thank you for subscribing to your personalised job alerts.

    9 jobs found for cism

    filter
      • Toronto, Ontario
      • Contract
      Our downtown Toronto client is looking for an experienced Network Analyst for an exciting 12 months project. Previous experience working with Ontario Public Sector or Broader Public Sector clients is Mandatory. Mandatory Skills / Certification: •Mandatory Skills / Certification:• Minimum 5+ years of direct involvement in the architecture, design,construction and support of large, complex enterprise level Network / Securitysystems including firewalls, security appliances, multi-homed Internet, multi-vendor firewall appliances, network segments / segmentation• Minimum 5+ years of direct involvement in the architecture, design,construction and support of critical infrastructure Network / Security systemsacross Operational Technology and Industrial Controls Systems such as PLCs,various other SCADA devices, Power Control etc…• Minimum 4+ years experience with security appliances and configuraton ofFirewalls, intrusion detection and prevention, monitoring, containment andremediation across Operational Technology and Industrial Controls Systems• Experience with Change Management and Change Impact Analysis forOperational Technology and Industrial Controls Systems• One or more security industry certifications including but not limited to: CISSP,CISA, CISM, SANs certifications• Experience with core security technologies such as Security Information andEvent Monitoring systems (SIEM), Web Application Firewall (WAF), IntrusionDetection and Prevention Systems (IDPS), Vulnerability Management,EndPoint Security, NGFWs, Log Management (centralized logging)• Experience with setting up policies for DLP, IPS, DDoS, SSL inspection etc. onRESPONSIBILITIESQUALIFICATIONS
      Our downtown Toronto client is looking for an experienced Network Analyst for an exciting 12 months project. Previous experience working with Ontario Public Sector or Broader Public Sector clients is Mandatory. Mandatory Skills / Certification: •Mandatory Skills / Certification:• Minimum 5+ years of direct involvement in the architecture, design,construction and support of large, complex enterprise level Network / Securitysystems including firewalls, security appliances, multi-homed Internet, multi-vendor firewall appliances, network segments / segmentation• Minimum 5+ years of direct involvement in the architecture, design,construction and support of critical infrastructure Network / Security systemsacross Operational Technology and Industrial Controls Systems such as PLCs,various other SCADA devices, Power Control etc…• Minimum 4+ years experience with security appliances and configuraton ofFirewalls, intrusion detection and prevention, monitoring, containment andremediation across Operational Technology and Industrial Controls Systems• Experience with Change Management and Change Impact Analysis forOperational Technology and Industrial Controls Systems• One or more security industry certifications including but not limited to: CISSP,CISA, CISM, SANs certifications• Experience with core security technologies such as Security Information andEvent Monitoring systems (SIEM), Web Application Firewall (WAF), IntrusionDetection and Prevention Systems (IDPS), Vulnerability Management,EndPoint Security, NGFWs, Log Management (centralized logging)• Experience with setting up policies for DLP, IPS, DDoS, SSL inspection etc. onRESPONSIBILITIESQUALIFICATIONS
      • Toronto, Ontario
      • Permanent
      • $100,000 - $120,000 per year
      For immediate consideration, please send resume to Edwin.chang@randstad.caWe're looking for a Security Assurance and Advisory Lead to join our team in a permanent-full-time capacity.This role is 100% work at home.PURPOSE OF THE ROLE: ROLE: The Assurance and Advisory Lead will execute, develop, and support the Manager ofGRC with planned Corporate projects, focusing on identifying technology and business risks, compensatingcontrols, and opportunities for improvement in internal controls.Responsibility Breakdown Internal Quality Control, Assurance & Advisory 40%- Manage and oversee risk and ensure quality control procedures are executed across the enterprise.- Perform security audits and risk assessments on new or existing solutions.- Manage domain of Advisory and Assurance services and continue to improve efficiencies- Validate security controls Information Technology teams and vendors.- Identify, propose, and implement security methodologies, and tools that simplify security testing anddiscovery activities.- Support business units in identifying improvement opportunities to manage risk and apply quality controlthroughout existing applications/systems, processes, and projects.- Identify and assess technology solutions and business risks, identifying internal controls to mitigate risks,Provide subject matter expertise in selecting and tailoring existing risk management approaches,methodologies, and tools to support and secure services and products.Risk Management 30%- Assess projects and IT changes for compliance w/ security policies and regulatory landscape.- Identify areas of information security compliance vulnerability and risk within new and existing projects,processes, and technologies.- Perform strategic threat risk assessments, identifying key business risks and threats within projects, existingprocesses, leading communication, and reporting of identified risk and risk remediation plans.- Review and evaluate existing processes and projects to benchmark security compliance with industrystandards.- Present and communicate risk status to senior management.- Continue the development and management for the TRA and advisory services programProject & Team Management 15%- Identify scope and objectives of projects, gaining an understanding of the business, and managingresources needed to conduct risk identification, risk mitigation, and risk compliance assurance activities.- Support and facilitate practice development in information security assurance and advisory engagementactivities, simultaneously overseeing and managing multiple projects.- Lead and manage outsourced commodity vendor and Third-Party Risk Management provider specific to theadvisory and assurance functionChange Management 15%- Lead and drive change across the enterprise in implementing and improving existing risk managementmethodologies to ensure stakeholder buy-in and effective integration of risk management methodologies inbusiness practice.