A world pioneer and Canadian leader in information security, OKIOK offers a full range of services and products, including secure data transfer, encryption and identity management. Its extensive offer includes consulting services, outsourced safety management services, customized solutions and training. Among the only ones in Quebec to make research and development its cornerstone, it remains at the forefront of its sector thanks to the design of innovative solutions. With people of exceptional talent and ambition, we design innovative security solutions that reshape information security technologies and advise our client companies around the world. In a continuation of growth, OKIOK is recruiting new talent willing to join its team of professionals.
Main responsibilities :
Reporting to the Director of Professional Services, the Senior advisor in IT Security Risk Management has more than 5 years of relevant and recent experience. He acts as a cybersecurity expert on major mandates. He accomplishes his duties by, among other things, implementing tools and/or methods to ensure the maintenance and sound management of this specialization among the company's clients.
In addition to having general expertise in information security and carrying out corporate activities expected for this type of position, the consultant excels in the field of risk management.
1. Provide consulting services in IT security areas where it has specific expertise
- Coordinate and participate in the conduct of safety audits;
- Identify IT security solutions and their impacts, based on business needs;
- Implement effective protection mechanisms adapted to customer needs;
- Develop/implement security management policies, standards and processes;
- Supervise ("coach"), if necessary, the targeted stakeholders to ensure the transfer of the required technical knowledge;
- Review the content and format of all documentation submitted by a team member to ensure compliance with standards, relevant specifications and required quality ("Peer Review").
2. Support professional service management processes
- Establish, if necessary, a profile of the advisor positions to be filled;
- If necessary, conduct interviews with potential candidates for the positions to be filled;
- Participate in the preparation of service offers;
- Participate in activities related to the reception and orientation of new advisors;
- Participate in activities related to the definition of the professional services offered or to be offered by the company;
- Supervise, as required, technical resources to transfer and/or upgrade the knowledge required to meet performance expectations;
- Accompany, if necessary, the resources assigned to business development and/or other relevant internal stakeholders to support them during their interviews with clients.
3. Carry out training activities
The incumbent may, from time to time, be required to participate or conduct training activities in his/her field of expertise. In such cases, the following activities can be carried out by the advisor:
- Accompany, if necessary, the resources assigned to business development and/or other relevant internal stakeholders to support them during their interviews with clients;
- Prepare the documentation and teaching materials required to run or have run the training programmes/actions;
- Facilitate internal and external training programs/actions;
- Make any necessary changes to training programs/activities.
4. Act as an expert in IT security risk management
In addition to his general duties expected of a senior consultant, the consultant has superior expertise in enterprise IT security risk management and more specifically in the following activities and areas:
- Act as an expert in the implementation of an enterprise IT risk management methodology;
- Act as an expert in the classification of information assets;
- Identify and understand the IT security needs of clients and define the security controls that meet these needs;
- Determine the extent of impairment and the criticality of the assets;
- Participate in the deployment of security controls that meet IT security needs and requirements;
- Monitor and evaluate the performance of security controls;
- Lead and supervise the creation, adoption and maintenance of a risk management framework;
- Develop reporting processes, tools and systems;
- Participate in the creation and implementation of standards, policies and procedures;
- Recommend improvements to the organization's risk management system and standards, policies and procedures;
- Advise on best practices in cloud computing security (SaaS, PaaS, IaaS).
5. Support the Advanced Solutions and Products Department in its implementation of solutions
- Practical expertise in at least two areas of information security (CBK) including that of your specialty;
- Excellent knowledge in several areas of information security (CBK);
- Excellent knowledge of the security of cloud environments;
- Excellent knowledge of Web technologies;
- Excellent knowledge of Microsoft, Linux or Unix systems;
- Excellent knowledge of secure data transfer;
- Good knowledge of various recognized risk management methods (e.g. Octave, Méhari, Callio, etc.);
- Good knowledge of the ISO27005 standard: Risk management in information security.
- University undergraduate degree with specialization in telecommunications, computer science or equivalent;
- At least 5 years of recent experience in his specialty;
- CISSP, CISA or CISM certifications;
- Ability to interact with representatives from different backgrounds;
- Excellent organizational skills, analytical and summarizing skills;
- Ability to make quick decisions in a changing environment and to be innovative;
- Ability to write documents in a clear and structured manner;
- Ability to work in a team and act as a coach;
- Bilingualism in French and English, spoken and written.
Further information :
- Permanent full-time position;
- The advisor will work directly with our client(s) in the Greater Montreal area;
- Group insurance;
- Cell phone charges paid;
- Paid training and/or certification(s) related to the position;
- Competitive annual salary;
- Annual bonus.