10 jobs found for cyber

As a SOAR security analyst-programmer, your mission is to collect automation needs from operational teams (Monitoring, Detection and Response), understand them, analyze them, and develop the appropriate modules in the orchestration system. SOAR. Main responsibilitieso Needs analysiso Linkage with stakeholders (Direct work with the various security teams)o Popularization of needs and requirements in terms of processes and toolso Continuous delivery developmento Automation of use cases and processesRequired profileA minimum of six years of relevant experienceBe familiar with the project and operational environmentBe resourceful, proactive, autonomous and think outside the boxGood interpersonal skills, knowing how to take the initiative to contact stakeholders to ensure a good understanding of needsAbility to analyze needsManage uncertainty and ambiguity in a constantly changing environment Specific knowledgeExperience with the Python language for building complex systemsUnderstanding of cyber defense concepts and the different teams involvedExperience in security analysisKnowledge of REST APIKnowledge of security tools and experience using security APIsKnowledge of IBM Resilient and QRadar tools or other SOAR and SIEM systems (an asset)Knowledge of advanced level English, both oral and writtenAdvantages____________________________________________________________________________________Responsibilities____________________________________________________________________________________Qualifications____________________________________________________________________________________Summary____________________________________________________________________________________

You will act as SME (Subject Matter Expert) of a critical security platform for the Bank within the cloud security team.You will be the security expert for the CASB platform in order to maintain and participate in the evolution of cloud security policies, and you will have to collaborate with the various security, IT and business experts of the company. Your job will consist of identifying the business needs of the security services related to the various Web / Cloud Application services, and ensuring the proper functioning and evolution of the CASB platform.More details about your role:• Study the security needs related to the different Cloud / Web Application service accesses. • Set up and maintain the various protection rules in the CASB.• Contribute to the mitigation and resolution of security incidents.• Perform assessments and research on threats, vulnerabilities and risks related to our multi-cloud SaaS cloud environment.• Develop integration and operationalization procedures.• Implementation of scripts to automate security controls.• Guide the various IT and security teams on best practices and governance strategy for SaaS Cloud security.• Support and Operationalize the CASB Platform• Keep abreast of current industry trends in security and impart knowledge and best practices to all levels of the organization.• Continuously update the service documentation.• Participate in the development of dashboards, reports and KPIs.• Creation and management of usage report / statistics of the various Cloud services.REQUIREMENTS• Bachelor's degree in computer engineering, or a related field. A minimum of 5 years of experience with technologies and experience with cloud solutions.• A minimum of 3 years of experience in the implementation and automation of tools and technologies related to security development operations.• In-depth knowledge of operational cybersecurity, data protection techniques and cloud security.• Knowledge of cloud technologies (SaaS and CSP: AWS, Azure, GCP); • Knowledge of CASB and CSPM solutions.• Knowledge of network, routing and DNS infrastructures • Definition and identification of various critical data: PCI, PII • With a Cloud Certification (Ex: AWS and / or Azure Solutions Architect) and other certifications related to security such as CISSP and SSCP is an advantage.• Experience in an operations development environment and in maintaining security in continuous integration and delivery pipelines.• Proficiency in the command line interface and / or at least one programming language, such as Python, PowerShell, Bash, C / C ++.• Design of Tables, alerts and reports via tools like PowerBI, Splunk is an asset.SKILLS• Team player and good communication skills.• Ability to easily present the project to different resources (Technical and non-technical).• Sense of leadership, responsibility and responsiveness.• Great professional ethics and pragmatic spirit.• Strong ability to offer solutions.• Good communication and risk communication skills • French / English bilingualism.Advantages_______________________________________________________________________________Responsibilities_______________________________________________________________________________Qualifications_______________________________________________________________________________Summary_______________________________________________________________________________