- Integrate and align risk management methodologies to other organizational initiatives:o, Identify and mitigate barriers to success.o, Ensure risk management methodologies are adopted within existing processes and programs.o Identify change management needs in staffing, training, communications, and organizationaldesigns.o Support and coordinate security training and awareness material that identifies and communicatesinformation on security compliance trends to employees.Requirements:- 8+ years of direct experience in an information security risk management and compliance role and several years of experience within the healthcare sector-The successful candidate has lots of experience working in the healthcare industry.- Expertise in evaluating security controls, conducting risk assessments (including third-party risk management).- Knowledge and interest in technology including topics such as operating systems, mobile technologies, software development, networking, and business applications.- Understanding of internal control frameworks including COBIT, ISO 27001, NIST, ITIL, etc.- Experience in the implementation of ISO 27001 standards and certification- Knowledge of developing risk reports and control summaries.- Familiarity with the Internet of Things (IoT) devices, industrial control systems (ICS), and supervisory control and data acquisition (SCADA).- Architectural and network security experience.- Strong writing and interpersonal communication skills.- The ability to handle multiple projects simultaneously.- Exhibits intellectual curiosity and analytical thinking.- Bachelor’s degree or Diploma in IT, Business Technology Management, or any related technical field- Designation (if applicable): One or more relevant security certifications (CISA, CISSP, CPA, CISM, CRISC, GSNA, GCCC)ADVANTAGESA chance to work with one of Canada's largest health industry, and alongside top leaders in the security world.RESPONSIBILITIESInternal Quality Control, Assurance & Advisory 40%Risk Management 30%Project & Team Management 15%Change Management 15%QUALIFICATIONS- 8+ years of direct experience in an information security risk management and compliance role and several years of experience within the healthcare sector-The successful candidate has lots of experience working in the healthcare industry.- Expertise in evaluating security controls, conducting risk assessments (including third-party risk management).- Knowledge and interest in technology including topics such as operating systems, mobile technologies, software development, networking, and business applications.- Understanding of internal control frameworks including COBIT, ISO 27001, NIST, ITIL, etc.- Experience in the implementation of ISO 27001 standards and certification- Knowledge of developing risk reports and control summaries.- Familiarity with the Internet of Things (IoT) devices, industrial control systems (ICS), and supervisory control and data acquisition (SCADA).- Architectural and network security experience.- Strong writing and interpersonal communication skills.- The ability to handle multiple projects simultaneously.- Exhibits intellectual curiosity and analytical thinking.- Bachelor’s degree or Diploma in IT, Business Technology Management, or any related technical field- Designation (if applicable): One or more relevant security certifications (CISA, CISSP, CPA, CISM, CRISC, GSNA, GCCC)SUMMARYThe Assurance and Advisory Lead will execute, develop, and support the Manager ofGRC with planned Corporate projects, focusing on identifying technology and business risks, compensatingcontrols, and opportunities for improvement in internal controls.
      For immediate consideration, please send resume to Edwin.chang@randstad.caWe're looking for a Security Assurance and Advisory Lead to join our team in a permanent-full-time capacity.This role is 100% work at home.PURPOSE OF THE ROLE: ROLE: The Assurance and Advisory Lead will execute, develop, and support the Manager ofGRC with planned Corporate projects, focusing on identifying technology and business risks, compensatingcontrols, and opportunities for improvement in internal controls.Responsibility Breakdown Internal Quality Control, Assurance & Advisory 40%- Manage and oversee risk and ensure quality control procedures are executed across the enterprise.- Perform security audits and risk assessments on new or existing solutions.- Manage domain of Advisory and Assurance services and continue to improve efficiencies- Validate security controls Information Technology teams and vendors.- Identify, propose, and implement security methodologies, and tools that simplify security testing anddiscovery activities.- Support business units in identifying improvement opportunities to manage risk and apply quality controlthroughout existing applications/systems, processes, and projects.- Identify and assess technology solutions and business risks, identifying internal controls to mitigate risks,Provide subject matter expertise in selecting and tailoring existing risk management approaches,methodologies, and tools to support and secure services and products.Risk Management 30%- Assess projects and IT changes for compliance w/ security policies and regulatory landscape.- Identify areas of information security compliance vulnerability and risk within new and existing projects,processes, and technologies.- Perform strategic threat risk assessments, identifying key business risks and threats within projects, existingprocesses, leading communication, and reporting of identified risk and risk remediation plans.- Review and evaluate existing processes and projects to benchmark security compliance with industrystandards.- Present and communicate risk status to senior management.- Continue the development and management for the TRA and advisory services programProject & Team Management 15%- Identify scope and objectives of projects, gaining an understanding of the business, and managingresources needed to conduct risk identification, risk mitigation, and risk compliance assurance activities.- Support and facilitate practice development in information security assurance and advisory engagementactivities, simultaneously overseeing and managing multiple projects.- Lead and manage outsourced commodity vendor and Third-Party Risk Management provider specific to theadvisory and assurance functionChange Management 15%- Lead and drive change across the enterprise in implementing and improving existing risk managementmethodologies to ensure stakeholder buy-in and effective integration of risk management methodologies inbusiness practice.