Job Details Permanent Full Time (CUPE 1329)Posting Status Open to all current Town of Oakville employees and external applicantsClosing Date Applications must be received at oakville.ca by no later than 11:59 p.m. on June 11, 2026.Reporting to the Information Security Officer & Program Manager, the Senior Security Analyst is a key member of the Security operations team which architects, designs, deploys, implements, and supports the operational services that align with the security technology supporting the Town of Oakville’s cybersecurity program.Job ResponsibilitiesProvide strategic guidance to ensure alignment with cybersecurity governance frameworks, policies, and regulatory compliance requirements.Identify, assess, and document cybersecurity risks; recommend and track remediation and mitigation strategies in line with organizational risk tolerance.Oversee secure system configuration standards and ensure alignment with established hardening benchmarks and compliance frameworks.Monitor the effectiveness of the organization’s cybersecurity controls, ensuring ongoing compliance with internal policies and external standards.Maintain awareness of evolving cybersecurity threats, regulatory requirements, and industry best practices to inform organizational security strategy.Establish and oversee certificate and encryption management practices to ensure compliance with security policies and standards.Guide security operations and infrastructure from a risk and compliance perspective, including vulnerability management, patch governance, and adherence to service level agreements (SLAs).Act as a key liaison between cybersecurity and business units to communicate risk posture, compliance status, and remediation priorities.Lead cybersecurity initiatives with a focus on governance, risk reduction, and regulatory compliance outcomes.Coordinate and support incident response activities, ensuring root cause analysis, control improvements, and reporting obligations are met.Drive continuous improvement of cybersecurity governance processes, including policies, standards, procedures, and control effectiveness metrics.Mentor and guide team members on risk management practices, compliance requirements, and governance processes.Manage and oversee third‑party/vendor security risk, including due diligence, ongoing assessments, and contract compliance.Translate complex technical risks into business‑impacting insights for stakeholders, enabling informed decision‑making, while supporting operational requirements as needed.QualificationsCompletion of a three‑year Diploma or Degree in Computer Science, Information Systems, Science Technology, or related field.Minimum of 7 years’ IT Security experience.Current security certifications such as CISSP, CEH, ISC2, and Security+ are considered an asset.Aptitude to identify and resolve problems with strong analytical and problem‑solving skills.Ability to automate solutions to repetitive problems/tasks using scripting languages.Demonstrated experience in TCP/IP and common network protocols.Thorough understanding of enterprise security controls in Active Directory, Windows, and Linux environments.Experience with enterprise security technologies.Experience in information security, data privacy, or information technology auditing.Experience with support, patching, and remediation in response to security flaws.In‑depth knowledge of security monitoring and incident response.Knowledge of application development lifecycle (SSDLC).Technical writing experience is an asset.Excellent verbal, written and presentation skills.Strong decision‑making skills.Knowledge of cybersecurity frameworks and standards (e.g., NIST CSF, ISO 27001, CIS Controls) and their application in enterprise environments is considered an asset.Experience assessing and managing risks across network and infrastructure environments, including understanding of common protocols and security architectures is considered an asset.Experience supporting vulnerability management programs, including risk‑based prioritization, remediation tracking, and reporting is considered an asset.Experience supporting audits, compliance activities, and regulatory reviews is considered an asset.Please note that this position requires a satisfactory criminal record check dated within the last 30 days as a condition of employment.#J-18808-Ljbffr