Information Security Analyst - Winnipeg Careers | IC Group


Information Security Analyst

Please send your cover letter and resume to

Who are we?

IC Group is Winnipeg’s world-leading provider of digital rewards solutions. Experts at flawlessly delivering loyalty programs, digital promotions, and Twitter bots, we work with some of the biggest brands & agencies on the planet – Twitter, American Express, Apple, Microsoft, Coca-Cola, Sony, Disney, Fox, Wendy’s, McDonald’s, and Xbox, to name a few.

Where are we Going?

We are in the growth phase of our development and looking for highly motivated people to help drive the company forward over the coming years, as we strive to become the dominant player in digital rewards solutions.

The Challenge

We deliver for top brands but are a compact & agile business. That means working for IC Group is a challenge that will push your creative capabilities. There’s never a dull day and you’ll be full of work, but you will be directly contributing to complex, varied campaigns for some of the largest global brands – a sense of satisfaction you would be hard-pressed to discover anywhere else in Winnipeg!

Our Culture

We believe in simplicity and structured creativity. You won’t find regular office hours here, as we encourage a sensible, flexible work schedule that ties in with our clients’ needs, and smart casual work wear is standard. With the likes of snack drawers & regular social events, we have a tight-knit, family feel at IC Group where connections really matter – vital for a compact company that achieves big things.

The Position

We are hiring an Information Security Analyst to work in our growing Governance and Compliance team.

As a summary, this position will evaluate and maintain procedures to safeguard internal and production information systems.  Assist in performing PCI compliancy, overall company IT policies, internal IT audits, vulnerability assessments. Report, investigate and resolve security incidents with our internal teams. Educate and communicate security requirements and procedures to all users and new employees. Research security trends, new methods and techniques used in unauthorized access of data in order to preemptively eliminate the possibility of system breach. Ensure compliance with our internal standards, client requirements, regulations and privacy laws and complete and manage InfoSec questionnaires across our company and clients. Establish and maintain our Vendor and Supplier management ecosystem.

To do well in this role you should have a bachelor’s degree in computer science and experience in the information security field, process auditing, or other compliance related areas.

Your Responsibilities

  • Work with our team to upkeep our PCI certification (payment card industry) by assistance in evidence collections, reviews, and quality control
  • Investigate and maintain documentation of security breaches and other cyber security incidents.
  • Setup and manage penetration testing with our chosen partners
  • Work with IT team or partners to perform tests and uncover system/network vulnerabilities.
  • Develop company-wide best practices for IT security.
  • Respond and complete Information Security questionnaires/onboarding for our clients
  • Develop and maintain IT and Security governance documentation, process and policies
  • Establish and manage vendor and supplier management processes and audits
  • Manage various third party SAAS products for our company
  • Research security enhancements and make recommendations to management
  • Train users and promotes security awareness to ensure system security and to improve server and network efficiency.
  • Assist and perform internal IT and PCI audits and process reviews
  • Stay up-to-date on IT and PCI trends, news and security standards
  • Other duties may be assigned


The successful candidate will possess the following:

  • Bachelor’s degree in Computer Science or related field, or a degree in Information Systems, Information Technology, or a related area.
  • MBA in Information Systems considered an asset
  • Experience in information security or related field.
  • Prior experience in incident identification/analysis and escalation procedures an asset
  • Understanding of PCI, ISO 27000 or related security frameworks considered an asset.
  • Understanding of firewalls, proxies, antivirus, and IDPS concepts.
  • Understanding of security controls to protect information systems consistent within the industry.

Please send your cover letter and resume to