- Integrate and align risk management methodologies to other organizational initiatives:o, Identify and mitigate barriers to success.o, Ensure risk management methodologies are adopted within existing processes and programs.o Identify change management needs in staffing, training, communications, and organizationaldesigns.o Support and coordinate security training and awareness material that identifies and communicatesinformation on security compliance trends to employees.Requirements:- 8+ years of direct experience in an information security risk management and compliance role and several years of experience within the healthcare sector-The successful candidate has lots of experience working in the healthcare industry.- Expertise in evaluating security controls, conducting risk assessments (including third-party risk management).- Knowledge and interest in technology including topics such as operating systems, mobile technologies, software development, networking, and business applications.- Understanding of internal control frameworks including COBIT, ISO 27001, NIST, ITIL, etc.- Experience in the implementation of ISO 27001 standards and certification- Knowledge of developing risk reports and control summaries.- Familiarity with the Internet of Things (IoT) devices, industrial control systems (ICS), and supervisory control and data acquisition (SCADA).- Architectural and network security experience.- Strong writing and interpersonal communication skills.- The ability to handle multiple projects simultaneously.- Exhibits intellectual curiosity and analytical thinking.- Bachelor’s degree or Diploma in IT, Business Technology Management, or any related technical field- Designation (if applicable): One or more relevant security certifications (CISA, CISSP, CPA, CISM, CRISC, GSNA, GCCC)ADVANTAGESA chance to work with one of Canada's largest health industry, and alongside top leaders in the security world.RESPONSIBILITIESInternal Quality Control, Assurance & Advisory 40%Risk Management 30%Project & Team Management 15%Change Management 15%QUALIFICATIONS- 8+ years of direct experience in an information security risk management and compliance role and several years of experience within the healthcare sector-The successful candidate has lots of experience working in the healthcare industry.- Expertise in evaluating security controls, conducting risk assessments (including third-party risk management).- Knowledge and interest in technology including topics such as operating systems, mobile technologies, software development, networking, and business applications.- Understanding of internal control frameworks including COBIT, ISO 27001, NIST, ITIL, etc.- Experience in the implementation of ISO 27001 standards and certification- Knowledge of developing risk reports and control summaries.- Familiarity with the Internet of Things (IoT) devices, industrial control systems (ICS), and supervisory control and data acquisition (SCADA).- Architectural and network security experience.- Strong writing and interpersonal communication skills.- The ability to handle multiple projects simultaneously.- Exhibits intellectual curiosity and analytical thinking.- Bachelor’s degree or Diploma in IT, Business Technology Management, or any related technical field- Designation (if applicable): One or more relevant security certifications (CISA, CISSP, CPA, CISM, CRISC, GSNA, GCCC)SUMMARYThe Assurance and Advisory Lead will execute, develop, and support the Manager ofGRC with planned Corporate projects, focusing on identifying technology and business risks, compensatingcontrols, and opportunities for improvement in internal controls.
      • Montreal, Québec
      • Contract
      Contract CYBERSECURITY ANALYSTBILINGUALNeeds to be able to be in Montreal officeThe Information Security Analyst will be responsible for evaluating application environments to ensure they are being designed and deployed in compliance with InfoSec standards, policies and US regulatory requirements. This includes following up on security assessments, partnering with Cyber security team and business owner for systems risk analysis, reporting security findings and recommending corrective actions for the relevant operational teams. ESSENTIAL DUTIES AND JOB RESPONSIBILITIES: The successful individual will leverage their proficiency in Application Security to : • Work with developers, architects, project leads/managers, business analysts, and others, in determining security requirements for projects and ensures that these requirements are met as part of the software development lifecycle.• Work alongside IT partners and act as the "go to" individual for all security questions, concerns, and guidance for a specific IT entity.• Partner with Cyber security team in developing and presenting training material on security-related topics, and develop application security-related development standards and controls alongside other governance and architecture teams.• Serve as a Subject Matter Expert (SME) in the field of application security for a specific IT entity.• Conducting dynamic & Static code reviews.• Act to integrate application/software security tools within existing development processes.• Assist with the planning and execution of application penetration tests.• Identify and help resolve false positive findings in security assessment results.• Generate reports on assessment findings and help guide and track remediation tasks.• Assist with formulation and distribution of security metrics that demonstrate assessment coverage and remediation effectiveness.Profile The accomplished individual will possess :• Solid understanding of secure coding principles (OWASP Top 10)• 2-4 years experience with Application Security Tools like Qualys, IBM AppScan, Weblnspect, Veracode, Checkmarx, etc.• Strong familiarity with widely used application development tools & languages (ex..Net, JAVA, XCode, etc.)• Strong familiarity with data manipulation (SQL, Excel)• Strong critical thinking and problem solving skills, ability to prioritize work• Excellent written and oral communications skills• Ability to understand business needs and commitment to delivering high-quality, prompt, and efficient service to the businessEDUCATION & EXPERIENCE REQUIREMENTS• BS in Computer Science, Information Security, or a related field• 2-4 years of past experience in information security, especially in an analyst role• Industry Certifications such as CISSP,CISM, CISA, CEH are considered a plusRESPONSIBILITIESQUALIFICATIONS
