This job board retrieves part of its jobs from: Emploi Trois-Rivières | Emploi Saint-Jérôme | Work From Home

The best job offers in Canadian territory

To post a job, login or create an account |  Post a Job

  MNCV JOBS  

Bringing you new job offers in Canada every single day

previous arrow
next arrow
Slider

Alltech Consulting Services, Inc.: Cyber Security Testing

Alltech Consulting Services, Inc.

This is a Full-time position in Montreal-Est, QC posted May 27, 2021.

Position Overview Job title Cyber Assessment Program Specialist Technology Control Testing Specialist Team Profile The Cyber Assessment Program is a 1LOD function focused on assessing the companyrsquos cyber security posture through the lens of the CRI Cyber Profile (formerly FSSCC Profile).

This program partners with various stakeholders to ensure that objectives of the assessment are met.

As a result of the recent acquisition of ETRADE by the company, the Cyber Assessment Program is expanding assessment coverage to include ETRADErsquos cyber posture.

Primary Responsibilities The rolersquos responsibilities include Conduct risk assessment using CRI Cyber Profile (formerly known as FSSCC Profile) Coordinate time-bound reviews with a number of stakeholders and escalate issues and concerns in a timely manner Establish timeline, coordinate working sessions, perform follow-ups, document findings, and collect evidence for controls Communicate and work with various levels of management to provide regular reporting on progress Build strong positive relationships with the ETRADE Information Security Risk community, Internal Audit, Operational Risk Department, and Risk Officers Deliver program specific communications to stakeholders on risk and control related matters e.G.

technology and information security governance forums Prepare documentation of identified risks and issues for reporting in centralized issue risk tracking applications Experience Working knowledge of key Technology and Information Security concepts e.G.

data classification, protection, policies, governance, privacy, security assessment tools Understanding of the NIST principles and key concepts related to risk assessment, controls and testing Engages in process-based thinking to effectively obtain, analyze and interpret information, identify root causes of problems, and draw the appropriate conclusions Working knowledge of technology applications and infrastructure (e.G., server, network, platform desktop environment) and ability to identify and validate risk and controls Understanding of the relevant local technology risk regulations and the associated application to a financial services business Desired Skills and Competencies Excellent written and verbal communication skills Experience with the CRI Cyber Profile or FFICE Cyber Assessment Tool Good organizational skills a high degree of attention to detail and ability to manage multiple priorities BusinessProduct Knowledge Familiarity and experience with electronic trading platforms is a strong plus, but is not required Education, Background Experience Required Education Bachelor’s degree A minimum of 5 years of relevant risk experience from roles in any of the following Audit (internal or external) Risk Officer Information Security Officer Technology Risk Governance Risk Assessment (e.G., RCSA) Control Testing (e.G., SOX) Information Security IT Security (e.G., Entitlements Management, Segregation of Duties, Threat Management, Penetration Testing, Strategy) Regulatory (e.G., working as a financial services regulator or having experience dealing with regulators) Technology Information Security Policy Procedures ProcessRiskControl Frameworks, e.G., COBIT Qualifications Desired Certifications Attainment of the following certifications is a strong plus, but not required Certified Information Systems Auditor (CISA) Certified in Governance for Enterprise IT (CGEIT) Certified Internal Auditor Certified Information Security Manager (CISM) Certified Information Systems Security Professional (CISSP) Certified in Risk and Information Systems Control (CRISC) ISO 27001 Auditor