- Type
- Permanent
- Work schedule
- Full time
Want to join a Canadian leader? Love to work with experienced professionals? Eager to make a valued contribution to a team of some 250 colleagues? Sounds like you’re ready for a job at TRSB, Canada’s number one translation provider.
TRSB is seeking an experienced Information Security Specialist to support our organization in building a strong security framework. You will take an active part in developing and implementing security policies, managing compliance requirements (notably SOC 2) and developing operational processes (procedures, controls, responses to security questionnaires).
Your daily routine:
Threat monitoring
- Proactively monitor and analyze security data to detect threats and advanced vulnerabilities
- Develop key indicators (risk and performance) and collect actionable intelligence to strengthen the organization’s security posture
Security incident response
- Manage security incidents, from initial analysis to full resolution
- Carry out post-incident assessments and recommend preventive measures
Risk and vulnerability assessment
- Independently conduct in-depth security assessments to identify vulnerabilities and recommend remediation strategies
- Maintain the information security risk register, oversee audits, and assess suppliers’ security practices
Security awareness and coaching
- Develop information security awareness materials
- Provide specialized advice in support of cybersecurity program objectives and compliance initiatives
Policies and governance
- Write, update and maintain information security policies, procedures and standards (access management, passwords, network security, PAP, etc.)
- Ensure documentation alignment with best practices (NIST, ISO 27001, etc.).
Compliance and audits (SOC 2)
- Coordinate SOC 2 (types 1 and 2) compliance activities, including audit preparation
- Document and implement required security controls
- Ensure that evidence is gathered and requirements are met for external auditors
Security questionnaires
- Respond to security questionnaires from clients or partners (cybersecurity, confidentiality, business continuity, etc.)
- Collaborate with internal teams to obtain relevant technical or organizational responses
Security control implementation
- Assist in developing and implementing technical and organizational controls (access management, logging, backups, etc.)
- Collaborate with IT, operations, development, and product teams in integrating security into operations
Security procedures and processes
- Develop security intervention procedures (incident response, vulnerability management, SIEM alert response, etc.)
- Implement reproducible, well-documented processes
You will need:
- Good knowledge of SOC 2, ISO 27001, NIST, and CIS Benchmark standards
- Experience in drafting security policies and documentation
- Ability to understand technical concepts and explain them to a non-technical audience
- Knowledge of AWS, Azure, and GCP cloud environments (an asset)
- CCSP, CISM, ISO 27001 Lead Implementer certification
This position may be ideal for you if you:
- have a degree in information security, information technology, or a related field
- have at least three to five years’ experience in a similar role in IT security or governance
- are fluent in English and French, both written and spoken
- can successfully and independently handle multiple projects
- have experience with governance, risk, and compliance (GRC) tools
- have experience with the DRATA GRC tool (an asset)
We value our teams and offer working conditions to match:
- Competitive salary
- Comprehensive group insurance
- Group RRSP
- Flexible work arrangements
- Fitness benefit
- Payment of dues to your professional order
- Referral program
- Public transit credit
- Paid vacation on your birthday