Information Security & Control Analyst II

3-5 Years Experience

We are looking for an Information Security Analyst II to join our dynamic team. You will be responsible for advising and assisting our clients in managing risks related to information systems, implementing security processes, ensuring regulatory compliance, and protecting sensitive data.

Main Tasks And Responsibilities

• IT Risk Assessment and Management:
• Analyze and evaluate risks associated with clients' information systems, particularly risks related to sensitive data and cloud infrastructures.
• Propose strategies to minimize risks and enhance information system security.
• Conduct vulnerability assessments to identify weaknesses in existing systems.
• Assess the current IT environment to identify risks and areas for improvement.
• Participate in disaster recovery and business continuity planning.
• Security Operations Center (SOC) Management:
• Contribute to optimizing SOC processes to monitor and respond to security incidents in real time.
• Track alerts and incidents, conduct investigations to determine their origin and impact.
• Provide recommendations to improve security incident detection and response processes.
• Compliance and Standards Management:
• Assist clients in achieving compliance with applicable regulations (GDPR, Law 25, PCI-DSS, ISO 27001, etc.).
• Guide clients on best practices in governance, security, and compliance.
• Perform internal compliance audits and recommend corrective actions in case of non-compliance.
• Personal Data Protection:
• Help clients implement processes and tools to ensure data confidentiality and security in compliance with local and international laws (e.g., GDPR, PIPEDA, Law 25).
• Implement data privacy management strategies and advise on security measures such as encryption and anonymization.
• Incident and Crisis Management Consulting:
• Provide support in the event of major security incidents or data breaches by participating in analysis, response, and resolution.
• Assist in developing business continuity and incident management plans to minimize operational impact during crises.
• Security Training and Awareness:
• Design and deliver training sessions and workshops on IT risks, cybersecurity, compliance, and data protection.
• Raise awareness among clients' internal teams about risk management and information system security.
• Technology and Regulatory Monitoring:
• Stay up to date with the latest cybersecurity trends, emerging threats, and legislative changes related to privacy and data protection.
• Provide strategic recommendations to anticipate regulatory and technological developments.
• Reporting and Recommendations:
• Prepare detailed reports on risk assessments, compliance, security incidents, and remediation measures.
• Provide actionable recommendations to improve information system security and ensure process compliance.
  
  

Required Skills

• University degree in computer science, information security, risk management, or a related field.
• 3 to 5 years of experience in a similar role (cybersecurity consulting, IT risk management, compliance, data protection).
• Strong knowledge of security standards (ISO 27001, NIST, PCI-DSS) and data protection regulations (GDPR, Law 25).
• Experience with SOC tools, security incident management, and log analysis.
• Excellent oral and written communication skills in French and English.
• Security certifications (CISA, CompTIA, etc.) are a plus.
  
  

Skills: it security,compliance,vulnerability assessment,information security,it risk assessment,incident management,security training,it asset management,data protection,security operations center (soc),security standards,cybersecurity,data privacy management,risk management