      Contract CYBERSECURITY ANALYSTBILINGUALNeeds to be able to be in Montreal officeThe Information Security Analyst will be responsible for evaluating application environments to ensure they are being designed and deployed in compliance with InfoSec standards, policies and US regulatory requirements. This includes following up on security assessments, partnering with Cyber security team and business owner for systems risk analysis, reporting security findings and recommending corrective actions for the relevant operational teams. ESSENTIAL DUTIES AND JOB RESPONSIBILITIES: The successful individual will leverage their proficiency in Application Security to : • Work with developers, architects, project leads/managers, business analysts, and others, in determining security requirements for projects and ensures that these requirements are met as part of the software development lifecycle.• Work alongside IT partners and act as the "go to" individual for all security questions, concerns, and guidance for a specific IT entity.• Partner with Cyber security team in developing and presenting training material on security-related topics, and develop application security-related development standards and controls alongside other governance and architecture teams.• Serve as a Subject Matter Expert (SME) in the field of application security for a specific IT entity.• Conducting dynamic & Static code reviews.• Act to integrate application/software security tools within existing development processes.• Assist with the planning and execution of application penetration tests.• Identify and help resolve false positive findings in security assessment results.• Generate reports on assessment findings and help guide and track remediation tasks.• Assist with formulation and distribution of security metrics that demonstrate assessment coverage and remediation effectiveness.Profile The accomplished individual will possess :• Solid understanding of secure coding principles (OWASP Top 10)• 2-4 years experience with Application Security Tools like Qualys, IBM AppScan, Weblnspect, Veracode, Checkmarx, etc.• Strong familiarity with widely used application development tools & languages (ex..Net, JAVA, XCode, etc.)• Strong familiarity with data manipulation (SQL, Excel)• Strong critical thinking and problem solving skills, ability to prioritize work• Excellent written and oral communications skills• Ability to understand business needs and commitment to delivering high-quality, prompt, and efficient service to the businessEDUCATION & EXPERIENCE REQUIREMENTS• BS in Computer Science, Information Security, or a related field• 2-4 years of past experience in information security, especially in an analyst role• Industry Certifications such as CISSP,CISM, CISA, CEH are considered a plusRESPONSIBILITIESQUALIFICATIONS
      • Toronto, Ontario
      • Permanent
      • $100,000 - $120,000 per year
      We're looking for a Security Assurance and Advisory Lead to join our team in a permanent-full-time capacity.This role is 100% work at home.PURPOSE OF THE ROLE: ROLE: The Assurance and Advisory Lead will execute, develop, and support the Manager ofGRC with planned Corporate projects, focusing on identifying technology and business risks, compensatingcontrols, and opportunities for improvement in internal controls.Responsibility Breakdown Internal Quality Control, Assurance & Advisory 40%- Manage and oversee risk and ensure quality control procedures are executed across the enterprise.- Perform security audits and risk assessments on new or existing solutions.- Manage domain of Advisory and Assurance services and continue to improve efficiencies- Validate security controls Information Technology teams and vendors.- Identify, propose, and implement security methodologies, and tools that simplify security testing anddiscovery activities.- Support business units in identifying improvement opportunities to manage risk and apply quality controlthroughout existing applications/systems, processes, and projects.- Identify and assess technology solutions and business risks, identifying internal controls to mitigate risks,Provide subject matter expertise in selecting and tailoring existing risk management approaches,methodologies, and tools to support and secure services and products.Risk Management 30%- Assess projects and IT changes for compliance w/ security policies and regulatory landscape.- Identify areas of information security compliance vulnerability and risk within new and existing projects,processes, and technologies.- Perform strategic threat risk assessments, identifying key business risks and threats within projects, existingprocesses, leading communication, and reporting of identified risk and risk remediation plans.- Review and evaluate existing processes and projects to benchmark security compliance with industrystandards.- Present and communicate risk status to senior management.- Continue the development and management for the TRA and advisory services programProject & Team Management 15%- Identify scope and objectives of projects, gaining an understanding of the business, and managingresources needed to conduct risk identification, risk mitigation, and risk compliance assurance activities.- Support and facilitate practice development in information security assurance and advisory engagementactivities, simultaneously overseeing and managing multiple projects.- Lead and manage outsourced commodity vendor and Third-Party Risk Management provider specific to theadvisory and assurance functionChange Management 15%- Lead and drive change across the enterprise in implementing and improving existing risk managementmethodologies to ensure stakeholder buy-in and effective integration of risk management methodologies inbusiness practice.- Integrate and align risk management methodologies to other organizational initiatives:o, Identify and mitigate barriers to success.o, Ensure risk management methodologies are adopted within existing processes and programs.o Identify change management needs in staffing, training, communications, and organizationaldesigns.o Support and coordinate security training and awareness material that identifies and communicatesinformation on security compliance trends to employees.Requirements:- 8+ years of direct experience in an information security risk management and compliance role and several years of experience within the healthcare sector-The successful candidate has lots of experience working in the healthcare industry.