The position reports to the Cybersecurity Governance, Risk and Culture (GRC) Directorate of the InfoSec Vice Presidency. The resource will join the “Governance and Compliance” squad, responsible for managing our policies and controls, managing compliance, supporting audits and managing supply chain security.


Main tasks:

• Plan, coordinate and monitor the call for tenders to renew our TPRM services, by coordinating all stakeholders involved.
• Document and update our third-party cyber risk management processes and procedures.
• Lead the migration to the new third-party cyber risk management solution, coordinating all stakeholders involved
• Carry out, as needed, due diligence reviews of third-party security, and contribute to calls for tender to define security requirements.
• Contribute to the major review of our information security policy and the development of governance documents (guidelines, security procedures).
• Contribute to the update of our information security controls framework (alignment with NIST CSF v2.0 and other application frameworks)
• Contribute to other Governance, Risk and Compliance activities that may arise during the term of office and depending on the needs of other squads within the Directorate.

*** We are looking for someone with strong governance skills - able to manage policies, procedures, requirements gathering independently, and associated documentation. The ideal candidate will be able to work independently, take ownership of their mandate, and conduct activities with little supervision . Governance and compliance are a priority , as all documentation needs to be reviewed and reorganized. Subsequently, experience in third-party risk management will be a strong asset. The person will work closely with the CISO. They must be able to challenge existing processes , propose improvements, and play an active role, while being strategic , not just an executor .***

Required :

• Around 5 years of experience in security/governance
• Experience (minimum 3 years) in documenting and updating processes and procedures, applied to the InfoSec context.
• Experience (5 years minimum) in drafting governance documents (policy, directives, security procedure).
• Experience (5 years minimum) in risk management and implementation of InfoSec risk management frameworks and controls.
• Experience (3 years minimum) in implementing IT solutions, providing best practices and the structure to deliver a simple to medium IT project (data migration, solution integration, etc.).
• In-depth knowledge of cybersecurity standards and frameworks (ISO 27001, NIST, etc.).
• Knowledge of third-party risk management solutions such as Bitsight, CyberGRX, UpGuard or others
• Experience (minimum 3 years) in conducting activities related to third-party cyber risk management.
• Bilingualism: must understand both languages and speak one

Asset:

• Proficiency in Azure DevOps.
• Certifications: Certifications such as CISSP, CISM, CGEIT, ISO 27001, or other certifications in risk management, compliance, and security.
• Degree in computer science, cybersecurity or a related field.