Analyst - Compliance and Security
Are you ready for a big leap?
The last few months have been a real series of acrobatics and contortions for Cirque du Soleil Entertainment Group. But we are ambitious and passionate about our work, and we always know how to get back on our feet, even after superhuman somersaults.
Our hearts are still pounding at the thought of rebuilding our company and dreaming of its wonderful future. Do you have the audacity we need to take up the challenge? By joining us, you'll be working in uncharted territory, but where you can make a real difference.
As an ambassador for Compliance and Cybersecurity, you support Cirque in the undertaking of business risks while mitigating technological risks. You define and implement information security policies. You participate in the assessment of our compliance requirements and ensure our business partners' adherence.
The Compliance and Security Analyst will:
- Maintain cybersecurity management tools;
- Maintain and improve event log aggregation and correlation tools;
- Analyze malicious codes, and devise strategies to contain and avoid them;
- Help solve cybersecurity incidents;
- Take part in vulnerability management (sweeping, intelligence and other sources);
- Carry out a cybersecurity technology watch;
- Assess and understand compliance requirements, and make sure business partners adhere;
- Take part in auditing and compliance activities;
- Check exception and exemption requests;
- Contribute to the change management process;
- Participate in compliance activities (PCI DSS, SOX, HIPAA, etc.).
The ideal candidate will have the following qualifications:
- Bachelor's degree in computer science or software engineering, or equivalent experience OR Bachelor’s degree in business administration, information systems or computer science, or equivalent experience;
- At least 2 years' experience in a major corporate setting, particularly in cybersecurity, compliance and business continuity management;
- Extensive knowledge of IT security (risk analysis, protective measures, vulnerability management, encryption, surveillance, etc.);
- In-depth understanding of network protocols, data flow analysis and reconstitution, and marked interest in technology watch;
- Boundless curiosity, keen problem-solving ability and superior communication skills;
- Professional information security certification such as CISSP, CISM or CGEIT an asset;
- Expertise managing Sarbanes-Oxley, PIPEDA and PCI compliance regulations as well as COBIT, ISO 27000 and NIST frameworks;
- Ability to tie your decisions back to company objectives and focus on results;
- Superior spoken and written communication skills, and adeptness at maintaining strong interpersonal relations;
- Exceptional ease in English and French.