Security Analyst - Consulting services for delivery teams

Direction : Consulting services for delivery teams

We are looking for a dynamic analyst to join our security team.  You will be working as part of a security team that accompanies IT projects.  A typical day will have you scrumming with your security team in the morning, then going off individually into the IT sector to evaluate the security requirements and risks.  Although you will work independently identifying the risks of your assigned projects, you will be supported and actively part of your security team. 

Specifically:

• Participates in project planning sessions to identify the security roadmap within the project;
• Identifies security requirements and potential risks according to the project context ensuring alignment to the iA security framework;
• Identifies and categorizes information assets in line with the organizational risk tolerance; 
• Identifies and evaluates risk scenarios to mitigate residual risks to support the line of business;
• Presents residual risks to the asset owner and collaborates in defining the action plan;
• Provides guidance on information security best practices while supporting IT teams; 
• Provides pragmatic professional opinions and recommendations, all in accordance with established standards, rules and guidelines;

Candidate Profile:

• Has strong communication, time management, report writing, investigation, and presentation skills;
• Has strong problem solving, organizational and analytical skills, with the ability to articulate complex concepts in a clear and concise manner;
• Has experience with information security technologies; 
• Is familiar with security concepts such as encryption, logging, monitoring, access management, cloud computing, etc;
•  Appreciates and promotes customer/user contact; 
•  Demonstrates curiosity, autonomy, rigor and a good sense of synthesis; 
•  Is able to maintain a healthy working relationship with stakeholders from various sectors and of varying hierarchical levels;
•   Understands the IT project development lifecycle: requirements, analysis, planning, design, development and release;
•  Is knowledgeable of regulatory requirements, standards (NIST, ISO 27001, etc.) and best practices in information security; 
•  Is knowledgeable of Lean/Agile principles and the ability to apply them in a team environment an asset;
• Is knowledgeable of the insurance and financial services industry an asset;

Education and Experience

• A minimum of 4 years of relevant work experience in cybersecurity controls and risk management;
• An Undergraduate (or higher) degree in Information Security Management, Risk Management, Computer Science or Engineering or equivalent;
• An industry-recognized cybersecurity relevant certification such as Certified Information Systems Security Professional (CISSP); Certified Information Security Manager (CISM), Certified Information Security Auditor (CISA) an asset;

• Strong knowledge of cybersecurity frameworks, standards and guidelines such as ISO 27001,  NIST SP 800-30/34, NIST CSF, ISF CSF;