Security Advisor

Under the responsibility of the Director of Information Security and within the Information and Value Management Group, you will contribute to improving the corporate security posture by participating in the implementation of appropriate technical and administrative controls, but also by enriching the risk management program. Depending on the needs, your expertise and your interest, you will be called upon to intervene in several aspects of the information security program, ranging from the definition of standards and policies to the development of security processes through the choice of measures to put in place, the deployment of these measures and the measurement of their effectiveness. In addition, you will ensure that security risks are identified, rigorously measured and will be able to propose and implement adequate mitigation measures. You will rely on a wealth of technological experience in order to play a security advisory role with technical stakeholders, with whom you will be called upon to work closely on a regular basis. Finally, you will be required to ensure the compliance of our suppliers, compliance with the requirements of our customers, etc.

Your role:

• We are looking for versatile people with strong aptitudes for some or more of the following activities:
• Maintain and develop a security reference framework including underlying security policies, procedures, standards and guidelines.
• Advise and support the security director in the implementation of the information security management program.
• Support an organization in compliance with various normative and regulatory frameworks specific to the field of information security.
• Identify, assess and manage information security risk mitigation.
• Act as a security advisor in the context of technological projects and write the relevant documentation.
• Develop, implement and optimize processes related to information security
• Participate in an information classification process and recommend appropriate protective measures.
• Measure the effectiveness of control measures objectively and meaningfully.
• Perform administrative and technical audits
• Develop and implement the information security awareness program for staff members
• Follow up on the observations and recommendations of the various audits (customers, compliance, etc.) in terms of information security
• Participate in contract reviews
• Supervise the verification of our suppliers.

What we are looking for
Technical skills:

• Good knowledge of trends and developments in the field of security.
• Knowledge of the various applicable normative and regulatory frameworks (GDPR, law 25, etc.).
• Excellent knowledge of ISO 27000 family standards, SOC and NIST repository
• Practical experience with at least one of the main risk management methods
• Practical experience in implementing an information security program

Skills required:

• Demonstrate versatility and leadership to perform different activities at different levels (strategic and tactical).
• Demonstrate autonomy in the conduct of its projects.
• Be clear and concise in your communications through different channels.
• Demonstrate critical thinking by expressing your opinion and giving constructive feedback.
• Make projections, share your vision in the short, medium and long term.
• Willingly share knowledge and seek to acquire new ones.

Requirements

• Relevant experience: 8 to 10 years of experience in an information security role.
• Language requirement: Bilingual (French and English);
• Education: Bachelor’s degree in computer science or a related discipline

Any combination of relevant education/experience will be considered.