Cyber Security Analyst

Division:  IT
Job location: Remote (Canada)
Hours: 40 hours per week, Monday to Friday 

Employment type: Perminant
Salary:   100-105K

A little about us

Aurora is proud to be a global leader in the cannabis industry. With a smart strategy, unmatched talent and focus on our long-term success, we believe we have a bright future. 

At Aurora, we’re passionate about helping patients improve their lives through high-quality premium medical cannabis under brands they can trust and rely on. Our products, available across Canada, Europe, Australia, and New Zealand, include leading brands like Pedanios, IndiMed, San Raf, Tasty’s, Whistler, Greybeard and CraftPlant. 

Our diverse team works passionately across various roles, from manufacturing to corporate positions, and many more, united by our purpose: Opening the World to Cannabis. Enabled by science and empowered by people, for patients and consumers.  We collaborate globally, embrace change with courage, stay agile, and treat everyone with compassion. We live our values daily, making a meaningful impact on patients, communities, and our A-Team.

Job Summary

The Cyber Security Analyst is responsible for supporting the design, implementation, and ongoing effectiveness of Aurora’s cybersecurity controls across a cloud-first and SaaS-driven environment.

The role operates within the Global Cyber Security function and focuses on monitoring, detection, incident response, data protection, and regulatory compliance. The position works closely with IT Operations, risk and compliance functions, and external security partners to ensure that security controls are appropriately designed, implemented, and operating effectively.

This role is accountable for maintaining visibility into Aurora’s security posture, identifying control gaps, and supporting risk-based remediation activities. While infrastructure and platform teams retain responsibility for system operations, this role is responsible for security governance, monitoring, and assurance of control effectiveness.

The Cyber Security Analyst is also expected to contribute to the continuous improvement of Aurora’s cybersecurity maturity by enhancing detection capabilities, supporting compliance requirements, and aligning security practices with business risk priorities.  Interesting?  Here is a little more…
 

As the Cyber Security Analyst you will…

Cybersecurity Operations:

• • Implement and operate enterprise cybersecurity controls aligned to NIST CSF and CIS Critical Security Controls
  • Monitor, investigate, and respond to security alerts, threats, and incidents, coordinating with MSSPs and internal IT teams
  • Lead or support incident response activities, including triage, containment, root cause analysis, and lessons learned
  • Maintain and continuously improve security monitoring, detection, and alerting across cloud, endpoint, identity, email, and network security tools
    
    

Cloud, Identity and Zero Trust Security

• • Support the implementation and enforcement of Zero Trust principles across identity, endpoint, network, and application layers
  • Manage and tune security controls across Microsoft 365, Azure, and SaaS platforms
  • Support identity protection, conditional access, privileged access management, and device compliance integration
  • Partner with IT teams to ensure secure configurations without owning day‑to‑day infrastructure administration

Data Protection and Information Security

• • Support and maintain data protection controls, including DLP, information classification, encryption, and secure collaboration.
  • Hands-on experience with Microsoft Purview, including Data Loss Prevention (DLP), information protection, sensitivity labels, and compliance workflows.
  • Assist in improving controls protecting sensitive data against exfiltration, misuse, and unauthorized access
  • Participate in user impact assessments and security awareness initiatives related to data protection

Governance, Risk & Compliance

• • Support security risk assessments, control testing, and remediation tracking
  • Contribute to SOX/CSOX, GDPR, HIPAA, and internal audit activities, including evidence collection and control documentation
  • Maintain and update security policies, standards, procedures, and technical documentation
  • Assist with third-party and vendor security reviews as part of enterprise risk management

Continuous Improvement

• • Identify opportunities to automate security processes and improve operational efficiency
  • Track security metrics and contribute to management and leadership reporting
  • Stay current on emerging threats, vulnerabilities, and security best practices
  • Other duties as assigned

