Position: Security Analyst Position Type: Full-time, Permanent (Existing Vacancy) Location: Toronto, ON (Remote) The Company: Postmedia is a Canadian news media company representing more than 110 brands across multiple print, online and mobile platforms. Award-winning journalists and innovative product development teams bring engaging content to millions of people every week whenever and wherever they want it. This exceptional content, reach and scope offers advertisers and marketers compelling solutions to effectively reach target audiences. We are always on the lookout for talented individuals to join our team. The Opportunity: This is an ideal role for a recent college or university graduate with a strong passion for IT and Cybersecurity. We’re looking for someone eager to learn, experiment, and grow. In this highly hands‑on, practical environment, you’ll shadow experienced team members, build foundational security skills, and develop into a future Senior Security Analyst. This role is perfect for someone curious, communicative, and brings IT/Security‑focused extracurricular, co‑op, or personal project experience. If you’re motivated, adaptable, and ready to shape your career as a security professional, we’d love to meet you. What you’ll do: - Assist in the maintenance and documentation of security policies, procedures, and standards under the guidance of senior security team members. - Manage account lifecycle tasks (enable/disable accounts, approve access requests); enforce BYOD, MFA, and secure remote access. - Assist with IT audits by collecting documentation, preparing evidence, and supporting coordination with internal teams. - Provide security guidelines for employees traveling internationally (VPN usage, device protection). - Advise on security best practices, including safe handling of company devices and data protection during travel or remote work. - Participate in incident response activities by performing initial analysis, documentation, and evidence collection, escalating findings to senior analysts as required. - Support security awareness initiatives by assisting with content preparation, communications, and tracking participation. - Maintain up-to-date detailed knowledge of the IT Security industry including awareness of new or revised security solutions, improved security processes and the development of new attacks and threat vectors. - Collaborate with IT leadership, privacy analysts, and external vendors to maintain security posture and resolve compliance issues. - Participate in the implementation of new security solutions, policies, standards, baselines guidelines and procedures to support those as established by Postmedia’s security goals and to actively work towards upholding those goals. - Assist with vulnerability scanning, risk assessments, and remediation tracking under defined processes and supervision. - Participate in the planning and design of the Business Continuity Plan and Disaster Recovery Plan. - Recommend additional security solutions or enhancements to existing security solutions to improve overall security. - Provide support as required for MSSP Level 2 and 3 Support for all in-place security solutions. - Maintain operational configurations and baselines for all in-place security solutions. - Learn to automate repetitive security tasks such as reporting, alert enrichment, and evidence collection using scripting and workflow tools. - Assist in the development and maintenance of security automation workflows under supervision. - Explore the use of AI-assisted tools for log analysis, reporting, and security operations in accordance with Postmedia governance and security standards. - Document automation workflows and contribute to continuous improvement initiatives. - Regular hours apply. Occasional after-hours support may be required for learning, shadowing, or supervised activities. - Perform other duties as assigned. Who you are: - One or more of the following certifications would be an asset: Security+, CySA+, or equivalent (or “working towards”) - Knowledge of endpoint detection and response (EDR), CASB, IDPS and other security related concepts. - Knowledge of security frameworks or standards such as CIS Top 20, NIST and ISO 27001, 27017, 27018. - Knowledge of GDPR, CASL, PIPEDA and PCI compliance requirements. - Understanding of IP, TCP/IP and other network administration protocols. - Understanding of Windows and Linux operating systems. - Exposure to scripting or automation using Python, PowerShell, Bash, or similar, with an interest in expanding automation and AI skills. - Ability to effectively prioritize and execute tasks. - Ability to conduct research into IT security issues and products. - Able to work independently on assigned tasks while seeking guidance and feedback as part of a collaborative team. - Team-oriented and skilled in working within a collaborative environment with strong communications skills. - Be naturally innovative and forward thinking when problem solving, be analytical and detail oriented. - Inherently demonstrate a high level of integrity, discretion, and trustworthiness. - Willingness to travel on occasion as required. Must-Haves: - Foundational understanding of information security concepts and frameworks, with a willingness to learn and develop deeper expertise. - Experience with identity and access management tools, firewalls, antivirus, IDS/IPS, endpoint security. - Familiarity with VPNs, MFA, and cloud security solutions. - Experience conducting vulnerability assessments and penetration tests. - Excellent communication and documentation skills. - Ability to manage multiple tasks in a