Cybersecurity Analyst

Partenaire technologique des grandes entreprises depuis 1979, le Groupe SII est au cœur de l'économie de l'innovation avec 16 000 collaborateurs, une présence internationale dans 20 pays, et un chiffre d’affaires supérieur à 1.621 milliards de dollars canadiens. 

SII Canada offre à ses clients une expertise technique avancée dans les domaines du développement applicatif, Web et Mobile, de la Cybersécurité et du Cloud. Nous intervenons également en Ingénierie, particulièrement sur les systèmes embarqués dans divers secteurs industriels. Notre ambition : faire évoluer les systèmes d’information et contribuer à la création des produits et services de demain pour nos clients.

En tant qu’entreprise de consultation en TI basée au Québec, SII Canada opère dans un environnement mondial où l’anglais est essentiel. Cette offre d’emploi est publiée en anglais pour souligner l’importance de cette langue dans nos opérations quotidiennes. Nous restons dédiés à la promotion et au respect de la langue française au sein de notre entreprise.

Missions:
About the job: 

As a division of the Global Chief Operating Office (GCOO), the Global Technology Services (GTS) department supports the IT infrastructure services. GTS’ mission is to provide the group’s business divisions with secured infrastructures. This includes, but is not limited to, hosting business applications, offering cloud solutions, and managing connectivity and digital workplace requests, all while contributing to the group’s digital transformation efforts.

The Application Security Analyst leads technical Information Security assessments with a strong focus on application security, in particular cloud security principles. The position is hands-on and requires a solid knowledge of technical application security principles and ideally cloud security concepts. The role also involves analyzing entity level risk of Third Parties.

Technical Stack

CISSP| CCSP| CISA| CTPRA| 

What will be your day-to-day?

The Application Security Analyst is a part of the Cyber Threat Defense (CTD) Team, which is responsible for managing security posture in the dynamic cybersecurity and cloud security threat environment. As such this function must be proactive with regard to changes in threats, environment and industry trends, as well as respond to known issues and incidents. The position is responsible for identifying and tracking risks related to the bank’s vendors and external partners which would include major Cloud Providers, for example Microsoft Azure and Amazon Web Services (AWS).

The ideal candidate is proactive and has a successful track record executing Information Security assessments, ideally of Third Parties or of Cloud Providers. More specifically, this position must understand the holistic footprint of a vendor in terms of risks across multiple value chains to assess the impact on cyber resilience. This position is transversal and requires strong collaboration across the organization regionally in the Americas (e.g., with the 2nd Line of Defense, Application Security Engineering, IT Risk Management).

 
Profile:
Essential job functions: 

  • Perform application security reviews, typically involving Cloud Providers using a standard methodology such as OWASP
  • Perform information security risk assessments for new vendors and critical vendors. Interpret, identify, and mitigate critical risks factors in a timely manner. Track measure, report, and evaluate vendor performance using a risk-based approach
  • Perform ad hoc analyses and participate in special projects as needed by management

Education/certifications knowledge and experience:

  • 5+ years demonstrable experience in a role performing technical analysis with an Information Security component ideally with a focus on Application Security Risks (ideally OWASP) experience with a particular focus on Cloud Providers
  • 5+ years' experience with technical security concepts such as networking, LINUX/UNIX,
  • Windows or CITRIX. Ideally with knowledge of networking from a Public Cloud perspective with hands on experience of AWS, MS Azure or Google cloud
  • Strong understanding of the Shared Assessment methodology
  • Solid understanding of security tools (e.g., vulnerability scanners, firewalls, IDS/IPS, AV software) preferred
  • Requires strong analytical skills, problem solving skills, and project/program management skills
  • Solid training in computer disciplines such as application and data security, computer technology or software disciplines
  • Demonstrated ability to perform Vendor Risk assessments through on-site visits and reviewing SSAE18s
  • Solid understanding of the banking industry’s regulatory requirements for managing third parties (e.g., FFIEC)
  • Experience working with legal or sourcing as part of contract design to include key provisions for Vendor Risk Management
  • Excellent written and verbal communication skills both French and English
  • Proven ability to manage issues through to resolution skilled at making judgment calls
  • Ability to successfully multitask and complete difficult assignments with deadlines which may have short lead times

 Education/certifications

  • Bachelor's degree or equivalent business experience in Computer Science, Business Management, or MS required
  • Certified training in transversal technical topics, security management, risk and compliance solutions and practices
  • CISSP, CCSP, CISA, CTPRA, or related certification(s) preferred

Langage:

  • English
  • French (asset)  

Partagez
cette annonce

LinkedIn sur LinkedIn Email par Mail

Découvrez

Let’s Tech Together

+
Logo