Security Specialist

1120839
  • Type demploi

    Permanent
  • Lieu

    Montréal
  • Profession

    Cyber
  • Industrie

    Affaires et Consultation en administration
  • Paie

    yearly

Recherche du candidate ideal

Your daily routine:
Threat monitoring
  • Proactively monitor and analyze security data to detect threats and advanced vulnerabilities
  • Develop key indicators (risk and performance) and collect actionable intelligence to strengthen the organization’s security posture.
Security incident response
  • Manage security incidents, from initial analysis to full resolution
  • Carry out post-incident assessments and recommend preventive measures
Risk and vulnerability assessment
  • Independently conduct in-depth security assessments to identify vulnerabilities and recommend remediation strategies
  • Maintain the information security risk register, oversee audits, and assess suppliers’ security practices
Security awareness and coaching
  • Develop information security awareness materials
  • Provide specialized advice in support of cybersecurity program objectives and compliance initiatives
Policies and governance
  • Write, update and maintain information security policies, procedures and standards (access management, passwords, network security, PAP, etc.)
  • Ensure documentation alignment with best practices (NIST, ISO 27001, etc.).
Compliance and audits (SOC 2)
  • Coordinate
    SOC 2 (types 1 and 2) compliance activities, including
    audit
    preparation
  • Document and implement required
    Security controls
  • Ensure that evidence is gathered and requirements are met for external auditors
Security questionnaires
  • Respond to
    Security questionnaires
    From clients or partners (cybersecurity, confidentiality, business continuity, etc.)
  • Collaborate with internal teams to obtain relevant technical or organizational responses
Security control implementation
  • Assist in developing and implementing technical and organizational controls (access management, logging, backups, etc.)
  • Collaborate with IT, operations, development, and product teams in integrating security into operations
Security procedures and processes
  • Develop
    Security intervention procedures
    (incident response, vulnerability management, SIEM alert response, etc.)
  • Implement reproducible, well-documented processes
You will need:
  • Good knowledge of SOC 2, ISO 27001, NIST, and CIS Benchmark standards
  • Experience in drafting security policies and documentation
  • Ability to understand technical concepts and explain them to a non-technical audience
  • Knowledge of AWS, Azure, and GCP cloud environments (an asset)
  • CCSP, CISM, ISO 27001 Lead Implementer certification
This position may be ideal for you if you:
  • have a degree in information security, information technology, or a related field
  • have at least three to five years’ experience in a similar role in IT security or governance
  • are fluent in English and French, both written and spoken
  • can successfully and independently handle multiple projects
  • have experience with governance, risk, and compliance (GRC) tools
  • have experience with the DRATA GRC tool (an asset)
We value our teams and offer working conditions to match:
  • Competitive salary
  • Comprehensive group insurance
  • Group RRSP
  • Flexible work arrangements
  • Fitness benefit
  • Payment of dues to your professional order
  • Referral program
  • Public transit credit
  • Paid vacation on your birthday


#LI-DNI

Postulez pour cet emploi

Communiquer avec Siddika Jeraj, le recruteur responsable de cet emploi

Situé à Toronto (EN), 8 King Street East, 20th FloorTéléphone: 6474944112