fast-paced environment. Compensation: Employment offers presented to the selected candidate are based on a combination of qualifications, experience, responsibilities of the role and the candidate's location. Base Salary: $50,000-$60,000 We thank in advance all applicants for their interest, however only those candidates under consideration will be contacted. Only candidates legally eligible to work in Canada will be considered. No phone calls or agencies please. Postmedia Network Inc. is committed to providing accommodations for people with disabilities in all areas of the hiring process. If you require accommodation during the hiring process, please make your needs known in advance. Accommodation requests will be provided on an individual basis. Postmedia Network Inc. is committed to employment equity and an inclusive barrier-free selection process and work environment. Postmedia Network Inc. encourages applications from women, aboriginal peoples, persons with disabilities and members of visible minorities. #LI-Remote LI-KC1

Position: Security Analyst Position Type: Full-time, Permanent (Existing Vacancy) Location: Toronto, ON (Remote) The Company: Postmedia is a Canadian news media company representing more than 110 brands across multiple print, online and mobile platforms. Award-winning journalists and innovative product development teams bring engaging content to millions of people every week whenever and wherever they want it. This exceptional content, reach and scope offers advertisers and marketers compelling solutions to effectively reach target audiences. We are always on the lookout for talented individuals to join our team. The Opportunity: This is an ideal role for a recent college or university graduate with a strong passion for IT and Cybersecurity. We’re looking for someone eager to learn, experiment, and grow. In this highly hands‑on, practical environment, you’ll shadow experienced team members, build foundational security skills, and develop into a future Senior Security Analyst. This role is perfect for someone curious, communicative, and brings IT/Security‑focused extracurricular, co‑op, or personal project experience. If you’re motivated, adaptable, and ready to shape your career as a security professional, we’d love to meet you. What you’ll do: - Assist in the maintenance and documentation of security policies, procedures, and standards under the guidance of senior security team members. - Manage account lifecycle tasks (enable/disable accounts, approve access requests); enforce BYOD, MFA, and secure remote access. - Assist with IT audits by collecting documentation, preparing evidence, and supporting coordination with internal teams. - Provide security guidelines for employees traveling internationally (VPN usage, device protection). - Advise on security best practices, including safe handling of company devices and data protection during travel or remote work. - Participate in incident response activities by performing initial analysis, documentation, and evidence collection, escalating findings to senior analysts as required. - Support security awareness initiatives by assisting with content preparation, communications, and tracking participation. - Maintain up-to-date detailed knowledge of the IT Security industry including awareness of new or revised security solutions, improved security processes and the development of new attacks and threat vectors. - Collaborate with IT leadership, privacy analysts, and external vendors to maintain security posture and resolve compliance issues. - Participate in the implementation of new security solutions, policies, standards, baselines guidelines and procedures to support those as established by Postmedia’s security goals and to actively work towards upholding those goals. - Assist with vulnerability scanning, risk assessments, and remediation tracking under defined processes and supervision. - Participate in the planning and design of the Business Continuity Plan and Disaster Recovery Plan. - Recommend additional security solutions or enhancements to existing security solutions to improve overall security. - Provide support as required for MSSP Level 2 and 3 Support for all in-place security solutions. - Maintain operational configurations and baselines for all in-place security solutions. - Learn to automate repetitive security tasks such as reporting, alert enrichment, and evidence collection using scripting and workflow tools. - Assist in the development and maintenance of security automation workflows under supervision. - Explore the use of AI-assisted tools for log analysis, reporting, and security operations in accordance with Postmedia governance and security standards. - Document automation workflows and contribute to continuous improvement initiatives. - Regular hours apply. Occasional after-hours support may be required for learning, shadowing, or supervised activities. - Perform other duties as assigned. Who you are: - One or more of the following certifications would be an asset: Security+, CySA+, or equivalent (or “working towards”) - Knowledge of endpoint detection and response (EDR), CASB, IDPS and other security related concepts. - Knowledge of security frameworks or standards such as CIS Top 20, NIST and ISO 27001, 27017, 27018. - Knowledge of GDPR, CASL, PIPEDA and PCI compliance requirements. - Understanding of IP, TCP/IP and other network administration protocols. - Understanding of Windows and Linux operating systems. - Exposure to scripting or automation using Python, PowerShell, Bash, or similar, with an interest in expanding automation and AI skills. - Ability to effectively