Information Security (TPRM)

Job ID
891
Location
Downtown Montreal East
Role and Responsibilities
IT Unlock’s mission is to improve our client's current IT condition. We are looking for a talented Information Security (TPRM). This is permanent position. The work is done remotely until new instruction from the government and the candidate must live in Montreal. Beautiful technologies and nice challenge are waiting for you.

Missions

  • Maintain and monitor due diligence tasks for third-party vendors
  • Review vendor due diligence materials (i.e., SSAE 18 reports), identify potential issues, and follow up for unresolved issues
  • Track measure, report, and evaluate vendor performance
  • Perform information risk assessments for new vendors and critical vendors
  • Interpret, identify, and mitigate critical risks factors in a timely manner
  • Assist Department Heads and Managers with vendor selection process through information security risk review, completion of due diligence tasks and risk assessments
  • Troubleshoot all vendor problems and present to management as required
  • Provide status reports to senior management, auditors, and regulators
  • Research on industry/regulatory and cyber security issues
  • Up to date and continuing education of compliance related issues and value-added training
  • Perform ad hoc analyses and participate in special projects as needed by management
 

Profile

  • 3+ years experience in Information Security or ideally (but not preferred) Information Security Vendor Risk Management experience
  • Excellent communication skills and written communication skills
  • Proven ability to manage issues through to resolution skilled at making judgment calls
  • Ability to successfully multitask and complete difficult assignments with deadlines which may have short lead times
  • Proficient with and at least one GRC tool - Archer (preferred but not mandatory)
  • Solid understanding of common security tools (e.g., vulnerability scanners, firewalls, IDS/IPS, AV software) preferred
  • Requires strong analytical skills, problem solving skills, and project/program management skills
  • Solid training in computer disciplines such as application and data security, computer technology or software disciplines


PREFERRED EXPERIENCE

  • Demonstrated ability to perform Vendor Risk assessments through on-site visits and reviewing SSAE18s
  • Solid understanding of the banking industry’s regulatory requirements for the managing of third parties (e.g., FFIEC)
  • Experience working with legal or sourcing as part of contract design to include key provisions for Vendor Risk Management


EDUCATION/CERTIFICATIONS

  • Bachelor's degree or equivalent business experience in Computer Science, Business Management, or MS required
  • Certified training in security management, risk and compliance solutions and practices
  • CISSP, CCSP, CISA, CISM, GSEC, CRISC, or related certification(s) preferred


Skillset
Required:
• 3+ years experience in Information Security
• Great communication skills
• GRC tool - Archer (preferred but not mandatory)
• Experience with security tools (e.g., vulnerability scanners, firewalls, IDS/IPS, AV software)
• Fluent in English

Assets:
• French
• Banking experience
• Certified training in security management, risk and compliance solutions and practices
• CISSP, CCSP, CISA, CISM, GSEC, CRISC, or related certification(s) preferred
Number of positions
1
Work Experience
At least 3 years
Salary
null
Apply on Job