We're looking for a Manager of Governance, Risk, & Compliance (GRC) to join our team in a permanent full-time capacity.This role is 100% work at home. Our ideal candidate has experience with ISO 27001. The Governance, Risk and Compliance Manager will be an integral member and leader within the information security team, responsible for overseeing strategic initiatives. Core responsibilities include creating and leading projects that enhance the organization’s governance program, participate in themanagement of the organization’s technical risks and oversee the organization’s compliance with industry regulations. As a pivotal member of the Information Security team, this individual will work closely with the CISO as well as large stakeholders across the firmto discuss and enable a better understanding of large-scale cybersecurity issues.AdvantagesWorking with a team who is dedicated to creating the best security framework in the industryResponsibilitiesLeadership - Assist the CISO in creating long term security strategies, as well as roadmap various governancemodels- Oversee information security policies and ensure that they meet both internal and external requirementsof the industry- Identify information security issues/risks and design mitigation methods to appropriately handle them- Leverage technology to streamline process of managing GRC across the enterprise- Partner with other team’s across the organization to discuss pertinent GRC issues- Develop new policies and risk reports that are based on frameworks specified by the firm- Keep up with ongoing trends and changes within the GRC community, and make sure that the client is up to date with the latest relevant methods and practices- Work with management and executives to develop the business case and define the GRC strategic vision, objectives, roadmap, milestones and financial plans/budget.- Develop and oversee GRC program methodology, policies, procedures and tool-kits required.- Work collaboratively with business units and/or function head/leaders to:o Develop, update and/or align their policies, procedures, enterprise taxonomies, and other data-setsnecessaryo Participate and lead meetings with business stakeholders to understand operational businessprocesses, identify areas of opportunities and/or improvement through GRC transformation.o Capture and translate business requirements (operational, monitoring and reporting) to technicaland functional requirements.- Plan, prepare and review deliverables in various forms including written reports, presentations andmeeting discussions with both internal and external parties.Qualifications10 years of experience working with IT Governance, Risk and ControlsImplemented an ISO 27001 program- Achieved ISO 27001 certification for an organization- Developed or worked in security service-oriented framework/program- Strong experience working and managing a controls objective framework- Experience in leading or managing large complex transformation and capacity building projects.- Strong experience in governance, audit, risk, compliance, cyber, and policy management. SME in drafting policies, procedures, and RACI matrices- Experience managing compliance of policies- Experience with GRC/IRM technology solutions such as (e.g. RSA Archer, ServiceNow, MetricStream, Refinitiv, OpenPages, etc.).- Strong knowledge in project management and technology implementation methodologies and lifecycles.- Professional security management certifications are highly preferred (ie. CISSP, CRISC).- Understanding of the NIST and ISO framework as well as other associated cybersecurity standards.- Bachelor’s degree in a field related to one or more of the following fields: Governance, Cybersecurity, Privacy, Risk Management, Business- Designation (if applicable): One or more relevant security certifications (CISA, CISSP, CPA, CISM, CRISC, GSNA, GCCC)SummaryFor immediate consideration please send your resume to merin.george@randstad.ca with the subject title "Manager of Governance, Risk, Compliance "

Position title: Information Security Risk and Compliance AnalystPlease note, focus will be on Cyber Governance and Risk. Having worked with Cloud based technology will also be highly preferred.Mandate description: The ISM Risk and Compliance Analyst's main mandate is to identify, assess, and report on information security risks in accordance with company's risk management practices. Evaluate the risks and controls in place while following relevant frameworks and standards (e.g. ITIL, COBIT, NIST CSF, PCI DSS, ISO27001) and define remediation plan to mitigate the identified risks. Identify gaps in IT compliance control and supervise the documentation, implementation and tests for the entire IT compliance control portfolio.Level of experience:Intermediate Years of experience: 5+Must have requirement(s):​Bachelor's degree in Computer Science, Information Security or equivalent experience5+ years of relevant work experience in information security.Strong knowledge of information security risk management and compliance principles in some of the following Information Security areas: Security Architecture, Application Security, Cloud Security, Identity and Access Management, Network Security, Third Party Risk Management, Security Assessment and Testing, Security OperationsTechnologies required:​Security tooling / GRC Platform; Microsoft 365/Azure; Amazon Web ServicesOther requirements:​Excellent oral and written communication skillsStrong ethical principles and understanding of business and information security ethicsExperience working in the financial / insurance industry an assetCertification and/or experience:One or more of the following certifications would be a considerable asset:CISSP, CISA, CISM, CRISC, PCI-DSS QSAAdvantagesThis role will be remote and while the hiring manager is located in Vancouver, he has teams all across Canada in Montreal and Toronto and is happy to have this consultant work in either of the three locations. There will be 2 positions and maybe even a 3rd one needed.ResponsibilitiesMandate description: The ISM Risk and Compliance Analyst's main mandate is to:Identify, assess, and report on information security risks in accordance with company's risk management practices. Evaluate the risks and controls in place while following relevant frameworks and standards (e.g. ITIL, COBIT, NIST CSF, PCI DSS, ISO27001) and define remediation plan to mitigate the identified risks. Identify gaps in IT compliance control and supervise the documentation, implementation and tests for the entire IT compliance control portfolio.QualificationsLevel of experience:Intermediate Years of experience: 5+Must have requirement(s):​Bachelor's degree in Computer Science, Information Security or equivalent experience5+ years of relevant work experience in information security.Strong knowledge of information security risk management and compliance principles in some of the following Information Security areas: Security Architecture, Application Security, Cloud Security, Identity and Access Management, Network Security, Third Party Risk Management, Security Assessment and Testing, Security OperationsTechnologies required:​Security tooling / GRC Platform; Microsoft 365/Azure; Amazon Web ServicesOther requirements:​Excellent oral and written communication skillsStrong ethical principles and understanding of business and information security ethicsExperience working in the financial / insurance industry an assetCertification and/or experience:One or more of the following certifications would be a considerable asset:CISSP, CISA, CISM, CRISC, PCI-DSS QSASummaryMandate description: The ISM Risk and Compliance Analyst's main mandate is to:Identify, assess, and report on information security risks in accordance with company's risk management practices. Evaluate the risks and controls in place while following relevant frameworks and standards (e.g. ITIL, COBIT, NIST CSF, PCI DSS, ISO27001) and define remediation plan to mitigate the identified risks. Identify gaps in IT compliance control and supervise the documentation, implementation and tests for the entire IT compliance control portfolio.