Analyste Securite

Analyste Securite

  • Location


  • Sector:

    Security Specialist

  • Job Type:


  • Contact:

    Myldred Alphonse

  • Job Reference:


  • Published:

    about 2 years ago

  • Expiry date:


  • Start Date:


  • :


Targeted start date: 2/15/2019
Targeted end date: 12/31/2019
Position's country: Canada
Position's city: Montreal
Potential to convert to permanent?: No
Remote : No
Travel: No

Position title: Information Security Advisor - Senior

Profile needed:

10 years of I&T experience 5 years of Information Security Governance Certifications in ITIL, CISSP, CISM, CISA, desirable

1 Knowledge IT/OT convergence challenges and impact related to ICAM or Network Isolation.
2 Knowledge of railroad industry is also an asset.
3 Experience in working at a fast-pace corporate environment, adapting to changing priorities, understanding of business objectives and multi-tasking.
4 Great leadership skills, ability to influence and leverage network to strive consensus towards a target solution that will generate value for the company.
5 Excellent communication and presentation skills, both written and verbal, French and English.
6 Abilily to build collaborative relationships, work in a matrix environment and foster engagement, help team members grow and develop through coaching and constructive feedback.

Skill Set: ICAM security consultant

1 Strong and demonstrated experience in ICAM domain. Must have been involved in a similar position at least in 2 major projects where Identify, credential and access management was the primary scope.
2 Must be familiar with most recognized industry standard and security best practices such as NIST, SOX, PCI, ISO-2700x, etc.
3 Must be aware and up-to-date of the market trends in ICAM domain in addition to demonstrated knowledges of key ICAM processes : Identity lifecycle, Access and credential lifecycle, authentication, etc.
4 Strong and demonstrated experience in Identity Governance solution on the market. Example includes (but are not limited to) : ISIM, OIM, SailPoint IIQ, CA identity suite, Saviynt, etc. Saviynt will be considered as an asset.
5 Strong and demonstrated experience in Multi Factor Authentication solution on the market. Example includes (but are not limited to) : RSA, Gemalto, Symentec, SecureAuth IdP, etc. SecureAuth will be considered as an asset.​

The SPOT.IT program objective is to implement sustainable security controls to address the risks associated with Operational Technology (OT) systems being compromised accidentally or intentionally from internal and external sources leading to safety or operational incidents. The program is composed of more then 16 projects.

As an expert, the security consultant will contribute to design and implement state of the art security solutions required to mitigate CN’s cybersecurity risks. For those positions please note that technical skills will be considered as an asset but the focus will really be the functional side of cybersecurity. In addtition to security posture, retained candidates will have to consider end user experience as well as operation efficiency to define best solution and processes.


1 Act as reference in cybersecurity domain, provide guidance and advice.
2 Gather and define security requirements in accordance with CN security standard.
3 Plan and lead workshops with stakeholders to gather requirements and define target state.
4 Document business process, use cases/user stories and test cases.
5 Collaborate with the Solution Architect and SME to define solution detailed design.
6 Actively engage in the identification, resolution and mitigation of all functional and technical risks & issues.
7 Support the delivery team to implement defined architecture, tools and processes.
8 Assist project manager and lead architect to enable key success factors for the project.

Key Deliverables:

1 Use cases and user stories register.
2 Requirements document and process maps.
3 Solution detailed design and specs.
4 May aslo be involved in other project deliverables such as Solution architecture, blueprint, test strategy, knowledge transfer documents and more.