Job Description

Title: Senior Security Analyst (Project Advisory) CISSP, GIAC, CCSP

Duration : permanent

Location: onsite twice per week in downtown Montreal

Responsibilities :

Advise project teams on security requirements, review system architecture and assess identified risks to ensure projects are delivered in a secure manner.
Provide project advisory services regarding cybersecurity matters to Business and IT projects and initiatives following the client established methodology.
Perform security risks and present the results to system owners and project sponsors.
Evaluate the security posture of Cloud vendors and 3rd party vendors.
Ensure that appropriate IT general controls (ITGC) and security controls are applied during project delivery.
Improve the project security advisory methodology to make it leaner, efficient, and flexible.
Provide assistance during the bi-annual security health check assessment.
Required skills :

10 years of professional experience in IT Security.
Minimum of 8 years' experience in cybersecurity including risk assessments and providing security advisory to IT and Business projects.
Holds security related certifications such as: Certified Information Systems Security Professional (CISSP), Global Information Assurance Certification (GIAC), Certified Cloud Security Professional (CCSP).
In-depth knowledge and understanding of information risk concepts and principles, as a means of relating business needs to security controls
Strong experiences advising on security risks and controls for IT and Business projects and smaller initiatives
Strong knowledge of and experience in developing, documenting and reviewing security architectures.
Experience with common information security management and specialized security frameworks, such as: ISO27002, NIST CSF frameworks, CSA, OWASP.
Proficiency in performing risk, business impact, control and vulnerability assessments.
Strong understanding of IT infrastructure and business applications, including ERP and financial systems.
Strong technical knowledge of mainstream operating systems and a wide range of security technologies and domains, such as network security appliances, identity and access management (IAM) systems, virtualization, cloud security, web security, anti-malware solutions and endpoint security tools.
Strong analytical skills to analyze security requirements and relate them to appropriate security controls.

Titre : Analyste Securite principal (Project Advisory) CISSP, GIAC, CCSP

Duree : permanente

Lieu : 2 jours par semaine au centre-ville de Montreal

Responsabilites :

Conseiller les equipes de projet sur les exigences de securite, examiner l'architecture du systame et evaluer les risques identifies pour s'assurer que les projets soient livres de maniare securisee.
Fournir des services consultatifs de projet concernant les questions de cybersecurite aux projets et initiatives commerciaux et informatiques en suivant la methodologie etablie par le client.
Effectuer des risques de securite et presenter les resultats aux proprietaires de systames et aux promoteurs de projets.
a?valuer la posture de securite des fournisseurs Cloud et des fournisseurs tiers.
Veiller a ce que les contrales generaux informatiques (ITGC) et les contrales de securite appropries soient appliques pendant la livraison du projet.
Ameliorer la methodologie de conseil en securite du projet pour la rendre plus legare, efficace et flexible.
Fournir une assistance lors de l'evaluation semestrielle de la verification de l'etat de securite.
Competences requises :

10 ans d'experience professionnelle en securite informatique.
Minimum de 8 ans d'experience en cybersecurite, y compris l'evaluation des risques et la prestation de conseils en matiare de securite pour les projets informatiques et commerciaux.
Detient des certifications liees a la securite telles que : Certified Information Systems Security Professional (CISSP), Global Information Assurance Certification (GIAC), Certified Cloud Security Professional (CCSP).
Connaissance et comprehension approfondies des concepts et principes des risques lies a l'information, comme moyen de relier les besoins de l'entreprise aux contrales de securite
Solides experiences de conseil sur les risques et les contrales de securite pour les projets informatiques et commerciaux et les petites initiatives
Solide connaissance et experience dans le developpement, la documentation et l'examen des architectures de securite.
Experience avec la gestion commune de la securite de l'information et les cadres de securite specialises, tels que : ISO27002, cadres NIST CSF, CSA, OWASP.
Competence dans la realisation d'evaluations des risques, de l'impact commercial, du contrale et de la vulnerabilite.
Excellente comprehension de l'infrastructure informatique et des applications commerciales, y compris les systames ERP et financiers.
Solide connaissance technique des systames d'exploitatio

...

n courants et d'un large eventail de technologies et de domaines de securite, tels que les appareils de securite reseau, les systames de gestion des identites et des accas (IAM), la virtualisation, la securite cloud, la securite Web, les solutions anti-malware et les outils de securite des terminaux.
Solides competences analytiques pour analyser les exigences de securite et les relier aux contrales de securite appropries.

Meritek

Constamment a l'affat de nouveaux talents en TI, Meritek vous accompagne et vous offre la meilleure experience recrutement qui soit. Nous allons au-dela de votre cv et au-dela des descriptions de postes. Notre expertise couvre tous les postes...