- Expertise in evaluating security controls, conducting risk assessments (including third-party risk management).- Knowledge and interest in technology including topics such as operating systems, mobile technologies, software development, networking, and business applications.- Understanding of internal control frameworks including COBIT, ISO 27001, NIST, ITIL, etc.- Experience in the implementation of ISO 27001 standards and certification- Knowledge of developing risk reports and control summaries.- Familiarity with the Internet of Things (IoT) devices, industrial control systems (ICS), and supervisory control and data acquisition (SCADA).- Architectural and network security experience.- Strong writing and interpersonal communication skills.- The ability to handle multiple projects simultaneously.- Exhibits intellectual curiosity and analytical thinking.- Bachelor’s degree or Diploma in IT, Business Technology Management, or any related technical field- Designation (if applicable): One or more relevant security certifications (CISA, CISSP, CPA, CISM, CRISC, GSNA, GCCC)For immediate consideration, please send resume to Edwin.chang@randstad.caADVANTAGESA chance to work with one of Canada's largest health industry, and alongside top leaders in the security world.RESPONSIBILITIESInternal Quality Control, Assurance & Advisory 40%Risk Management 30%Project & Team Management 15%Change Management 15%QUALIFICATIONS- 8+ years of direct experience in an information security risk management and compliance role and several years of experience within the healthcare sector-The successful candidate has lots of experience working in the healthcare industry.- Expertise in evaluating security controls, conducting risk assessments (including third-party risk management).- Knowledge and interest in technology including topics such as operating systems, mobile technologies, software development, networking, and business applications.- Understanding of internal control frameworks including COBIT, ISO 27001, NIST, ITIL, etc.- Experience in the implementation of ISO 27001 standards and certification- Knowledge of developing risk reports and control summaries.- Familiarity with the Internet of Things (IoT) devices, industrial control systems (ICS), and supervisory control and data acquisition (SCADA).- Architectural and network security experience.- Strong writing and interpersonal communication skills.- The ability to handle multiple projects simultaneously.- Exhibits intellectual curiosity and analytical thinking.- Bachelor’s degree or Diploma in IT, Business Technology Management, or any related technical field- Designation (if applicable): One or more relevant security certifications (CISA, CISSP, CPA, CISM, CRISC, GSNA, GCCC)SUMMARYThe Assurance and Advisory Lead will execute, develop, and support the Manager ofGRC with planned Corporate projects, focusing on identifying technology and business risks, compensatingcontrols, and opportunities for improvement in internal controls.
      We're looking for a Security Assurance and Advisory Lead to join our team in a permanent-full-time capacity.This role is 100% work at home.PURPOSE OF THE ROLE: ROLE: The Assurance and Advisory Lead will execute, develop, and support the Manager ofGRC with planned Corporate projects, focusing on identifying technology and business risks, compensatingcontrols, and opportunities for improvement in internal controls.Responsibility Breakdown Internal Quality Control, Assurance & Advisory 40%- Manage and oversee risk and ensure quality control procedures are executed across the enterprise.- Perform security audits and risk assessments on new or existing solutions.- Manage domain of Advisory and Assurance services and continue to improve efficiencies- Validate security controls Information Technology teams and vendors.- Identify, propose, and implement security methodologies, and tools that simplify security testing anddiscovery activities.- Support business units in identifying improvement opportunities to manage risk and apply quality controlthroughout existing applications/systems, processes, and projects.- Identify and assess technology solutions and business risks, identifying internal controls to mitigate risks,Provide subject matter expertise in selecting and tailoring existing risk management approaches,methodologies, and tools to support and secure services and products.Risk Management 30%- Assess projects and IT changes for compliance w/ security policies and regulatory landscape.- Identify areas of information security compliance vulnerability and risk within new and existing projects,processes, and technologies.- Perform strategic threat risk assessments, identifying key business risks and threats within projects, existingprocesses, leading communication, and reporting of identified risk and risk remediation plans.- Review and evaluate existing processes and projects to benchmark security compliance with industrystandards.- Present and communicate risk status to senior management.- Continue the development and management for the TRA and advisory services programProject & Team Management 15%- Identify scope and objectives of projects, gaining an understanding of the business, and managingresources needed to conduct risk identification, risk mitigation, and risk compliance assurance activities.- Support and facilitate practice development in information security assurance and advisory engagementactivities, simultaneously overseeing and managing multiple projects.- Lead and manage outsourced commodity vendor and Third-Party Risk Management provider specific to theadvisory and assurance functionChange Management 15%- Lead and drive change across the enterprise in implementing and improving existing risk managementmethodologies to ensure stakeholder buy-in and effective integration of risk management methodologies inbusiness practice.- Integrate and align risk management methodologies to other organizational initiatives:o, Identify and mitigate barriers to success.o, Ensure risk management methodologies are adopted within existing processes and programs.o Identify change management needs in staffing, training, communications, and organizationaldesigns.o Support and coordinate security training and awareness material that identifies and communicatesinformation on security compliance trends to employees.Requirements:- 8+ years of direct experience in an information security risk management and compliance role and several years of experience within the healthcare sector-The successful candidate has lots of experience working in the healthcare industry.