Mandate description:
- Working on third party risk management framework and Third party risk assessment Under Cyber Supply Chain risk management functional experts team (CGRC)
- Support to legal contract negociation and review - Security sets of specific obligations
...
- Review and assess Security attestations from third party - ISO 27001 certificate, SOC 2 Type2, or other industry attestation/certification that they might have
- Follow-up on Issues remediation and assessment of security compensatory controls
Contact us : Jessica Tanguay
Advantages
Location: Montreal, QC (2020), Toronto, ON, Saint-Hyacinthe, QC (Depending on the consultant's location, he or she will have to come into the office 2x a week. )
Start Date: 2024-02-05
End Date: 2024-08-02
Languages spoken and written: English only or Bilingual - 80% of the contract is in english very imp.
Level of experience: Senior
Years of experience: 10 +
Criminal and Credit background check (Randstad)
Laptop provide
Responsibilities
What you'll do :
- Act as an expert to continuously identify, monitor and respond to applicable Third-party risk management framework requirements.
- Develop, implement, and enhance programs that monitor, measure, analyze and report on Third party risk exposures across all business areas and compare against the organization risk appetite.
- Act as a subject matter expert role in various Third-Party risk management governance by providing security expertise, facilitating collaboration, and performing Third-Party Risk Assessment for acquisition that hold existing and new contracts with Intact.
- Being an active part of Third-party risk management functional experts’ team and support the CGRC, Cyber Governance, Risk and Compliance teams to ensure synergy and momentum among teams internally.
- Act as an expert to continuously maintain by verifying the security key controls and Industries best practices when assessing Third Parties.
- Act as a subject matter expert working in major innovative projects and with Third-party where Third Party risk assessment and security key control are needed to be assess.
- By working independently, conduct various Third-Party risk assessments for circumstances, events or risk scenarios that can potentially impact Intact security posture and/or risk profile.
- Creating and delivering comprehensive risk reports to provide detailed insights of the current state of the organization’s Third-Party Cyber associated risks landscape.
- Act as an expert in Cybersecurity Third Party Risk management for the development of TPRM modules and content within a GRC platform.
- Act as an expert to support the Information security functions to identify, develop, measure, maintain and report on KRIs.
- Remain vigilant to evolving industry cybersecurity solutions and services to ensure constant protection against ongoing and emerging threats.
Qualifications
Minimum requirements:
Bachelor’s degree in information security and/or technologies, or equivalent education and experience
10+ years of relevant work experience in Information Technology and 8+ years of relevant work experience in cyber security frameworks such as those published by guiding organizations (NIST, SANS, ISO etc.). Ability to translate framework to practical advice an assessment.
Knowledge of prevalent industry standards (ISO 27001/27002, SOC 2, SOC 1, NIST, CIS, COBIT)
Strong knowledge of information security management principles and practices. Preference will be given to those candidates who have a strong background in Cloud related technologies and Cyber Governance and Risk experience.
Strong ethical principles and understanding of business and information security ethics.
Good knowledge of common security vulnerabilities of web and cloud applications and operating techniques from sources such as SANS, OWASP Top 10 and Cloud Security Alliance (CSA).
Technical designations such as CISSP, CRISC, CISA preferred.
Good mix of business and technical capabilities, and the ability to communicate on current cyber risk issues to management within the context of their business.
Clear and articulate written and verbal communication skills.
Ability to develop and manage relationships, good facilitation, and delivery skills.
The ability to work on several projects, meet deadlines and manage stakeholder expectations.
A demonstrated commitment to valuing differences, developing, diverse stakeholders.
These certifications would be desirable: CISSP, CISA, CISM, CGEIT, CRISC, GSEC, GISP
Excellent oral and written communication skills (English and French preferred).
Experience with the implementation and knowledge of GRC platforms will be considered an asset.
Summary
Contact us : Jessica Tanguay
Thanks :)
Randstad Canada is committed to fostering a workforce reflective of all peoples of Canada. As a result, we are committed to developing and implementing strategies to increase the equity, diversity and inclusion within the workplace by examining our internal policies, practices, and systems throughout the entire lifecycle of our workforce, including its recruitment, retention and advancement for all employees. In addition to our deep commitment to respecting human rights, we are dedicated to positive actions to affect change to ensure everyone has full participation in the workforce free from any barriers, systemic or otherwise, especially equity-seeking groups who are usually underrepresented in Canada's workforce, including those who identify as women or non-binary/gender non-conforming; Indigenous or Aboriginal Peoples; persons with disabilities (visible or invisible) and; members of visible minorities, racialized groups and the LGBTQ2+ community.