prioritize and execute tasks. - Ability to conduct research into IT security issues and products. - Able to work independently on assigned tasks while seeking guidance and feedback as part of a collaborative team. - Team-oriented and skilled in working within a collaborative environment with strong communications skills. - Be naturally innovative and forward thinking when problem solving, be analytical and detail oriented. - Inherently demonstrate a high level of integrity, discretion, and trustworthiness. - Willingness to travel on occasion as required. Must-Haves: - Foundational understanding of information security concepts and frameworks, with a willingness to learn and develop deeper expertise. - Experience with identity and access management tools, firewalls, antivirus, IDS/IPS, endpoint security. - Familiarity with VPNs, MFA, and cloud security solutions. - Experience conducting vulnerability assessments and penetration tests. - Excellent communication and documentation skills. - Ability to manage multiple tasks in a fast-paced environment. Compensation: Employment offers presented to the selected candidate are based on a combination of qualifications, experience, responsibilities of the role and the candidate's location. Base Salary: $50,000-$60,000 We thank in advance all applicants for their interest, however only those candidates under consideration will be contacted. Only candidates legally eligible to work in Canada will be considered. No phone calls or agencies please. Postmedia Network Inc. is committed to providing accommodations for people with disabilities in all areas of the hiring process. If you require accommodation during the hiring process, please make your needs known in advance. Accommodation requests will be provided on an individual basis. Postmedia Network Inc. is committed to employment equity and an inclusive barrier-free selection process and work environment. Postmedia Network Inc. encourages applications from women, aboriginal peoples, persons with disabilities and members of visible minorities. #LI-Remote LI-KC1

Additional Information About the Role BJC is hiring for a Security Risk II Analyst. Ideal candidate will have experience in Security Risk Assessments and 3rd Party Risk Assessments. Experience with Logic 8 Platform is preferred. This is a remote position, but we are looking for candidates in the St. Louis Metro area. Overview BJC HealthCare is one of the largest nonprofit health care organizations in the United States, delivering services to residents primarily in the greater St. Louis, southern Illinois and southeast Missouri regions. With net revenues of $6.3 billion and more than 30,000 employees, BJC serves patients and their families in urban, suburban and rural communities through its 14 hospitals and multiple community health locations. Services include inpatient and outpatient care, primary care, community health and wellness, workplace health, home health, community mental health, rehabilitation, long-term care and hospice. BJC is the largest provider of charity care, unreimbursed care and community benefits in the state of Missouri. BJC and its hospitals and health service organizations provide $785.9 million annually in community benefit. That includes $410.6 million in charity care and other financial assistance to patients to ensure medical care regardless of their ability to pay. In addition, BJC provides additional community benefits through commitments to research, emergency preparedness, regional health care safety net services, health literacy, community outreach and community health programs and regional economic development. BJC’s patients have access to the latest advances in medical science and technology through a formal affiliation between Barnes-Jewish Hospital and St. Louis Children’s Hospital with the renowned Washington University School of Medicine, which consistently ranks among the top medical schools in the country. IS Security Services serves as an independent, objective catalyst for implementing effective and efficient controls to protect BJC HealthCare (BJC) information resources through collaboration with customers. We provide value to our customers and the organization by: Ensuring compliance with internal policies and external regulations; evaluating information system and application controls; educating BJC employees and other strategic partners on information systems security practices and concepts; acting as a resource on security controls for new and existing information systems and applications; recovering mission critical applications and data vital to the organization and strategic partners; investigating practices not in compliance with established BJC Information Services security policies and standards. Preferred Qualifications Role Purpose Technology role responsible for the management of risk in a pragmatic and cost-effective manner to ensure stakeholder confidence formal system certification and accreditation technical assessment and evaluation to determine control effectiveness across a large and complex corporate portfolio. Responsibilities - Able to research, analyze, interpret, evaluate, and integrate complex data from a wide variety of sources and provide creative solutions that align with strategic clinical and business workflows. While ensuring compliance of system and application security within scope of responsibility, in accordance with defined service levels, security practices/guidelines, and relevant technology standards. - Perform reviews of business solution self-assessments and assign risk rating. This includes performing a limited control review, completing