OneSpan is looking for a Senior Information Security Advisor to join our team in MONTRÉAL!
Reporting to the Chief Information Security Officer, the Senior Information Security Advisor will be responsible to ensure the company, and more particularly its SaaS services, operates in compliance with applicable security and privacy-related standards and requirements, and will demonstrate such commitment both internally and externally by driving continued compliance efforts. This includes assessing and reporting on security controls required by various security, privacy and compliance frameworks (e.g. ISO 27001, SOC 2, HIPAA, etc.)
More specifically, the Information Security Advisor will be involved in the continuous improvement of the company’s security and privacy compliance posture through leading and taking an active part in security and privacy-related audits, assessments, certifications and compliance initiatives. This includes ensuring company’s SaaS offerings meet and operate according to security and privacy company policies, customer commitments, contractual, legal and regulatory requirements, as well as adopted security and privacy-related frameworks. Working with R&D and Operations teams, the Information Security Advisor will ensure that the required administrative, technical and physical controls are identified, documented, implemented, maintained and periodically tested to ensure they operate effectively and efficiently across multiple product lines.
This position will respond to third-party audit requests, perform information security risk and privacy impact assessments, partake in testing of controls, follow-up on identified gaps and recommend improvements to reduce, contain and mitigate risks. The successful candidate will fill a hands-on leadership role, influencing other company teams in their security and privacy compliance and certification efforts.
As part of the Information Security team, the Information Security Advisor will partake in various other security and compliance initiatives and make recommendations as appropriate to improve the security of our corporate infrastructure, as well as of our products and services.
Job Duties and Responsibilities:
- Collaborate with product management, product owners and project teams on security impact analyses and definition of security, privacy and compliance requirements relating to our products and services
- Lead and actively partake in compliance and certification initiatives by defining, implementing and documenting required controls as well as monitoring and reporting on their continuous operating effectiveness
- Develop, monitor and report on action plans for identified security and compliance issues
- Act as liaison with external auditors, assessors and customers on ongoing compliance and audit initiatives
- Support the sales process by working business analysts, pre-sales engineers and technical account managers in responding to customer security, privacy and compliance questions
- Advise technical teams on implementation of controls to meet security best practices
- Support R&D and Operations teams in the identification and correction of any vulnerabilities or security issues identified in our products and services
- Collaborate with Operations teams in ensuring secure operations of our services
- Provide recommendations to align with information security, data privacy and compliance best practices
- Bachelor’s degree in Information Systems, Computer Science or equivalent
- Minimum of 10 years of cumulated hands-on information security and related experience
- Professional certifications in the security, privacy, risk management and audit areas highly desirable: CISSP, CRISC, CISM, CIPP, CISA, etc.
- Ability to understand and translate business needs and compliance requirements into actionable technical and administrative controls
- Good understanding of security, privacy and compliance domains
- Excellent analytical skills and attention to detail
- Excellent communication & documentation skills
- Strong command of the English language
- Demonstrated initiative
- Ability to plan and deliver on commitment
- Strong problem-solving and decision-making skills
Specific skills and experience needed to be successful
- Field experience in security and/or privacy audits and/or compliance initiatives
- Experience in regulated industries
- Experience in implementation of standards and frameworks such as ISO 27002, NIST 800-53
- Familiarity with GDPR, FedRAMP, HIPAA, PIPEDA and other security and privacy-related laws, regulations and frameworks.