Cybersecurity Engineer
Apply NowCompany: Compunnel Software Group
Location: Montreal, QC H1A 0A1
Description:
Job Summary:
The Continuous Controls Monitoring (CCM) team is part of the Technology Controls Group within the Technology and Operational Risk organization. The objective of the Continuous Controls Monitoring (CCM) program is to provide a structured and consistent process that enables near real-time monitoring of Technology Policy Control implementations across the firm. This includes identifying control failures and responding to them. Technology controls ensure the confidentiality, integrity, and availability of the firm's data, infrastructure, and systems in both on-premises and off-premises (cloud) environments. CCM offers continuous visibility into control weaknesses and ensures compliance with laws, rules, and regulations.
The successful candidate will join the CCM team and be part of the Metric Design & Architecture team. This team translates Technology Policy controls into clear and specific metric definitions, which identify the implementation details, tools, evidence, metrics formulas, and more. The role will work closely with control implementors, product owners, architects, and engineers.
Key Responsibilities:
Required Qualifications:
Preferred Qualifications:
Certifications (if any):
Cybersecurity certifications (e.g., CISSP, CISM, CISA, etc.) are preferred.
Education: Bachelors Degree
The Continuous Controls Monitoring (CCM) team is part of the Technology Controls Group within the Technology and Operational Risk organization. The objective of the Continuous Controls Monitoring (CCM) program is to provide a structured and consistent process that enables near real-time monitoring of Technology Policy Control implementations across the firm. This includes identifying control failures and responding to them. Technology controls ensure the confidentiality, integrity, and availability of the firm's data, infrastructure, and systems in both on-premises and off-premises (cloud) environments. CCM offers continuous visibility into control weaknesses and ensures compliance with laws, rules, and regulations.
The successful candidate will join the CCM team and be part of the Metric Design & Architecture team. This team translates Technology Policy controls into clear and specific metric definitions, which identify the implementation details, tools, evidence, metrics formulas, and more. The role will work closely with control implementors, product owners, architects, and engineers.
Key Responsibilities:
- Establish and document control metric definitions for Technology controls by engaging with various stakeholders, understanding processes, and analyzing data for accurate measurement.
- Collaborate with the Technology Policy team to ensure control measurement/metric requirements are met through the Policy design/update process.
- Partner with various metric consumers to establish a reporting framework that meets their requirements.
- Work closely with the CCM Data Acquisition and Tooling team to ensure the successful implementation of metrics.
Required Qualifications:
- 5+ years of experience in information security and/or information technology.
- 2+ years of hands-on experience with technology or cybersecurity control implementations.
- Ability to define metrics/Key Control Indicators (KCIs) to show control implementation completeness.
- Strong business acumen and strategic mindset.
- Experience working with and understanding customer or client needs.
- Strong interpersonal skills to interact effectively at all levels and engage with a broad team/stakeholders.
- Ability to manage expectations and handle high-pressure situations with tight deadlines.
- Proven analytical skills and decision-making ability based on quantitative and qualitative data.
Preferred Qualifications:
- Knowledge of various domains of Technology controls and cybersecurity.
- Familiarity with public cloud technology.
- Knowledge of security concepts and tools related to Identity & Authentication, Data Security, System Security, Network Security, and Application Security.
- Knowledge of security logging, monitoring, and incident response.
- Cybersecurity certifications are preferred.
Certifications (if any):
Cybersecurity certifications (e.g., CISSP, CISM, CISA, etc.) are preferred.
Education: Bachelors Degree