Our business partner is a service provider specializing in the development and delivery of real-time technology solutions for the commodities, capital and financial services markets. They are looking for a Risk Compliance and Security Officer that can support the organization in enhancing its cybersecurity by incorporating industry best practices, training its staff and implementing appropriate security technologies.Responsibilities
- Assist in the management and implementation of the firm’s compliance and regulatory policies, procedures and ensure compliance with applicable laws and regulations;
- Create security control framework;
- Review current IT and Security policies and document missing policy;
- Assess our client's current maturity in term of security and regulatory compliance and suggest path to improve;
- Produce roadmap for getting ISO27001 and SOC2 certification;
- Develop and maintain our client's security policies, procedures, standards and guidelines;
- Supports Internal and External Audit activities;
- Tracks and reports on any audit remediation activities;
- Monitors completion of corrective action plans for issues identified;
- Create/suggest personnel training (OWASP, IT, etc.);
- Manage regulatory and security audits, including providing responses and developing corrective action plans;
- Respond to client inquiries on compliance issues or documentation;
- Identify possible security threats for our managed service and create a remediation plan;
- Participate in incident response and post-mortems;
- Help maintain and operate dynamic scanning processes for our client's products and systems;
- Provide leadership for Security technology and processes that include intrusion detection, incident handling, processing, DLP, IAM and vulnerability assessments;
- Review current technology and information policies and practices for continued applicability and effectiveness with respect to security and governmental compliance;
- Continue the integration of security as a key component of the corporate culture;
- Provide support and guidance on governance, approaches, methods, and tools for new project implementation and/or new service acquisition to ensure that Security and Compliance policies and procedures are followed and/or updated and/or new ones to be developed.
- Experience with Amazon Web Services, Google Cloud Platform, Docker and similar cloud technologies;
- European and American financial regulation;
- Security certifications (CISSP, etc.) will be considered, but are not required.
- As soon as possible;
- Bilingual (English and French);
- For at least 6 months full time (37.5 hours per week)
- Downtown Montreal.
Julie Vincent, c.o. org.
Responsable des ressources humaines
450 681-1681 poste 223