Analyste – Gestion des risques T.I

Raymond Chabot Grant Thornton•Montreal, QC

18h•Hybrid

About The Position

In the IT Security team, happiness at work is cultivated daily, through simple but significant gestures: pleasant workspaces, moments of conviviality, attentive listening, and sincere recognition of everyone's efforts. As an IT Risk Management Analyst at RCGT, you will act as an information security advisor to various business sectors, providing expertise on new services, products, and projects. You will evaluate applications, infrastructure, business units, business processes, and external suppliers for information security risks, identifying potential threats and exposures. You will conduct security reviews and planned initiatives throughout the organization, producing high-quality threat risk assessment reports that clearly articulate risks. You will review and interpret requirements documents, architecture diagrams, solution designs (including cloud solutions), and other written and verbal information to determine if a project, application, infrastructure, or external supplier poses a security risk to the firm. You will provide recommendations to the development and operational teams to address security weaknesses and identify potential new security solutions. You will maintain and evolve a risk register. You will ensure recurrent review of identified risks, implementation of proposed controls, and their effectiveness. You will stay informed about the latest market trends related to information technology and risk management methodologies. You will participate in the preparation of internal and external ISO27001:2022 audits. You will continuously improve the effectiveness of your work by integrating AI-based solutions and other modern methods. At Raymond Chabot Grant Thornton, our employees add up, a range of skills complement each other and team members make work fun. Our professionals support local businesses at every stage of their growth through collaboration and trust. As a member of our firm, you can forge your own path. We place as much value on the reward of tackling challenges as on the recognition of the milestones achieved. Working at RCGT also means being part of the Grant Thornton global network. You can expand your learning opportunities and impact on a large scale. You’ll benefit from a flexible, motivating and people-focused work environment. We believe that wellbeing is more than an extra. It’s essential! Join a team where your expertise counts and your ambitions can take root and grow. At RCGT, we add up successes. What if yours was next?

Requirements

Bachelor's degree in computer science or any other relevant discipline.
Minimum of 5 years of experience in IT security.
Solid knowledge of risk management principles and practices.
Knowledge of IaaS, PaaS, SaaS technology principles.
Recognized certifications in qualitative and quantitative risk assessment (e.g., CRISC from ISACA or equivalent).
In-depth knowledge of ISO27001:2022 principles.
Strong ethical principles and understanding of business ethics and information security.
Ability to work under pressure with time constraints and ability to prioritize tasks and mandates.

Nice To Haves

Strong documentation and communication skills.

Responsibilities

Act as an information security advisor to various business sectors, providing expertise on new services, products, and projects.
Evaluate applications, infrastructure, business units, business processes, and external suppliers for information security risks, identifying potential threats and exposures.
Conduct security reviews and planned initiatives throughout the organization, producing high-quality threat risk assessment reports that clearly articulate risks.
Review and interpret requirements documents, architecture diagrams, solution designs (including cloud solutions), and other written and verbal information to determine if a project, application, infrastructure, or external supplier poses a security risk to the firm.
Provide recommendations to the development and operational teams to address security weaknesses and identify potential new security solutions.
Maintain and evolve a risk register.
Ensure recurrent review of identified risks, implementation of proposed controls, and their effectiveness.
Stay informed about the latest market trends related to information technology and risk management methodologies.
Participate in the preparation of internal and external ISO27001:2022 audits.
Continuously improve the effectiveness of your work by integrating AI-based solutions and other modern methods.