- Expertise in evaluating security controls, conducting risk assessments (including third-party risk management).- Knowledge and interest in technology including topics such as operating systems, mobile technologies, software development, networking, and business applications.- Understanding of internal control frameworks including COBIT, ISO 27001, NIST, ITIL, etc.- Experience in the implementation of ISO 27001 standards and certification- Knowledge of developing risk reports and control summaries.- Familiarity with the Internet of Things (IoT) devices, industrial control systems (ICS), and supervisory control and data acquisition (SCADA).- Architectural and network security experience.- Strong writing and interpersonal communication skills.- The ability to handle multiple projects simultaneously.- Exhibits intellectual curiosity and analytical thinking.- Bachelor’s degree or Diploma in IT, Business Technology Management, or any related technical field- Designation (if applicable): One or more relevant security certifications (CISA, CISSP, CPA, CISM, CRISC, GSNA, GCCC)For immediate consideration, please send resume to Edwin.chang@randstad.caADVANTAGESA chance to work with one of Canada's largest health industry, and alongside top leaders in the security world.RESPONSIBILITIESInternal Quality Control, Assurance & Advisory 40%Risk Management 30%Project & Team Management 15%Change Management 15%QUALIFICATIONS- 8+ years of direct experience in an information security risk management and compliance role and several years of experience within the healthcare sector-The successful candidate has lots of experience working in the healthcare industry.- Expertise in evaluating security controls, conducting risk assessments (including third-party risk management).- Knowledge and interest in technology including topics such as operating systems, mobile technologies, software development, networking, and business applications.- Understanding of internal control frameworks including COBIT, ISO 27001, NIST, ITIL, etc.- Experience in the implementation of ISO 27001 standards and certification- Knowledge of developing risk reports and control summaries.- Familiarity with the Internet of Things (IoT) devices, industrial control systems (ICS), and supervisory control and data acquisition (SCADA).- Architectural and network security experience.- Strong writing and interpersonal communication skills.- The ability to handle multiple projects simultaneously.- Exhibits intellectual curiosity and analytical thinking.- Bachelor’s degree or Diploma in IT, Business Technology Management, or any related technical field- Designation (if applicable): One or more relevant security certifications (CISA, CISSP, CPA, CISM, CRISC, GSNA, GCCC)SUMMARYThe Assurance and Advisory Lead will execute, develop, and support the Manager ofGRC with planned Corporate projects, focusing on identifying technology and business risks, compensatingcontrols, and opportunities for improvement in internal controls.
      • Toronto, Ontario
      • Permanent
      Our client, located in Toronto is looking for a Cyber Security Specialist to join them on a full time - permanent basis.This role implements processes, systems or projects that contribute to the confidentiality, integrity, and availability of our client data, information technology and operational technology assets. S/he is responsible for identifying, implementing and maintaining security controls in accordance with our client’s policies and standards in addition to discreetly monitoring, detecting, and responding to cyber incidents.KEY RESPONSIBILITIES:Identifies, develops, implements cyber security controls to support cyber security operations. Proactively identifies problems and opportunities for improvement of cyber security systems or processes, including architecture advancement, threat and risk migration, service level improvements, identity and access management improvements and customer demand management.Provides cyber security services and solutions to support IT&S project delivery. As a SME, provide advice on tailored solutions for security controls, measures for project delivery, security awareness and training, security protocols, risks for a project from a security standpoint.Troubleshoots and maintains IT assets (i.e. hardware, software, infrastructure like mobile devices, servers, computers, networks etc.) to improve reliability, response to incidents and issue resolution, life cycle management/refresh.Identifies opportunities and improves productivity of cybersecurity services, which may include re-engineeringcurrent processes and finding automation and efficiency.Researches and identifies industry trends (relative to scope of responsibility), leveraging best practices to improve and align cybersecurity servicesCOMPETENCIES:Post-secondary technical degree (e.g. Computer Engineering or Computer Science) or diploma with a suitable combination of education and experience maybe consideredRelevant certifications (CISSP, CISA, CISM, GCIH, OCSP, CCIE-Security) 5 years of experience in Cyber Security Graduate degree (MBA, MSc, PhD) preferredExtensive knowledge and expertise with the following technologies: Firewalls, DNS Firewalls, Web ApplicationFirewalls (WAF), Secure Email Gateways, Intrusion Detection and Prevention Systems (IDS/IPS), Security Incidentand Event Management Systems (SIEM), Threat Intelligence, Data Loss Prevention (DLP), Endpoint ProtectionPlatforms (EPP) and Endpoint Detection and Response (EDR), ForensicsDemonstrated experience in management and improvement of IT security technologies and process, security architecture, and cyber incident responseExperience with NIST Cybersecurity Framework and Ontario Cybersecurity FrameworkUtility Experience is an assetKnowledge of Information Technology Infrastructure Library (ITIL)Strong influencing and negotiating skillsSuperior verbal and written communication skills; ability to effectively communicate ideas and influence change with people at all levels of the organizationStrong stakeholder engagement and project management skillsStrong problem-solving, decision-making and analytical skillsStrong organizational and me management skills, with the ability to multi-task and meet deadlines.Strong strategic business focus and commitment to partnering with business units to enable them to meet their objectives.RESPONSIBILITIESQUALIFICATIONS