You will be setup for success if you have…

• • Demonstrates a strong working knowledge of cybersecurity principles, frameworks, and control environments, including NIST Cybersecurity Framework and CIS Critical Security Controls, and applies this knowledge to assess control effectiveness and identify gaps
  • Applies structured analytical thinking to assess security risks, interpret technical information, and evaluate potential business impact
  • Exercises sound judgment in situations with incomplete or evolving information, making informed recommendations and determining appropriate escalation points
  • Maintains an understanding of modern security architectures, including Zero Trust and identity-centric security, and how controls operate across cloud, endpoint, network, and identity layers
  • Demonstrates awareness of data protection principles, including data classification, handling, and lifecycle management, as well as associated regulatory expectations
  • Understands governance, risk, and compliance concepts, including control environments, audit expectations, and regulatory requirements such as SOX/CSOX, GDPR, and HIPAA
  • Communicates complex security concepts clearly and effectively to both technical and non-technical stakeholders, translating them into relevant business context
  • Builds effective working relationships across cross-functional teams and demonstrates the ability to influence outcomes without direct authority
  • Demonstrates a continuous improvement mindset by identifying opportunities to enhance processes, controls, and overall security posture
  • Remains current on evolving cybersecurity threats, risks, and industry practices, and applies this knowledge to improve effectiveness
  • Demonstrates adaptability in working across a range of security tools, platforms, and environments, with the ability to quickly learn and apply new technologies  

Bonus points if you have…

• Post-secondary education in Cybersecurity, Information Security, Computer Science, or related field
• CISSP Certification desired
• 5–8+ years of progressive experience in cybersecurity or IT security roles
• Demonstrated experience working in enterprise, distributed, and cloud-first environments
• Experience working with cross-functional teams (IT, Legal, Compliance, Risk)
• Scripting or automation experience (PowerShell, Python) considered an asset
• Industry experience in regulated environments considered an asset

Why you’ll love working at Aurora

• Flexibility: you will enjoy a flexible work environment that is the perfect blend of work and fun! You will be empowered to achieve work-life balance with flexible hours, remote work options, meeting-free-Friday-afternoons and more!  

• Total Rewards: we will motivate you to go above and beyond with a competitive salary, professional development opportunities, company SWAG, team activities and modern technology. 

• Team: we are a diverse and global team of cannabis enthusiasts, energetic innovators, fitness gurus, caring parents, foodies and more, with a collective passion to nurture an inclusive environment that helps you grow and provide people better days with cannabis.

Next steps
Apply today by submitting your resume through our website. Apply today by submitting your resume through our website. You can expect your application to be reviewed by our Talent Acquisition Team and not an AI software/system.  The we will contact you if we see a fit via email.

Think you’re the ideal candidate but you don’t meet all the requirements? Apply anyways. We would love to review your application to see if you’re the right fit or find you an alternative opportunity.  Not the role for you? Share this posting with your network while subscribing to our Talent Community to learn more about upcoming opportunities (hot tip: if you are an Aurora employee, take advantage of the employee referral program by sharing this posting with someone in your network! If they are the successful candidate, you may be eligible for a bonus!).  

Diversity, Equity, Inclusion, Belonging and Accessibility

At Aurora, we are proud to foster and celebrate a diverse community of professionals! We take pride in nurturing an inclusive culture that empowers our people to be their authentic selves, celebrate their differences and love where they work.

Our diverse community combined with our inclusive culture, is what sets us apart in the industry and equips our A-Team with superpowers – and this is why, we encourage all candidates to apply for job opportunities regardless of race, national origin, colour, religion, age, gender identity or expression, sexual orientation, marital and family status, disability, or any other identifying characteristic.

We value the unique skills and experience each person brings to Aurora and are committed to creating and maintaining an accessible environment. We are committed to the requirements of the Accessibility for Ontarians with Disabilities Act so if you require accommodation during the hiring process, please let our Human Resources team know by contacting us at hr.services@auroramj.com

#LI-REMOTE

#LI-MC1