Skip to Main Content

Security Administrator Full Time / Montreal

The Enterprise Security Team is in search of a self-driven individual with a background in Information/Network Security for the position of Security Administrator.  This is a highly technical role focused on addressing all aspects of Enterprise Security.  You will identify and remediate security gaps, manage the Vulnerability and Vendor Risk programs and ensure the security of employees, clients and Intellectual Property.  Experience in securing complex, cloud and internal infrastructures and SaaS is required. Familiarity with data protection laws and regulations such as AICPA SOC, PCI, HIPAA, GDPR, CCPA and SOX is beneficial.

The Profile

  • Help identify, evaluate, and report on regulatory, IT, and cybersecurity risks to information assets, while supporting and advancing business objectives
  • Work to ensure our information systems are maintained in a fully secure manner in line with our compliance obligations, for both internal and external business environments
  • Keeping the entire organization’s security landscape in mind, ensure that all processes and security provisions are documented and executed correctly
  • Securing information assets and associated technology, applications, systems, and processes in the entire company ecosystem, including internal and external environments
  • Working with senior management to determine acceptable levels of risk for the organization
  • Act as process owner for activities related to confidentiality, integrity, and availability, and also the safety and privacy of information owned or processed by the business in compliance with regulatory requirements
  • Protect corporate networks from data breaches, human error, or cyberattacks
    • Configuring network security settings
    • Performing or managing penetration testing
    • Developing and implementing sufficient measures to detect cyber threats
    • Implementing network security policies
    • Installing and maintaining security software like firewalls, end point protection and backups
  • Manage the protection of the company’s data
    • Managing access 
    • Ensuring that data migration is secure
    • Configuring security software 
    • Monitoring data behavior for abnormal activities
    • Implementing security policies
    • Testing company’s systems to locate potential risks and vulnerabilities
    • Reporting security statuses and incidents (if any)
    • Using software tools to automate security tasks
  • Participate in:
    • Developing, implementing, monitoring, and educating team members on a strategic, comprehensive information security program
    • Ensuring appropriate levels of confidentiality, integrity, safety, privacy, and recovery of the organization’s information assets
    • Liaising with key stakeholders as it relates to the information security approach and operating model
    • Developing, maintaining, and distributing documentation related to security policies, standards, and guidelines Reinforce an information security governance structure through the implementation of a hierarchical governance program
    • Working with our Legal team to ensure that information security requirements are addressed in vendor and client contracts
    • Providing clear risk mitigating directives for projects with components in IT, including the mandatory application of controls
    • Performing security related tasks, including management of 3rd party providers
    • Reporting of key metrics to measure efficiency and effectiveness of the information security program and review with executive team
    • The security audit process through all phases including coordinating with internal and external resources to ensure a successful outcome
    • Creating and managing security awareness training programs for all employees, contractors, and approved system users, including establishing metrics to measure the effectiveness of the training program for various audiences
    • Creating a risk-based process for the assessment and mitigation of any information security risk in XCCommerce’s ecosystem consisting of supply chain partners, vendors, consumers and any other third parties 
    • Ensure that data privacy requirements are included where applicable
    • Providing Senior technical security guidance to technical teams
    • Providing security expertise to network IT personnel
    • Identifying security gaps in the environment and ensuring swift resolution
    • Strategizing creative solutions to complex technical problems
    • Training and Mentoring other security personnel
    • Making decisions on security incidents and executing on Incident response plans
    • Execute security actions on systems and services
    • Administrating, engineering and configuring security technologies
    • Reviewing and advising on tool policies to ensure secure configuration
    • Prepare for functional compliance readiness
    • Prepare for and participate in IT and Governance Audits
    • Answer and liaise on customer questionnaires and inquiries
    • Follow up with responsive and unresponsive teams driving progress on tracked issues
    • Craft and prepare metrics and KPI’s for CISO and executive management review
    • Support information security, compliance and governance inquiries from other teams 
    • Review, update and test plans such as the BCP, IRP and DR plans

Technical Skills

  • 5 years of experience working in a security role, including IT risk management within a SaaS environment
  • Strong understanding of internet technologies and SaaS operating models 
  • Comprehensive understanding and experience in various IT and security frameworks
  • Understanding of relevant legal and regulatory requirements such as: SOC, HIPAA, GDPR, ISO2700x, NIST
  • Experience working with and managing policies, procedures, standards and guidelines related to enterprise security
  • Experience utilizing Windows, Linux, SIEM, Firewalls, IPS, DLP, Cisco, Juniper, next generation antivirus, antivirus/anti-malware in an enterprise environment.
  • Experience with Virtual Machine infrastructure
  • Experience with public cloud infrastructure. Knowledge of Microsoft Azure an asset     
  • Experience administrating Windows infrastructure
  • Experience administrating Linux systems
  • Exceptional presentation and communication skills in English with both internal and external audiences
  • Bachelor’s degree in related field or equivalent work experience
  • CISSP designation or equivalent preferred

The Other Stuff

  • Sound knowledge of security risk management and cybersecurity technologies
  • Up-to-date knowledge of methodologies and trends in both business and IT
  • Proven skills with relationship building, influencing positive outcomes and conflict resolution
  • Ability to break down complex issues and communicate in simple terms
  • Must be a critical thinker, with strong problem-solving skills
  • Poise and ability to act calmly and competently in high-pressure, high-stress situations

Apply to this position