Public Cloud Security Analyst

Job ID
1005
Location
Montreal downtown
Role and Responsibilities
IT Unlock’s mission is to improve our client's current IT condition. We are looking for a talented Public Cloud Security Analyst. This is a permanent position. The work is done remotely until new instruction from the government and the candidate must live in Montreal. Beautiful technologies and nice challenge are waiting for you.


Missions

 
  • Perform detailed cloud architectural and cloud infrastructure reviews including reviewing cloud configuration vs best practices and/or standards (e.g. CIS).
  • Perform in depth technical reviews from an application security perspective, typically involving Cloud Providers using a standard methodology such as OWASP.
  • Leverage industry frameworks such as CCM, NIST etc to ensure a robust cloud framework.
  • Help develop and build a framework to ensure a repeatable cloud review process.
  • Assist in Vendor risk assessment reviews, in particular 4th party cloud reviews however also review AWS and Azure Third Party risks including completion of due diligence tasks and risk assessments.
  • Highly collaborative position required to gather stakeholder input to ensure reviews reach a consensus – including Internal Audit, 2LOD, Global teams (mainly in Paris and / or Bangalore).
  • Perform ad hoc analyses and participate in special projects as needed by management.
 

Profil

 
  • 7+ years demonstrable experience in a role performing technical analysis with an Information Security component ideally with a focus on Application Security Risks (ideally OWASP) experience with a focus on Cloud Providers.
  • 5+ years experience with knowledge of configuration and networking from a Public Cloud perspective with hands on experience of AWS, MS Azure or Google cloud.
  • Experience with Third Party Risk Management is preferred but not required – in particular cloud providers using IaaS, PaaS or SaaS and ideally in AWS, Azure or GCP
  • Experience with compliance frameworks and applicability to cloud for example CCM, NIST, FFIEC, NY DFS.
  • Experience with technical architecture in cloud - CIS or other benchmark and configuration preferred.
  • Direct experience performing information security risk assessments Cloud applications and Cloud architectures. 
  • Experience of vendors risk assessments – particularly CSPs such as Azure of AWS. Interpret, identify, and mitigate critical risks factors in a timely manner. Track measure, report, and evaluate vendor performance using a risk-based approach.
  • Requires strong analytical skills, problem solving skills, and project/program management skills.
  • Solid training in computer disciplines such as application and data security, computer technology or software disciplines.
  • Demonstrated ability to perform Vendor Risk assessments through on-site visits and reviewing SSAE18s.
  • Solid understanding of the banking industry’s regulatory requirements for managing third parties (e.g., FFIEC).
  • Experience working with legal or sourcing as part of contract design to include key provisions for Vendor Risk Management.
  • Excellent written and verbal communication skills.
  • Proven ability to manage issues through to resolution skilled at making judgment calls.
  • Ability to successfully multitask and complete difficult assignments with deadlines which may have short lead times.

EDUCATION/CERTIFICATIONS

  • Bachelor's degree or equivalent business experience in Computer Science, Business Management, or MS required.
  • Certified training in transversal technical topics, security management, risk and compliance solutions and practices.
  • CISSP, CCSP, CISA, CISM, GSEC, CRISC, or related certification(s) preferred.
  • AWS or Azure or GCP certification.


Skillset
Required:
- 7+ years in analysis in Application Security Risks (ideally OWASP)
- 5+ years in configuration and networking from a Public Cloud (AWS, MS Azure or Google cloud)
- CCM
- NIST
- FFIEC
- NY DFS
- Security risk assessments Cloud applications and Cloud architectures
- Vendors risk assessments – particularly CSPs such as Azure of AWS
- Vendor Risk assessments through on-site visits and reviewing SSAE18s
- Banking industry’s regulatory (FFIEC)
- Enligsh
- OK for permanent
- OK to live in Montreal

Assets:
- Third Party Risk Management (IaaS, PaaS or SaaS and ideally in AWS, Azure or GCP)
- Architecture in cloud - CIS or other benchmark and configuration
- CISSP, CCSP, CISA, CISM, GSEC, CRISC, or related certification(s)
- AWS or Azure or GCP certification.
Number of positions
1
Work Experience
At least 7 years
Salary
null
Apply on Job