      Our client, located in Toronto is looking for a Cyber Security Specialist to join them on a full time - permanent basis.This role implements processes, systems or projects that contribute to the confidentiality, integrity, and availability of our client data, information technology and operational technology assets. S/he is responsible for identifying, implementing and maintaining security controls in accordance with our client’s policies and standards in addition to discreetly monitoring, detecting, and responding to cyber incidents.KEY RESPONSIBILITIES:Identifies, develops, implements cyber security controls to support cyber security operations. Proactively identifies problems and opportunities for improvement of cyber security systems or processes, including architecture advancement, threat and risk migration, service level improvements, identity and access management improvements and customer demand management.Provides cyber security services and solutions to support IT&S project delivery. As a SME, provide advice on tailored solutions for security controls, measures for project delivery, security awareness and training, security protocols, risks for a project from a security standpoint.Troubleshoots and maintains IT assets (i.e. hardware, software, infrastructure like mobile devices, servers, computers, networks etc.) to improve reliability, response to incidents and issue resolution, life cycle management/refresh.Identifies opportunities and improves productivity of cybersecurity services, which may include re-engineeringcurrent processes and finding automation and efficiency.Researches and identifies industry trends (relative to scope of responsibility), leveraging best practices to improve and align cybersecurity servicesCOMPETENCIES:Post-secondary technical degree (e.g. Computer Engineering or Computer Science) or diploma with a suitable combination of education and experience maybe consideredRelevant certifications (CISSP, CISA, CISM, GCIH, OCSP, CCIE-Security) 5 years of experience in Cyber Security Graduate degree (MBA, MSc, PhD) preferredExtensive knowledge and expertise with the following technologies: Firewalls, DNS Firewalls, Web ApplicationFirewalls (WAF), Secure Email Gateways, Intrusion Detection and Prevention Systems (IDS/IPS), Security Incidentand Event Management Systems (SIEM), Threat Intelligence, Data Loss Prevention (DLP), Endpoint ProtectionPlatforms (EPP) and Endpoint Detection and Response (EDR), ForensicsDemonstrated experience in management and improvement of IT security technologies and process, security architecture, and cyber incident responseExperience with NIST Cybersecurity Framework and Ontario Cybersecurity FrameworkUtility Experience is an assetKnowledge of Information Technology Infrastructure Library (ITIL)Strong influencing and negotiating skillsSuperior verbal and written communication skills; ability to effectively communicate ideas and influence change with people at all levels of the organizationStrong stakeholder engagement and project management skillsStrong problem-solving, decision-making and analytical skillsStrong organizational and me management skills, with the ability to multi-task and meet deadlines.Strong strategic business focus and commitment to partnering with business units to enable them to meet their objectives.RESPONSIBILITIESQUALIFICATIONS
      • Montreal, Québec
      • Permanent
      SUMMARY OF TASKS:The Cyber Security team plays a key role in defining, implementing and operating best in class solutions in order to protect the company’s crown jewels including IT infrastructure and applications, edge devices, networks and data in use internally. This dynamic team is responsible for the planning, implementation and management of our cybersecurity strategy that will secure the company’s IT assets in all manners.The Manager of Cybersecurity, under the supervision of the Director of Security & Compliance, will be responsible to sustain a supportive team-focused environment, which enables staff to develop and maintain sound operational practices. The candidate will be highly involved to define our cybersecurity strategy, governance, and cyber risk management that leverage industry best practices. This manager will directly and metrically interact with a strong group of Leaders and specialists to help build the capabilities, to react swiftly and to contain cyber threats effectively.RESPONSIBILITIES:• Work with stakeholders to maintain and improve our security posture, including activities to define the right processes to help to prevent, detecting and reacting to cyber-attacks for all IT and digital assets. This includes activities such as awareness, vulnerability management, monitoring, incident response, reporting and standards, etc.;• Provide guidance required by staff and users in implementing stable technical solutions;• Recruit, train, mentor and coach team members in partnership with the Manager of the team, with an end goal of retaining a workforce of the highest quality for both the team and the company;• Allocate team resources and expertise required by both operational and project-based initiatives;• Create a positive working environment for the team, which inspires high productivity and cohesive teamwork;• Demonstrate commitment to performance management and staff development through annual performance reviews, career development and training plans for team members;• Manage the delivery of effective resolutions when concerns or performance issues arise from within the team, business and support areas;• Keep abreast with technologies for which this team is responsible for;• Build and maintain effective relationships with users, peers, and vendors and service providers;• Lead and participate in projects within and across the IT division following the corporate project management methodology;• Be available for domestic and international travels.QUALIFICATIONS:• A Bachelor's Degree or Diploma in a relevant area of study with a preference for Computer Science or Computer Engineering;• Relevant professional Security Certification (e.g. CISSP, CISM);• Minimum of 8 years in Information Security in a manufacturing organization;• Experience in leading teams and large security programs in large organizations involving the implementation of security technologies including Carbon black, QRadar, Tenable, Cyberark, Symantec and others;• Strong technical knowledge on IT technology, security technology, security threats and trends; • Experience in Cloud infrastructure, Network, Operating systems, and secure software development lifecycle is a strong asset;• Knowledge around identity management, authentication is an asset; • Knowledge around data analytic platforms, specifically for information security use cases;• Demonstrated strengths in design, planning, organizing, and delegating;• Highly adaptable to operate in a rapidly changing environment;• A high degree of self-awareness and understanding of the impact on people;• Decision-making confidence;• Excellent interpersonal, verbal, and written communication skills;• Strong presentation skills, being able to present technical material to various levels of audiences within the organization.Contact: jonathan.boucherit@randstad.caRESPONSIBILITIESQUALIFICATIONS
