PUBLIC CLOUD SECURITY ANALYST - Jobs in Montréal, QC

Job Description

A propos de TalanTalan Canada is growing and looking to strengthen its team with a Public Cloud Security Analyst for the Montreal office, who will be interested in working with clients from multiple industries.Talan is a consulting firm specializing in digital innovation and transformation. For over 20 years, Talan has been advising, supporting, and implementing transformation projects for businesses and public authorities, in France and abroad. With operations on five continents and nearly 4,000 consultants, the group anticipates profits of 400 million euros in 2021, and expects a turnover of 1 billion euros by 2024. The group places innovation at the heart of its development strategy and is involved in areas of technological change affecting major corporations, such as Big Data, the Internet of Things, Blockchain, and Artificial Intelligence.

• Perform detailed cloud architectural and cloud infrastructure reviews including reviewing cloud configuration vs best practices and/or standards (e.g. CIS).
• Perform in depth technical reviews from an application security perspective, typically involving Cloud Providers using a standard methodology such as OWASP.
• Leverage industry frameworks such as CCM, NIST etc to ensure a robust cloud framework.
• Help develop and build a framework to ensure a repeatable cloud review process.
• Assist in Vendor risk assessment reviews, in particular 4th party cloud reviews however also review AWS and Azure Third Party risks including completion of due diligence tasks and risk assessments.
• Highly collaborative position required to gather stakeholder input to ensure reviews reach a consensus – including Internal Audit, 2LOD, Global teams (mainly in Paris and / or Bangalore).
• Perform ad hoc analyses and participate in special projects as needed by management.

• 7+ years demonstrable experience in a role performing technical analysis with an Information Security component ideally with a focus on Application Security Risks (ideally OWASP) experience with a focus on Cloud Providers.
• 5+ years experience with knowledge of configuration and networking from a Public Cloud perspective with hands on experience of AWS, MS Azure or Google cloud.
• Experience with Third Party Risk Management is preferred but not required – in particular cloud providers using IaaS, PaaS or SaaS and ideally in AWS, Azure or GCP
• Experience with compliance frameworks and applicability to cloud for example CCM, NIST, FFIEC, NY DFS.
• Experience with technical architecture in cloud - CIS or other benchmark and configuration preferred.
• Direct experience performing information security risk assessments Cloud applications and Cloud architectures.
• Experience of vendors risk assessments – particularly CSPs such as Azure of AWS. Interpret, identify, and mitigate critical risks factors in a timely manner. Track measure, report, and evaluate vendor performance using a risk-based approach.
• Requires strong analytical skills, problem solving skills, and project/program management skills.
• Solid training in computer disciplines such as application and data security, computer technology or software disciplines.
• Demonstrated ability to perform Vendor Risk assessments through on-site visits and reviewing SSAE18s.
• Solid understanding of the banking industry’s regulatory requirements for managing third parties (e.g., FFIEC).
• Experience working with legal or sourcing as part of contract design to include key provisions for Vendor Risk Management.
• Excellent written and verbal communication skills.
• Proven ability to manage issues through to resolution skilled at making judgment calls.
• Ability to successfully multitask and complete difficult assignments with deadlines which may have short lead times.

Education

• Bachelors degree or equivalent business experience in Computer Science, Business Management, or MS required.
• Certified training in transversal technical topics, security management, risk and compliance solutions and practices.
• CISSP, CCSP, CISA, CISM, GSEC, CRISC, or related certification(s) preferred.
• AWS or Azure or GCP certification.

Quick Apply

• Terms & Conditions
• New Privacy
• Privacy Center
• Accessibility

For Job Seekers

• Browse Jobs
• Advanced Job Search
• Emplois Quebec

For Employers

• Post a Job

Stay Connected