Position Title: Information Security Analyst – Associate (12-15 month term)
Location: Winnipeg (In-Office)
Reports To: Manager – Information Security
Department: Information Security
Date: May 2026
IC Group builds powerful digital engagement solutions that connect brands with people through promotions, live events, mobile messaging, and gamified experiences. We work with leading brands and event operators to create experiences that drive participation, loyalty, and measurable results.
Our teams are responsible for the secure delivery and execution of all client programs and projects. ICG aims to act as a trusted partner and strives to deepen client relationships based on trust, security, integrity, commitment, accountability, and delivery. We are continuously evolving our solutions and are further modernizing our IT practices through various initiatives, inclusive of use AI in strategic ways, and adopting a platform foundation.
We are hiring an Information Security Analyst Associate (term) to work in our Information Security team.
Reporting to the Manager – Information Security, you will support the organization’s security operations and governance activities in close collaboration with the InfoSec Team. Your responsibilities will include active involvement in ISO 27001 and PCI DSS compliance initiatives, administration of company-wide IT and security policies, execution of internal IT audits, delivery of security awareness programs, and coordination of vulnerability assessments. You will report, investigate and help resolve security incidents with internal teams and also educate and communicate security requirements and procedures to all users and new employees. In addition, you should have competence in researching emerging security threats and attacker techniques to proactively reduce the risk of system compromise. Other responsibilities include ensuring compliance with our internal standards, client requirements, applicable regulations and privacy laws and completing and managing InfoSec questionnaires across our company and clients. You will support our Vendor and Supplier management ecosystem.
To do well in this role you should have a related degree or diploma in computer science, cybersecurity or IT Security, have a passion for documentation, and you pay attention to the details. You’re naturally cautious and enjoy the meticulous work of auditing logs and testing defenses to ensure nothing is left to chance.
- Support day-to-day security operations and governance activities.
- Support security incident handling, including reporting, triage, investigation, escalation, and closure activities.
- Research security trends and adversary techniques to strengthen preventative controls and reduce breach likelihood.
- Contribute to ISO 27001 and PCI DSS compliance initiatives, including evidence collection, reviews, and control support.
- Assist in the development and maintenance of IT and Security governance documentation (policies, standards, and procedures).
- Participate in and support internal audits, including planning, testing, documentation, and remediation follow-up.
- Perform vulnerability assessments and coordinate remediation tracking with technical teams to ensure timely risk reduction.
- Assist in the setup and management of penetration testing engagements with external partners.
- Support vendor/supplier security management processes, including due diligence, onboarding, and ongoing assurance activities.
- Respond to and complete information security questionnaires and onboarding requirements for key clients.
- Deliver and coordinate security awareness initiatives, including education programs, phishing simulations, and security communications/newsletters.
- Diploma or Bachelor’s degree in Computer Science, Cybersecurity, IT security, a related field, or a diploma/certificate/degree in Information Systems, Information Technology or related
- Strong English communication (verbal/written/presentation) skills with both business and technical stakeholders.
- Understanding of:
- Incident identification/analysis and escalation procedures an asset
- PCI DSS, ISO 27001 or related security frameworks considered an asset.
- Firewalls, proxies, antivirus, and IDPS concepts.
- Security controls to protect information systems consistent within the industry.
- Excellent attention to detail and documentation
- Minimum of 1 Co-Op term in a working IT Security environment
- Ability to work under tight timelines and competing priorities.
- Proficient experience with MS Office suite of products (Word, Excel, PowerPoint)
- Prior experience in incident identification/analysis and escalation procedures is an asset
- Understanding of PCI DSS, ISO 27001 and 27701 or related security frameworks is considered an asset.
- At least one security or IT certification would be an asset or working towards certification.