Careers - Open Positions - B Corp Certified

Location: Canada QC Type: Full Time

OPTEL. Responsible. Agile. Innovative.

OPTEL is a global company that develops transformative software, middleware and hardware solutions to secure and ensure supply chain compliance in major industry sectors such as pharmaceuticals and food, with the goal of reducing the effects of climate change and enabling sustainable living. If you are guided, as we are, by socio-eco-environmental values and want to participate in solving the biggest challenges facing our world today, here is how you can help:

SUMMARY

The primary mandate of the Information Security Governance Specialist is to define, design and maintain the governance, risk evolution and security architecture.

RESPONSIBILITIES

The primary responsibilities of the Information Security Governance Specialist are to:

Implement internal guidance derived from internal policies and best practices;
Ensure compliance with standards such as SOC2 and ISO-27001 with internal teams;
Produce activity reports and recommend orientations and action plans in information security to the Director;
Ensure the integration of provisions guaranteeing the respect of information security and legal requirements in our service and contract agreements;
Advise and support management, analyze and evaluate the scope of decisions and orientations to achieve objectives aimed at minimizing security risks while improving OPTEL's information security maturity level and performance;
Assist asset owners in the categorization of information assets under their responsibility and in conducting risk analyses;
Develop and implement the information security training and awareness plan.
Notify the CIO's office of any changes that may affect the Information Security Authority Registry;
Document the security architecture of the solutions and that of OPTEL as a whole.
Ensure the coordination and execution of information security projects.

TASKS

Design, produce and validate deliverables to manage information security risks. In this capacity, he/she produces risk analyses, risk assessments, security advisories and treatment plans.
Design and update the security architecture in collaboration with other architects;
Carry out a roadmap to improve our level of maturity, particularly in the area of identity and access management.
Produce management indicators for risk management and security architecture;
Propose action plans and monitor their progress;
Ensure that actions support the organization's information security risk management strategies and objectives in compliance with legal obligations and standards or regulations applicable to the organization.
Collaborate in the design and evaluation of policies, processes and standards forming the information security governance framework.
Produce communications, training and facilitate workshops in his/her field of expertise.
Assist information security stakeholders in the exercise of their responsibilities, particularly with respect to risk management, information categorization, recovery plans and the implementation of security measures.
Advise on risk management strategy;
Participate in opportunity studies or other activities of the organization;
Perform any other related duties.

SKILLS AND QUALIFICATIONS REQUIRED

Undergraduate degree in an appropriate technology discipline;
Five (5) years of relevant experience in information technology
Bilingualism French/English
Knowledge of information security and information technology standards (ISO-270XX, NIST800-53, CIS, ITIL);
Knowledge of a risk analysis method (Mehari, Octave, Ebios, ISO-27005, NIST 800-30, etc)
Knowledge of the regulatory framework surrounding the protection of personal information and investigations in Canada and Europe:
- Private Sector Privacy Act;
- General Data Protection Regulation (GDPR);
Experience with Microsoft Azure and/or Google Cloud Platform;
Technical knowledge related to network infrastructures;

Assets

Experience working with Agile methodologies (Scrum, Kanban);
Experience with SOC2 certification;
Certifications or recognition that are an asset :
- Certified Information System Auditor (CISA);
- Certified Information Security Manager (CISM);
- Certified Information Systems Security Professional (CISSP);
- Certified in Risk and in Information Systems Control (CRISC);
- ISO 27001 Lead Implementer;
- ISO / IEC 27001 Lead Auditor;
- Any other relevant professional certification in information security or networking.
Knowledge and experience with a risk management and compliance (GRC) tool.

BENEFITS AND ADVANTAGES

Competitive compensation
Flex hours
Ability to work on site or remotely
On-site presence once every two weeks or as needed
Virtual health clinic and employee assistance program
Group and dental insurance from day one
Group RRSP and TFSA with employer contribution from day one
On-site amenities (free parking and power stations, free coffee and fruit)
50% reimbursement of the monthly RTC pass
Several committees in which you can get involved (B-Corp Committee, Social Club, SST)
Open, bright areas and ergonomic offices
Free English and French classes for those who wish to improve their level
Organization present on several continents
B-CORP certified company

See the offer on Jazzhr

Cookie	Duration	Description
cookielawinfo-checkbox-analytics	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Analytics".
cookielawinfo-checkbox-functional	11 months	The cookie is set by GDPR cookie consent to record the user consent for the cookies in the category "Functional".
cookielawinfo-checkbox-necessary	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookies is used to store the user consent for the cookies in the category "Necessary".
cookielawinfo-checkbox-others	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Other.
cookielawinfo-checkbox-performance	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Performance".
viewed_cookie_policy	11 months	The cookie is set by the GDPR Cookie Consent plugin and is used to store whether or not user has consented to the use of cookies. It does not store any personal data.