A world pioneer and Canadian leader in information security, OKIOK offers a full range of services and products, including secure data transfer, encryption and identity management. Its extensive offer includes consulting services, outsourced safety management services, customized solutions and training. Among the only ones in Quebec to make research and development its cornerstone, it remains at the forefront of its sector thanks to the design of innovative solutions. With people of exceptional talent and ambition, we design innovative security solutions that reshape information security technologies and advise our client companies around the world. In a continuation of growth, OKIOK is recruiting new talent willing to join its team of professionals.
Main responsibilities :
Reporting to the Director of Professional Services, the Senior Information Security Governance Advisor has more than 10 years of relevant and recent experience in information security, with a particular focus on governance and compliance with recognized information security standards. He acts as an information security expert on major mandates. He accomplishes his duties by, among other things, implementing tools and/or methods to ensure the maintenance and sound management of this specialization among the company's clients.
In addition to having general expertise in information security and carrying out corporate activities expected for this type of position, the consultant excels in the field of compliance with several recognized security standards such as PCI, GDPR, HIPPA, ISO2700x, SOX, etc.
1. Provide consulting services in IT security areas where it has specific expertise
- Provide consulting services in IT security areas where it has specific expertise
- Coordinate and participate in the conduct of safety audits;
- Identify IT security solutions and their impacts, based on business needs;
- Implement effective protection mechanisms adapted to customer needs;
- Develop/implement security management policies, standards and processes;
- Coach, if necessary, the targeted stakeholders to ensure the transfer of the required technical knowledge;
- Review the content and format of all documentation submitted by a team member to ensure compliance with standards, relevant specifications and required quality ("Peer Review").
2. Support professional service management processes
- Establish, if necessary, a profile of the advisor positions to be filled;
- If necessary, conduct interviews with potential candidates for the positions to be filled;
- Participate in the preparation of service offers;
- Participate in activities related to the reception and orientation of new advisors;
- Participate in activities related to the definition of the professional services offered or to be offered by the company;
- Supervise, as required, technical resources to transfer and/or upgrade the knowledge required to meet performance expectations;
- Accompany, if necessary, the resources assigned to business development and/or other relevant internal stakeholders to support them during their interviews with clients.
3. Carry out training activities
The incumbent may, from time to time, be required to participate or conduct training activities in his/her field of expertise. In such cases, the following activities can be carried out by the advisor:
- Accompany, if necessary, the resources assigned to business development and/or other relevant internal stakeholders to support them during their interviews with clients;
- Prepare the documentation and teaching materials required to run or have run the training programmes/actions;
- Facilitate internal and external training programs/actions;
- Make any necessary changes to training programs/activities.
4. Act as an expert in governance and compliance with information security standards
In addition to his general duties expected of a senior advisor, the advisor has superior expertise in governance and compliance with recognized corporate security standards (e. g. PCI, ISO27001, NERC). The senior advisor may be involved in one or more of the following activities:
- Develop, review and implement security policies;
- Assess the maturity of security controls and identify gaps;
- Support the implementation of initiatives (frameworks, security IT environments, etc.);
- Conduct maturity audit of information security controls (NIST or other);
- Carry out pre-certification audits;
- Advise and support the client(s) in his post-audit steps to maintain the expected level of compliance;
- Act as an expert in the implementation of adequate management of compliance with an information security standard;
- Define the strategic orientations of compliance projects;
- Implement and coordinate workshops with key stakeholders (strategy, issues and project governance);
- Conduct gap analyses to measure the level of compliance;
- Define the action plans necessary to achieve compliance;
- Manage compliance projects or specific interventions in support mode.
5. Support the Advanced Solutions and Products Department in its implementation of solutions
- Practical expertise in at least two areas of information security (CBK) including that of your specialty;
- Excellent knowledge in several areas of information security (CBK);
- Excellent knowledge of several security standards such as NIST 800-xx, PCI, CSA, C2M2, CoBIT x, GDPR, HIPPA, ISO2700x, SOX;
- Good knowledge of the security of cloud environments;
- Good knowledge of Web technologies;
- Good knowledge of Microsoft, Linux or Unix systems;
- Good knowledge of secure data transfer.
- University undergraduate degree with specialization in telecommunications, computer science or equivalent;
- At least 10 years of recent experience in his specialty;
- CISSP, CISA or CISM certifications;
- Ability to interact with representatives from different backgrounds;
- Excellent organizational skills, analytical and summarizing skills;
- Ability to make quick decisions in a changing environment and to be innovative;
- Ability to write documents in a clear and structured manner;
- Ability to work in a team and act as a coach;
- Bilingualism in French and English, spoken and written.
Further information :
- 3 permanent full-time positions to be filled as soon as possible;
- The advisor will be called upon to visit OKIOK's client(s) in the Greater Montreal area to work on various mandates/projects;
- Possibility of tele-work according to the nature of the mandate/project;
- Group insurance;
- Cell phone charges paid;
- Paid training(s) and/or certification(s) related to the position;
- Competitive annual salary;
- Annual bonus.
Julie Vincent, c.o. org.
Gestionnaire des ressources humaines
450 681-1681 poste 223