documentation and presenting assessment in a formal review meeting. - Perform timely vendor vetting assessments on potential business solutions based on business partner requests, highlighting security posture and control gaps and need mitigating activities. This includes but is not limited to conducting meetings with business process owners and vendors, investigating vendor security posture and performance, reviewing baseline controls and gaps, documenting results, and reporting findings in a formal report. - Skillfully interact with business process owners, Technology and security personnel as well as vendors, management and other interested parties is required. This includes but is not limited to conducting meetings with business process owners and vendors, investigating vendor security posture and performance, reviewing baseline controls and gaps and documenting results while effectively report findings in a formal Security Risk Assessment report. Identify and complete Risk Acceptance forms where an exception to a policy or requirement is significant and needs to be reported to Management for approval. - Responsible for adding and maintaining status updates for high and critical findings for high and critical business solutions on the Risk Register. Minimum Requirements Education - Bachelor's Degree Experience - 2-5 years Supervisor Experience - No Experience Preferred Requirements Licenses & Certifications - CIA - CISA - Cert Info Systems Manager - CPA - Certified in Risk & IS Control Benefits and Legal Statement BJC Total Rewards At BJC we’re committed to providing you and your family with benefits and resources to help you manage your physical, emotional, social and financial well-being. - Comprehensive medical, dental, vison, life insurance, and legal services available first day of the month after hire date - Disability insurance* paid for by BJC - Annual 4% BJC Automatic Retirement Contribution - 401(k) plan with BJC match - Tuition Assistance available on first day - BJC Institute for Learning and Development - Health Care and Dependent Care Flexible Spending Accounts - Paid Time Off benefit combines vacation, sick days, holidays and personal time - Adoption assistance To learn more, go to our Benefits Summary. *Not all benefits apply to all jobs The above information on this description has been designed to indicate the general nature and level of work performed by employees in this position. It is not designed to contain or be interpreted as an exhaustive list of all responsibilities, duties and qualifications required of employees assigned to this job. Equal Opportunity Employer

Discover. Achieve. Succeed. #BeHere Location: US:WI:MENOMONEE FALLS at our WOODLAND PRIME 400 facility. This job is REMOTE. FTE: 1.000000 Standard Hours: 40.00 Shift: 1st shift flexible 7 am to 5pm Shift Details: Holidays: Weekends: Job Summary: Froedtert ThedaCare Health, Inc., a leading healthcare system located in Eastern Wisconsin, is seeking a Cybersecurity GRC Analyst, Training & Awareness professional to join the Cybersecurity Governance, Risk Management, and Compliance (GRC) team. This role is critical in promoting a robust security culture across the organization by designing, managing, and improving cybersecurity training and awareness programs. The successful candidate will focus on cybersecurity awareness, phishing program operations, cybersecurity training, and GRC concepts while fostering cultural engagement and workforce behavioral change through creative and innovative initiatives. You will partner with cross-functional teams to address cybersecurity risks in clinical and non-clinical environments, ensure regulatory compliance, and contribute to the harmonization of cybersecurity programs across the Froedtert ThedaCare ecosystem. Position Responsibilities: Training and Awareness Program Management: • Develop, implement, enhance, and manage a comprehensive Cybersecurity Training and Awareness framework tailored to healthcare's unique risks and regulatory landscape (e.g., HIPAA, PCI DSS, and Joint Commission requirements). • Design role-based training for diverse audiences, including clinicians, administrative staff, IT teams, and executives. • Continuously refine training materials to incorporate emerging threats, organizational changes, and stakeholder feedback. Phishing Program Operations: • Build, enhance, and execute a dynamic, reality-based phishing simulation program, addressing sector-specific threats such as ransomware and patient data phishing schemes. • Analyze simulation metrics and provide actionable insights to improve employee awareness and reduce risks. • Develop and maintain educational material to support cybersecurity initiatives and training activities. • Deliver targeted follow-up training for individuals or teams with repeated simulation failures. Creative Engagement and Communications: • Develop multimedia content, including videos, infographics, and gamified training, to drive engagement and retention. • Design and execute large-scale security awareness campaigns, ensuring alignment with cultural transformation goals. • Partner with leadership to create impactful security messaging and content tailored to high-risk roles. Regulatory and Compliance Integration: • Ensure training programs align with healthcare-specific regulations and standards, including HIPAA, PCI DSS, and Joint Commission requirements. • Collaborate with Compliance and Legal teams to embed security awareness into broader compliance initiatives. • Provide support for audits and regulatory reviews by showcasing training program effectiveness. Metrics, Reporting, and