CTC007772 - Cybersecurity Senior consultant
Secteur industriel: Bancaire/Banking
Type d'emploi: Contract
Durée: One year
Mode de travail: Mixed
Description
-
Flexible hourly rate
-
Telecommuting: Hybrid 1 day per week mandatory in downtown Montreal office
-
Bilingualism: French, mandatory, knowledge of English not mandatory but an asset
The digital world and daily changes force us to be pragmatic, agile and proactive in the way we approach opportunities, technologies and processes from a cybersecurity point of view.
Your role:
-
Assess the cybersecurity risk posture of one or more business units;
-
Support one or more entities, outside Quebec and/or outside Canada, in managing their cyber risks;
-
Assess the maturity of cybersecurity controls according to various Canadian and international regulatory frameworks;
-
Ensure that risk considerations are addressed at every phase of the system development and maintenance lifecycle;
-
Proactively propose solutions to reduce and anticipate cybersecurity risks;
-
Recommend security measures in applications and infrastructure components, exercising judgment within the framework of existing policies and industry best practices;
-
Produce, maintain and communicate indicators (progress, performance, risk, etc.).
Here's how you can make an impact in our organization:
-
Inspire a positive working environment and assist as a champion and innovator in teamwork and team support;
-
Have a good understanding of security architecture and design in order to identify and recommend improvements in the methodologies and processes used within the business units and technical teams you support;
-
Be able to provide tactical and strategic guidance and advice to help business and technical teams achieve acceptable security risk postures;
-
Build trusting relationships with technology teams and be able to provide them with information on application and infrastructure security to ensure secure delivery cycles;
-
Facilitate risk assessments, support teams in the remediation of vulnerabilities and ensure the review of security exceptions;
-
Have a detailed understanding of the technology components maintained by the teams you support, and their security posture;
-
Participate in complex projects and be able to present complex security reports, analyses and assessments to both technical and non-technical professionals.
Skills required:
-
Completed Bachelor's degree, industry related, and a minimum of five (5) years of relevant experience;
-
Experience in information security (authentication, authorization, access control, auditing, cryptography, etc.);
-
Experience in risk assessment using recognized tools;
-
Practical understanding of application architecture and related technologies;
-
Knowledge of some of the following technical concepts/tools an asset :
-
Cloud AWS / ISTIO
-
Orchestrator: Jenkins, GitHub Actions
-
Continuous Monitoring: Datadog, Splunk, etc.
-
Continuous Integration: GitHub, Bitbucket, etc.
-
Continuous Deployment: Harness, Urban Code, Argo CD, etc.
-
Continuous Security: Aqua Security, Nexus IQ, Artifactory, Veracode, SonarQube
-
Knowledge of the specifics of Kubernetes and Openshift
-
Knowledge of one of the main cybersecurity standards (NIST, CobIT, ISO, etc.)
-
Knowledge of one of the main cyber regulatory frameworks for financial institutions (PCI, OSFI, FFIEC, NYDFS, etc.)
-
Knowledge of one of the main regulatory frameworks surrounding the protection of personal information (Law 25, PIPEDA, GDPR, GLBA, etc.)
-
Team spirit, interpersonal skills, good communication and customer service orientation;
-
Ability to popularize risk and make presentations to different audiences (technical, professional, etc.).