Position Id
Montreal QC
Job Type
Full-Time Regular

Role Summary:
The Senior Information Security Advisor is responsible for providing security solutions and consulting services to new projects and initiatives, in compliance with the Information Security Policy and Technical Standards, and best industry practices.

Key Accountabilities:

  • Lead projects in formulating security requirements;
  • Select and advise on applicable security standards and appropriate security technology;
  • Assess security of solutions and detailed controls the projects implemented;
  • Conduct Threat and Risk Assessments (TRAs) of technology systems that support business units’ operation;
  • Plan and execute application code reviews and security testing;
  • Apply techniques needed to verify compliance with technical standards;
  • Support the transition of projects from development to production;
  • Manage the records in the information security Risk Registry, by
    • Adding new risks as discovered,
    • Ensuring that risk owners and risk treatment options are identified,
    • Creating reports about trends in number of open/closed risks,
    • Following up on all action items associated with risks in the Risk Register and ensure timely completion of all risk mitigation actions;
  • Provide leadership in planning and executing the transition of security services from the traditional Data Center model to cloud-based solutions;
  • Evaluate new security products and services and advise on their suitability and feasibility to meet requirements;
  • Interface with technology vendors, to ensure that acquires products and services that protect the confidentiality, integrity and availability of informational assets;
  • Act as the bridge between the Montreal business and technology clients and the Information Security Office

Skills and Experience:

  • Must be fully fluent in both English and French;
  • University or College degree in Computer Science or IT Engineering with focus on information security;
  • Minimum 10 years of IT experience, of which minimum 7 years are in information security;
  • Previous hands-on experience with seven or more of the following security domains
    • Security Policies and Standards
    • Security Risk Management
    • Identity and Access Management
    • Privilege Access Management (knowledge of CyberArk preferred)
    • Anti-Virus - Platform hardening (Windows, Unix)
    • Database hardening
    • Network and Web Application Firewalls
    • Application security
    • Secure code development practices
    • Remote access security / security tokens / Multi-factor authentication
    • Digital certificates
    • Vulnerability Management (networks scans and patching)
    • Intrusion Detection and Intrusion Prevention (IDS, IPS)
    • Logging and Monitoring
    • Encryption solutions and Key Management
    • File and system integrity monitoring
    • Web content filtering
    • Email security (Gmail preferred)
    • Wi-Fi security
    • Mobile devices security
    • Security Incident Response
  • Knowledge of leading security standards, with a focus on NIST Cybersecurity Framework, ISO27001, ISO27002
  • CISSP, CCSP, CISA, CISM, ISO 27001, or similar certification is an asset.
  • Superior written and oral communication is required to describe technical concepts to both technical and non-technical audiences that may include staff from: project teams, project managers, engineering, architecture, IT operations, security, finance, third party vendors and others.
  • Strong business and technical acumen.
  • Ability to work with teams to achieve common goals and meet deadlines in a fast-paced environment.
  • Work well under pressure and time constraints and can prioritize competing priorities appropriately.
  • Can work independently with limited supervision and direction.
  • Can support the business lines when security questions or issues arise.

Nice to Have:

  • Knowledge of the Canadian Financial Markets
  • Experience with cloud-based technologies and services, including cloud security techniques.
  • Forensic Analysis.
  • Knowledge of security principles applicable to workload transitions from on-premises to cloud.
  • Demonstrated experience securing systems on public / hybrid cloud.
  • Experience with Cisco ACI
  • DevOps experience or training for AWS

Apply With