Information Security Governance Specialist

**OPTEL. Responsible. Agile. Innovative.**

OPTEL is a global company that develops transformative software, middleware and hardware solutions to secure and ensure supply chain compliance in major industry sectors such as pharmaceuticals and food, with the goal of reducing the effects of climate change and enabling sustainable living. If you are guided, as we are, by socio-eco-environmental values and want to participate in solving the biggest challenges facing our world today, here is how you can help:
**SUMMARY**

The primary mandate of the Information Security Governance Specialist is to define, design and maintain the governance, risk evolution and security architecture.

**RESPONSIBILITIES**

The primary responsibilities of the Information Security Governance Specialist are to:

- Implement internal guidance derived from internal policies and best practices;
- Ensure compliance with standards such as SOC2 and ISO-27001 with internal teams;
- Produce activity reports and recommend orientations and action plans in information security to the Director;
- Ensure the integration of provisions guaranteeing the respect of information security and legal requirements in our service and contract agreements;
- Advise and support management, analyze and evaluate the scope of decisions and orientations to achieve objectives aimed at minimizing security risks while improving OPTEL's information security maturity level and performance;
- Assist asset owners in the categorization of information assets under their responsibility and in conducting risk analyses;
- Develop and implement the information security training and awareness plan.
- Notify the CIO's office of any changes that may affect the Information Security Authority Registry;
- Document the security architecture of the solutions and that of OPTEL as a whole.
- Ensure the coordination and execution of information security projects.

**TASKS**
- Design, produce and validate deliverables to manage information security risks. In this capacity, he/she produces risk analyses, risk assessments, security advisories and treatment plans.
- Design and update the security architecture in collaboration with other architects;
- Carry out a roadmap to improve our level of maturity, particularly in the area of identity and access management.
- Produce management indicators for risk management and security architecture;
- Propose action plans and monitor their progress;
- Ensure that actions support the organization's information security risk management strategies and objectives in compliance with legal obligations and standards or regulations applicable to the organization.
- Collaborate in the design and evaluation of policies, processes and standards forming the information security governance framework.
- Produce communications, training and facilitate workshops in his/her field of expertise.
- Assist information security stakeholders in the exercise of their responsibilities, particularly with respect to risk management, information categorization, recovery plans and the implementation of security measures.
- Advise on risk management strategy;
- Participate in opportunity studies or other activities of the organization;
- Perform any other related duties.

**SKILLS AND QUALIFICATIONS REQUIRED**
- Undergraduate degree in an appropriate technology discipline;
- Five (5) years of relevant experience in information technology
- Bilingualism French/English
- Knowledge of information security and information technology standards (ISO-270XX, NIST800-53, CIS, ITIL);
- Knowledge of a risk analysis method (Mehari, Octave, Ebios, ISO-27005, NIST 800-30, etc)
- Knowledge of the regulatory framework surrounding the protection of personal information and investigations in Canada and Europe:

- Private Sector Privacy Act;
- General Data Protection Regulation (GDPR);
- Experience with Microsoft Azure and/or Google Cloud Platform;
- Technical knowledge related to network infrastructures;
**Assets**
- Experience working with Agile methodologies (Scrum, Kanban);
- Experience with SOC2 certification;
- Certifications or recognition that are an asset:

- Certified Information System Auditor (CISA);
- Certified Information Security Manager (CISM);
- Certified Information Systems Security Professional (CISSP);
- Certified in Risk and in Information Systems Control (CRISC);
- ISO 27001 Lead Implementer;
- ISO / IEC 27001 Lead Auditor;
- Any other relevant professional certification in information security or networking.
- Knowledge and experience with a risk management and compliance (GRC) tool.

**BENEFITS AND ADVANTAGES**
- Competitive compensation
- Flex hours
- Ability to work on site or remotely
- On-site presence once every two weeks or as needed
- Virtual health clinic and employee assistance program
- Group and dental insurance from day one
- Group RRSP and TFSA with employer contribution from day one
- On-site amenities (free parking and power stations, free coffee and fruit)
- 50%