Duration: Until the end of October with the possibility of extension + permanence
Bilingualism: Essential (must be fluent in French and a level 3/5 in English is acceptable)
You will play an integral role in defining and improving the customer's Cloud Security governance, risk and compliance framework supporting the Banks cloud initiatives. You will work within a forward-looking security governance team to refine Governance, Risk and Compliance (GRC) processes, and collaborate with Infrastructure and Application delivery teams overseeing and advising in their journey to the Cloud. The perfect candidate will be a self-driven individual at ease both in technical Data Security, Data protection measures, as well as regulatory frameworks. Experience with and financial regulations is appreciated but not mandatory.
• Define and build Cloud security governance, risk and compliance practices & frameworks to help business units to build & deliver solutions that meet the customer's regulatory and compliance requirements such as PCI, GDPR, NYDFS-500, etc.
• Lead the creation and documentation of cloud cyber security standards and frameworks; policies, standards, baselines, guidelines and procedures, following popular standards such as NIST, CIS, PCI, CSA, etc.
• Participate in risk assessment processes: Act as a subject matter expert evaluating security risks, technical controls, and identify mitigation requirements and develop accreditation recommendations; be responsible for tracking requirements and validate that tasks are on schedule, and ensure the delivery of quality documentation
• Work in collaboration with the team that designs and builds cloud-native continuous compliance capabilities and automate the risk assessment, quality of deliverables produced by the teams, help them align with overall targets.
• Develop security assessment reports to include all the assessment results and assigned mitigation strategy for each risk; perform analysis on each finding to promote a better understanding of the risks to organizational operations; organizational assets, and individuals
• Collaborate with Security Advisors to lead focused and continuous cloud security risk assessments of new and existing technologies to identify risks, and appropriate controls that balance security and operability
• Communicate effectively Cloud orientations to business leaders, security and application teams
• At least 3 years experience in AWS preferably (GCP or Azure), and Industry best practices for cloud security shared responsibility model, cloud ready governance best practices and architecture;
• Experience and knowledge with Governance, Risk Management and Compliance
• Some Hands-on experience in architecting, supporting or developing Cloud-based solutions for AWS, or other Cloud Service Providers (CSP), including IaaS, PaaS, and SaaS environments.
• Experienced with security and risk control frameworks related to cloud, including CSA, NIST CSF, etc.;
• Knowledge of security controls, incident detection/response and countermeasures (defense in depth)
• Cloud-Related certifications are not required but are assets.
• Highly self-motivated, self-directed and attentive to detail
• Ability to define, document, initiate, educate and communicate (new) processes and plans across multiple teams.
• Facilitation skills with an ability to build relationships with stakeholders;
• Good written and interpersonal communication skills
• French and English bilingualism, spoken and written