endpoint protection solutions and email security protocols to safeguard against malware, phishing, and other cyberattacks.
• Incident Response: Act as a key member of the incident response team, coordinating with IT and business stakeholders to investigate, contain, and remediate security incidents. This may involve on-call 24/7 pager rotation with other team members.
• Security Documentation and Metrics Reporting: Maintain detailed playbooks, incident reports, and security documentation. Collect data and generate regular reports on security metrics and threat trends for senior management.
• Collaboration and Training: Work closely with IT, infrastructure, and compliance teams to enforce security policies and support user awareness training initiatives.
• Continuous Improvement: Recommend and implement improvements to security processes, tools, and procedures based on emerging threats and best practices.
• Compliance and Audits: Assist with compliance audits, risk assessments, and ensure adherence to internal policies and external regulations.

Qualifications

• Bachelor’s degree in Computer Science, Information Technology, Cybersecurity, or a related field.
• Proven experience in security operations, vulnerability management, endpoint security, and incident response.
• Technical Skills: Proficiency with cloud-based vulnerability scan tools, SIEM(s), endpoint protection platforms, email security solutions, and incident response frameworks.
• Analytical and Communication Skills: Strong analytical abilities, attention to detail, and excellent written and verbal communication skills.
• Teamwork: Ability to work collaboratively in a fast-paced environment and communicate effectively with technical and non-technical stakeholders.
• Recognized professional certifications such as GIAC Incident Handler (GCIH), Certified Ethical Hacker (CEH or CEH-Practical). Vendor-based and relevant cloud certifications from major public cloud providers (e.g., AWS, GCP, Azure) are highly desirable.

Key skills/competency

• Vulnerability Management
• SIEM Monitoring
• Incident Response
• Endpoint Security
• Email Security
• Risk Assessment
• Security Awareness
• Compliance
• System Hardening
• Cloud Security