Continuous Improvement: • Develop and maintain KPIs and dashboards to measure the success of training programs and awareness initiatives. • Conduct quarterly and annual program reviews to identify opportunities for innovation and enhancement. • Prepare reports and presentations for leadership to highlight program impact and align with organizational goals. Collaboration and Change Management: • Partner with IT, Risk Management, and Clinical Operations teams to ensure training initiatives integrate seamlessly across the organization. • Lead security awareness efforts during organizational transitions, such as the Froedtert-ThedaCare merger, ensuring program consistency and harmonization. • Act as a trusted advisor to business units, translating complex cybersecurity topics into actionable guidance. Risk and Compliance Integration: • Assist with routine GRC activities, such as monitoring risk registers, supporting audit preparation, and reviewing policy exception requests. • Collaborate with the Risk Management team to align training efforts with identified risk scenarios, ensuring targeted mitigation strategies. Policy and Procedure Maintenance: • Support the documentation and dissemination of cybersecurity policies, standards, and procedures. • Assist in the lifecycle management of GRC documentation, ensuring alignment with training content and awareness initiatives. EXPERIENCE DESCRIPTION: 1 - 3 years of experience in a related field. 3 or more years of experience in a related field is preferred. At least three years of experience in Cybersecurity training, GRC, or a related role within healthcare or similarly regulated industries preferred Proven track record managing phishing simulation programs and security training platforms (e.g., KnowBe4, LMS). Experience creating and executing large-scale awareness campaigns using multimedia tools EDUCATION DESCRIPTION: BA in Computer Science or related field is required or equivalent acquired through combination of education and experience. Bachelor’s degree in Information Security, Computer Science, Communications, or a related field is preferred. Relevant certifications (e.g., CISSP, CISM, CISA, or GIAC) are a plus. SPECIAL SKILLS DESCRIPTION: Technical Expertise: • In-depth knowledge of healthcare regulations and cybersecurity frameworks, including HIPAA, HITECH, NIST CSF, and HITRUST. • Proficiency with phishing simulation platforms (e.g., KnowBe4) and LMS tools. • Familiarity with behavioral analytics and metrics for tracking training effectiveness. Creative and Communication Skills • Exceptional written and verbal communication skills, with the ability to craft messaging for technical and non-technical audiences. • Experience creating multimedia content (e.g., video editing, graphic design) for awareness campaigns. • Public speaking skills and confidence in presenting to diverse audiences. Analytical and Strategic Thinking • Strong problem-solving and critical-thinking skills for addressing complex training needs. • Experience developing data-driven strategies to improve training program impact and employee behavior. Collaboration and Leadership: • Demonstrated ability to collaborate across diverse teams and levels of leadership. • Self-starter with the ability to work independently and drive initiatives in a matrixed organization. • Proven ability to manage multiple projects with competing priorities. Preferred Qualifications • Experience in large healthcare systems or regulated industries. • Familiarity with change management and integration strategies during mergers or acquisitions. • Experience with gamified training methods or VR/AR-based security awareness tools Compensation, Benefits & Perks at Froedtert Health Pay is expected to be between: (expressed as hourly) $37.95 - $64.92. Final compensation is based on experience and will be discussed with you by the recruiter during the interview process. Froedtert Health Offers a variety of perks & benefits to staff, depending on your role you may be eligible for the following: - Paid time off - Growth opportunity- Career Pathways & Career Tuition Assistance, CEU opportunities - Academic Partnership with the Medical College of Wisconsin - Referral bonuses - Retirement plan - 403b - Medical, Dental, Vision, Life Insurance, Short & Long Term Disability, Free Workplace Clinics - Employee Assistance Programs, Adoption Assistance, Healthy Contributions, Care@Work, Moving Assistance, Discounts on gym memberships, travel and other work life benefits available The Froedtert & the Medical College of Wisconsin regional health network is a partnership between Froedtert Health and the Medical College of Wisconsin supporting a shared mission of patient care, innovation, medical research and education. Our health network operates eastern Wisconsin's only academic medical center and adult Level I Trauma center engaged in thousands of clinical trials and studies. The Froedtert & MCW health network, which includes ten hospitals, nearly 2,000 physicians and more than 45 health centers and clinics draw patients from throughout the Midwest and the nation. We are proud to be an Equal Opportunity Employer who values and maintains an environment that attracts, recruits, engages and retains a diverse workforce. We welcome protected veterans to share their priority consideration status with us at 262-439-1961. We maintain a drug-free workplace and perform pre-employment substance abuse testing. During your application and interview process, if you have a need that requires an accommodation, please contact us at 262-439-1961. We will attempt to fulfill all reasonable accommodation requests.