Randstad Canada is committed to creating and maintaining an inclusive and accessible workplace for all its candidates and employees by supporting their accessibility and accommodation needs throughout the employment lifecycle. We ask that all job applications please identify any accommodation requirements by sending an email to accessibility@randstad.ca to ensure their ability to fully participate in the interview process.
show more
Mandate description:
- Working on third party risk management framework and Third party risk assessment Under Cyber Supply Chain risk management functional experts team (CGRC)
- Support to legal contract negociation and review - Security sets of specific obligations
- Review and assess Security attestations from third party - ISO 27001 certificate, SOC 2 Type2, or other industry attestation/certification that they might have
- Follow-up on Issues remediation and assessment of security compensatory controls
Contact us : Jessica Tanguay
Advantages
Location: Montreal, QC (2020), Toronto, ON, Saint-Hyacinthe, QC (Depending on the consultant's location, he or she will have to come into the office 2x a week. )
Start Date: 2024-02-05
End Date: 2024-08-02
Languages spoken and written: English only or Bilingual - 80% of the contract is in english very imp.
Level of experience: Senior
Years of experience: 10 +
Criminal and Credit background check (Randstad)
Laptop provide
Responsibilities
What you'll do :
- Act as an expert to continuously identify, monitor and respond to applicable Third-party risk management framework requirements.
...
- Develop, implement, and enhance programs that monitor, measure, analyze and report on Third party risk exposures across all business areas and compare against the organization risk appetite.
- Act as a subject matter expert role in various Third-Party risk management governance by providing security expertise, facilitating collaboration, and performing Third-Party Risk Assessment for acquisition that hold existing and new contracts with Intact.
- Being an active part of Third-party risk management functional experts’ team and support the CGRC, Cyber Governance, Risk and Compliance teams to ensure synergy and momentum among teams internally.
- Act as an expert to continuously maintain by verifying the security key controls and Industries best practices when assessing Third Parties.
- Act as a subject matter expert working in major innovative projects and with Third-party where Third Party risk assessment and security key control are needed to be assess.
- By working independently, conduct various Third-Party risk assessments for circumstances, events or risk scenarios that can potentially impact Intact security posture and/or risk profile.
- Creating and delivering comprehensive risk reports to provide detailed insights of the current state of the organization’s Third-Party Cyber associated risks landscape.
- Act as an expert in Cybersecurity Third Party Risk management for the development of TPRM modules and content within a GRC platform.
- Act as an expert to support the Information security functions to identify, develop, measure, maintain and report on KRIs.
- Remain vigilant to evolving industry cybersecurity solutions and services to ensure constant protection against ongoing and emerging threats.
Qualifications
Minimum requirements:
Bachelor’s degree in information security and/or technologies, or equivalent education and experience
10+ years of relevant work experience in Information Technology and 8+ years of relevant work experience in cyber security frameworks such as those published by guiding organizations (NIST, SANS, ISO etc.). Ability to translate framework to practical advice an assessment.
Knowledge of prevalent industry standards (ISO 27001/27002, SOC 2, SOC 1, NIST, CIS, COBIT)
Strong knowledge of information security management principles and practices. Preference will be given to those candidates who have a strong background in Cloud related technologies and Cyber Governance and Risk experience.
Strong ethical principles and understanding of business and information security ethics.
Good knowledge of common security vulnerabilities of web and cloud applications and operating techniques from sources such as SANS, OWASP Top 10 and Cloud Security Alliance (CSA).
Technical designations such as CISSP, CRISC, CISA preferred.
Good mix of business and technical capabilities, and the ability to communicate on current cyber risk issues to management within the context of their business.
Clear and articulate written and verbal communication skills.
Ability to develop and manage relationships, good facilitation, and delivery skills.
The ability to work on several projects, meet deadlines and manage stakeholder expectations.
A demonstrated commitment to valuing differences, developing, diverse stakeholders.
These certifications would be desirable: CISSP, CISA, CISM, CGEIT, CRISC, GSEC, GISP
Excellent oral and written communication skills (English and French preferred).
Experience with the implementation and knowledge of GRC platforms will be considered an asset.
Summary
Contact us : Jessica Tanguay
Thanks :)
Randstad Canada is committed to fostering a workforce reflective of all peoples of Canada. As a result, we are committed to developing and implementing strategies to increase the equity, diversity and inclusion within the workplace by examining our internal policies, practices, and systems throughout the entire lifecycle of our workforce, including its recruitment, retention and advancement for all employees. In addition to our deep commitment to respecting human rights, we are dedicated to positive actions to affect change to ensure everyone has full participation in the workforce free from any barriers, systemic or otherwise, especially equity-seeking groups who are usually underrepresented in Canada's workforce, including those who identify as women or non-binary/gender non-conforming; Indigenous or Aboriginal Peoples; persons with disabilities (visible or invisible) and; members of visible minorities, racialized groups and the LGBTQ2+ community.
Randstad Canada is committed to creating and maintaining an inclusive and accessible workplace for all its candidates and employees by supporting their accessibility and accommodation needs throughout the employment lifecycle. We ask that all job applications please identify any accommodation requirements by sending an email to accessibility@randstad.ca to ensure their ability to fully participate in the interview process.
show more