Careers

Senior Information Security Advisor

Montréal, Quebec, Canada


The Senior Information Security Advisor will contribute to the security of the Company’s key products and services by participating in the development of security and compliance requirements, in line with business strategy, company policies, customer commitments as well as contractual, legal and regulatory requirements. The Information Security Advisor will play an important role in the organization’s security, privacy, regulatory and contractual compliance efforts through the design, implementation, maintenance and monitoring of the required administrative and technical controls throughout the organization. This role will contribute to the company’s products and services, as well as to its corporate internal security needs.

This position will actively participate in security, compliance and certification audits, respond to audit requests, partake in testing of controls, follow up on security and compliance remediation initiatives and recommend improvements to reduce, contain and mitigate risks. The Information Security Advisor will support the sales process by occasionally working directly with customers to address their security questions and concerns about the company’s products and services. The Information Security Advisor will monitor and assess changes in the security, privacy and compliance landscape and make recommendations as appropriate to improve the security of our products and services. 

Key responsibilities and duties

 

  • Assist in the identification, definition, prioritization and implementation of security- and compliance-related product improvements
  • Collaborate with product management, product owners and project teams on security impact analyses and definition of security, privacy and compliance requirements relating to our products and services
  • Actively partake in compliance and certification initiatives by defining, implementing and documenting required controls as well as monitoring and reporting on their continuous operating effectiveness
  • Develop, monitor and report on action plans for identified security and compliance issues
  • Act as liaison with external auditors and customers on ongoing compliance and audit initiatives
  • Support the sales process by working business analysts, pre-sales engineers and technical account managers in responding to customer security, privacy and compliance questions
  • Advise technical teams on the implementation of controls to meet security best practices
  • Support Research & Development and Operations teams in the identification and correction of any vulnerabilities or security issues identified in our products
  • Collaborate with Operations teams in ensuring secure operations of our services
  • Provide recommendations to align with information security, data privacy and compliance best practices

Qualifications

  • Bachelor’s degree in Information Systems, Computer Science or equivalent
  • Minimum of 10 years of cumulated hands-on information security and related experience
  • Professional certifications in the security, privacy, risk management and audit areas highly desirable: CISSP, CRISC, CISM, CIPP, CISA, etc.
  • Ability to understand and translate business needs and compliance requirements into actionable technical and administrative controls
  • Good understanding of security, privacy and compliance domains
  • Excellent analytical skills and attention to detail
  • Excellent communication & documentation skills
  • Strong command of the English language
  • Demonstrated initiative
  • Ability to plan and deliver on commitment
  • Field experience in security and/or privacy audits and/or compliance initiatives
  • Experience in regulated industries
  • Experience in implementation of standards and frameworks such as ISO 27002, NIST 800-53
  • Familiarity with GDPR, FedRAMP, HIPAA, PIPEDA and other security and privacy-related laws, regulations and frameworks. 
  • Assist in the identification, definition, prioritization and implementation of security- and compliance-related product improvements
  • Collaborate with product management, product owners and project teams on security impact analyses and definition of security, privacy and compliance requirements relating to our products and services
  • Actively partake in compliance and certification initiatives by defining, implementing and documenting required controls as well as monitoring and reporting on their continuous operating effectiveness
  • Develop, monitor and report on action plans for identified security and compliance issues
  • Act as liaison with external auditors and customers on ongoing compliance and audit initiatives
  • Support the sales process by working business analysts, pre-sales engineers and technical account managers in responding to customer security, privacy and compliance questions
  • Advise technical teams on the implementation of controls to meet security best practices
  • Support Research & Development and Operations teams in the identification and correction of any vulnerabilities or security issues identified in our products
  • Collaborate with Operations teams in ensuring secure operations of our services
  • Provide recommendations to align with information security, data privacy and compliance best practices

Why OneSpan

OneSpan offers the best of both worlds – a solid foundation that only an established global enterprise can provide, with the energy and creativity of an innovative start-up. In every role at OneSpan, you’ll contribute to the success of the most advanced security and e-signature technologies, and have opportunities to grow. You’ll continue your hands-on education through formal training and informal programs.