      SUMMARY OF TASKS:The Cyber Security team plays a key role in defining, implementing and operating best in class solutions in order to protect the company’s crown jewels including IT infrastructure and applications, edge devices, networks and data in use internally. This dynamic team is responsible for the planning, implementation and management of our cybersecurity strategy that will secure the company’s IT assets in all manners.The Manager of Cybersecurity, under the supervision of the Director of Security & Compliance, will be responsible to sustain a supportive team-focused environment, which enables staff to develop and maintain sound operational practices. The candidate will be highly involved to define our cybersecurity strategy, governance, and cyber risk management that leverage industry best practices. This manager will directly and metrically interact with a strong group of Leaders and specialists to help build the capabilities, to react swiftly and to contain cyber threats effectively.RESPONSIBILITIES:• Work with stakeholders to maintain and improve our security posture, including activities to define the right processes to help to prevent, detecting and reacting to cyber-attacks for all IT and digital assets. This includes activities such as awareness, vulnerability management, monitoring, incident response, reporting and standards, etc.;• Provide guidance required by staff and users in implementing stable technical solutions;• Recruit, train, mentor and coach team members in partnership with the Manager of the team, with an end goal of retaining a workforce of the highest quality for both the team and the company;• Allocate team resources and expertise required by both operational and project-based initiatives;• Create a positive working environment for the team, which inspires high productivity and cohesive teamwork;• Demonstrate commitment to performance management and staff development through annual performance reviews, career development and training plans for team members;• Manage the delivery of effective resolutions when concerns or performance issues arise from within the team, business and support areas;• Keep abreast with technologies for which this team is responsible for;• Build and maintain effective relationships with users, peers, and vendors and service providers;• Lead and participate in projects within and across the IT division following the corporate project management methodology;• Be available for domestic and international travels.QUALIFICATIONS:• A Bachelor's Degree or Diploma in a relevant area of study with a preference for Computer Science or Computer Engineering;• Relevant professional Security Certification (e.g. CISSP, CISM);• Minimum of 8 years in Information Security in a manufacturing organization;• Experience in leading teams and large security programs in large organizations involving the implementation of security technologies including Carbon black, QRadar, Tenable, Cyberark, Symantec and others;• Strong technical knowledge on IT technology, security technology, security threats and trends; • Experience in Cloud infrastructure, Network, Operating systems, and secure software development lifecycle is a strong asset;• Knowledge around identity management, authentication is an asset; • Knowledge around data analytic platforms, specifically for information security use cases;• Demonstrated strengths in design, planning, organizing, and delegating;• Highly adaptable to operate in a rapidly changing environment;• A high degree of self-awareness and understanding of the impact on people;• Decision-making confidence;• Excellent interpersonal, verbal, and written communication skills;• Strong presentation skills, being able to present technical material to various levels of audiences within the organization.Contact: jonathan.boucherit@randstad.caRESPONSIBILITIESQUALIFICATIONS
      • Toronto, Ontario
      • Contract
      Our Public Sector Client is looking for a Technology Architect (Salesforce) to work in the GTA for a 12 month contract period, to start.If you have the following experience: Technical Skills –10+ years of experience with:· 8+ years of Salesforce.com (SFDC) systems implementation experience in architecting on multiple Salesforce Clouds with an in-depth understanding of Sales, Service, Community, Marketing and most importantly, Health Clouds· 3+ years of experience architecting technical solutions on the Salesforce platform, including experience developing Salesforce customizations (APEX), integrations, etc.· Significant technical and/or business process consulting experience, or Enterprise Architecture experience· Experience in Salesforce with end-to-end implementation, a proven track record of successful delivery of projects, preferably enterprise CRM implementations for large corporations including data management and migration· Understanding of key SFDC architectural concepts and how they influence best practices· Practical experience in Development capacity using Visualforce, APEX programming, Lightning, Force.com, APIs, JavaScript, REST, web services and other web technologies· Proven experience integrating Salesforce.com with 3rd party solutions, knowledge of integration patterns and tools· Experience in public cloud environment and security (Azure, AWS, etc.)o Knowledge of IT security solutions (Security Information and Event Management, Cloud Access Security Broker, Data Leakage Prevention, Web Application Firewall, Multi Factor Authentication, Data Rights Management, etc.)o Knowledge of cloud security capabilitieso Familiarity with industry standards, guidelines, and regulatory compliance requirements related to information security and cloud computing such as GDPR, ISO 27001, Cloud Security Alliance, NIST 800-53, PCI DSS, etc.o Ability to perform security research and document and communicate the findings of their research