MONTREAL [Hybrid] - GRC Cybersecurity Analyst

About the Company :

As the founding entity of RAINBOW PARTNERS, Quanteam is a consulting firm specializing in Banking, Finance, and Financial Services.

Guided by our core values of closeness, teamwork, diversity, and excellence, our team of 1,000 expert consultants, representing 35 different nationalities, collaborates across 10 international offices : Paris, Lyon, New York, Montreal, London, Brussels, Geneva, Lisbon, Porto and Casablanca.

We are looking for a Cybersecurity Analyst to work with one of our clients, an international bank based in Montreal.

Job Overview

The position aims to enhance the security framework of the organization by conducting thorough security assessments, managing vendor relationships, and mitigating risks across applications and cloud environments.

The ideal candidate should possess strong technical skills, experience in information security, and a proactive approach to managing security risks.

Key Responsibilities

• Perform security reviews for applications, particularly those hosted by cloud providers, following frameworks such as OWASP.
• Assess and manage security risks for new and critical vendors, ensuring prompt identification and mitigation of key risk factors.
• Apply a risk-based approach to measure, report, and evaluate vendor performance effectively.
• Conduct ad hoc security analyses as required to support management’s decision-making processes.
• Participate in special security projects, providing expertise to enhance overall security posture.

Skills and Qualifications

Technical Expertise

• Application Security : Minimum of 5 years in technical roles focused on information security, with strong experience in application security and cloud environments (OWASP knowledge is ideal).
• Experienced with GRC (Governance Risk & Compliance) & TPRM (Third Party Risk Management)
• Cloud Technologies : Proficiency in AWS, MS Azure, or Google Cloud, with a strong understanding of public cloud networking.
• Security Tools : Familiarity with security tools such as vulnerability scanners, firewalls, IDS / IPS, and antivirus software.
• IT Platforms : Strong background in networking, LINUX / UNIX, Windows or Citrix environments.

Analytical and Problem-Solving Skills

• Demonstrated analytical and problem-solving abilities, particularly in security risk identification and mitigation.
• Effective project and program management skills, with an ability to handle complex security assessments and deliver results under tight deadlines.

Vendor Risk Management

• Experience in conducting vendor risk assessments, including on-site visits and reviewing compliance reports (e.g., SSAE18).
• Strong knowledge of third-party management regulations in the banking sector (e.g., FFIEC).

Communication and Collaboration

• Excellent written and verbal communication skills in English.
• Experience collaborating with legal and sourcing teams to develop contracts that incorporate vendor risk management provisions.

Education and Certifications

• Bachelor's degree in Computer Science, Business Management, or a related field, or equivalent professional experience.
• Certified training in security management, risk compliance, or related fields.
• Preferred certifications : CISSP, CCSP, CISA, CTPRA, or similar credentials.
11 hours ago