Company: GIRO

Location: Montreal, QC – Rosemont, ON

Expected salary:

Job date: Wed, 22 Jan 2025 02:13:31 GMT

Job description: A world leader in its field, GIRO is a software development company specializing in optimization. We leverage our collective intelligence to impact people’s lives by improving the efficiency of urban mobility. Our innovative software solutions and expert services in the fields of public transportation and postal operations are recognized around the world.Working at GIRO means joining a Montreal-based force that stands out internationally for the quality and efficiency of its solutions.Working at GIRO means having a role in the management and optimization of public transportation and postal companies in the world’s largest cities.Looking for a new challenge? Want to develop in a healthy, stimulating and highly collaborative environment?Come and lead the way forward.As a Senior security, risk and compliance Advisor, you are a seasoned professional with industry-recognized expertise whose primary responsibility is to contribute to the implementation and improvement of GIRO’s security program.Reporting directly to the Security Director (CSO), your responsibilities are as follows:Carry out and evolve the practice of security threat and risk assessment (TRA) with IT, software development, project and corporate services teams.Identify the security measures that form part of each stage of the SDLC and support software development teams in the design, application, awareness and documentation of internal controls.Contribute to the definition of the DevSecOps model and the choice of security automation tools in the SDLC.Design and develop security controls according to risks and contractual and legislative requirements.Evolve security policies, procedures, guides and other documentation to reflect the internal security control framework.Assist the Head of Security in the annual planning and execution of internal and external security audits, working closely with auditors to maintain security certifications.Monitor the risk management plan.Assist the Head of Security in drawing up the roadmap and carrying out security projects.Collaborate in defining and monitoring metrics for the security program.Skills requiredAble to work under general direction and supervision that values autonomy and initiative.Able to use his/her knowledge in the various fields of information security to apply it to the business context and in consideration of GIRO’s culture.Excellent listening skills and understanding of business needs.Ability to plan and prioritize activities according to risk level and business strategies.Rigorous in his analysis and follow-up, and innovative in identifying security measures (internal controls).Excellent synthesis skills and is able to communicate ideas clearly in complex situations.Ability to use available information to measure the performance of safety processes.Able to make certain decisions according to his/her responsibilities and to qualify his/her judgment.Work closely with internal teams.QualificationsA minimum of 6 years’ experience in a GRC security consultant role.University degree in a relevant discipline.CISA, CISM, CRISC or CISSP certification, or equivalent.Mastery of ISO27001, ISO27701 and SOC2 standards.Knowledge of security standards such as NIST CSF, NIST SSDF and OWASP DSOMM.Minimum experience as a developer (an asset) and good knowledge of software development security practices (SDLC, OWASP, DevSecOps)Experience in the use of GRC tools (e.g. KCM, Drata, Resolver or other).Advanced experience in the use of MS Office tools (Excel, PPT, Word, Planner/MS-Project, Teams)Oral and written bilingualism, French and English (the position requires fluency in English due to occasional interactions with English-speaking employees/customers/suppliers)Additional InformationAt GIRO, we welcome you to a highly collaborative environment where every effort will be made to promote your success during your integration period. You will quickly discover that the well-being and fulfillment of our employees are important to us. That is why we offer a range of benefits, including:Flexible working hours, including remote working options to promote a better work-life balance.Regular team recognition and team-building activities such as lunches, happy hours, dinner quizzes, office sports activities, family activities, sports challenges, etc.Advantageous transportation policy that may include reimbursement of the OPUS card.Free drinks (hot chocolate, coffee, tea, herbal tea, etc.) and fruit available at the office.Group RRSP + employer contribution of up to 5%*Group insurance customized to your needs.*An employee assistance program, telemedicine and mental health support.*Applicable only to permanent employeesIf you would like to know more, please send us your application and get in touch directly with our talent acquisition team! We look forward to meeting you!In accordance with the normative and regulatory requirements to which GIRO subscribes, all positions, whether permanent, fixed-term or internship, must undergo a criminal background check. Positions involving access to financial data must undergo a credit check. Checks are carried out according to GIRO’s established procedures.Conditions of employment: Candidates must have the right to work in the chosen country at the time a job is offered to them. It is the sole responsibility of the candidates applying for a job to obtain work permits, visas or any other authorizations required for the position.The masculine pronoun is used solely to lighten the text.