Security Analyst - Advisory

Summary 

The Security Analyst in the Advisory Team is responsible for the service delivery in alignment with the cybersecurity assessment (CSA) methodology and processes. The Security Analyst will assist in the delivery process of mandates within a defined timeframe and respecting the allocated budget.

Duties and responsibilities

• Conduct cybersecurity assessments and technological security reviews and provide advice and consultation.
• Apply the methodology for cybersecurity assessment and follow the processes for service delivery defined by GoSecure.
• Assist clients in strategic risk management to help them manage risk to the desired level.
• Analyze client requirements and provide custom advice in alignment with GoSecure’s methodology, best practices, and industry standards.
• Analyze complex problems, develop, and deploy conceptual and creative solutions aligned with the GoSecure’s methodology and services.
• Provide guidance and support to clients in designing and implementing strategic and technological information security controls in alignment with the GoSecure’s methodology, best practices, and industry standards.
• Lead meetings, chair conference calls, action follow-ups, and proactively interact with clients to move projects forward to completion.
• Create professional reports for clients that detail assessment findings and remediation options.
• Prepare technical documentation within the Advisory Team, as required.
• Provide subject matter expertise as required.
• Share knowledge with the team members
• Contribute to the collaborative and stimulating work environment
• Work with multiple clients on a number of projects. 

Qualifications

• 3+ years of experience in a combination of risk management, compliance, information security and IS or IT jobs.
• Relevant experience with PCI DSS standard would be an asset
• Demonstrated ability to apply IS/IT-related knowledge and experience in solving complex cyber security problems.
• Bachelor’s degree in the field of Computer Science, Information Technology, Information Security, or related vocations and/or equivalent education/experience.
• Strong technical, analytical, interpersonal, communication and writing skills.
• Ability to work both independently and within a global team environment.
• Self-starter, quick-learner, and pro-active problem-solving skills.
• Effective organization, follow-up and time management skills.
• Demonstrated strength in working in a high change environment.
• Ability to develop and foster strong relationships with technology and business stakeholders.
• Effective team collaboration plus the ability to coach and mentor others.
• Strong personal characteristics as demonstrated by the following: achievement-oriented, self-controlled, self-confident, flexible, approachable, and dedicated.
• Bilingualism (French and English) is preferred.
• Industry standard certifications (CISSP, CISA, ISO 27001 Lead Implementer/Auditor, CISM, CRISC or CCSP) is a plus.
• Knowledge of Information Security risk practices, frameworks and how to report on them is a plus.
• Knowledge of Information Security Governance and Compliance frameworks is a plus.
• Knowledge of various industry standards and frameworks including ISO/IEC 27000 series, CIS, NIST Special Publications, Risk Management methodologies, and security evaluation methodologies is a plus.
• Previous experience in risk management is a plus.