Our culture lifts you up—there is no ego in the way. Our common purpose? We all want to win for our customers. We aim to always be evolving, dynamic, and ambitious. We believe in the power of genuine connections. Each employee is a part of what makes us unique on the market: agile and dedicated.

Time Type:

Regular

Job Description :

POSITION SUMMARY

The Security Services Analyst will be a key contributor to the organization's Governance, Risk, and Compliance (GRC) function. The GRC Analyst will collaborate with Cybersecurity SMEs and the Risk Management Lead on broader risk assessments and will be responsible for conducting compliance self-assessments, such as those required for PCI DSS or cyber insurance, ultimately contributing to a robust security and compliance posture.

KEY RESPONSIBILITIES

• Manage and execute Third-Party Risk Assessments (TPRA), including vendor categorization, security evaluation, evidence review, risk scoring, the development of mitigation recommendations, contract reviews and ongoing monitoring of vendor risks.
• Manage Data Loss Prevention (DLP) alerts, ensuring a thorough follow-up with stakeholders.
• Plan and deploy annual training, awareness and phishing campaigns.
• Manage GRC solutions and documentation, such as phishing, TPRM, Risk Register, etc.
• Review and update periodically security policies, standards and guidelines.
• Process security exception requests, ensuring thorough documentation, appropriate routing, tracking, timely resolution, and contributing to the development and enforcement of exception policies and standards.
• Coordinate the application approval process, ensuring adherence to security policies and standards, providing guidance to stakeholders on security requirements, and identifying and addressing potential risks associated with new applications.
• Collaborate with Cybersecurity SMEs and the Lead GRC Analyst to contribute to security risk assessments, including the identification of threats and vulnerabilities, the analysis of potential impact, and the recommendation of appropriate controls.
• Collaborate with Governance Lead to conduct compliance self-assessment activities related to frameworks such as PCI DSS, cyber insurance requirements, or other relevant regulations, ensuring accurate and timely completion.
• Contribute to the development, implementation, and maintenance of GRC-related documentation, including policies, standards, guidelines, procedures, and risk assessment templates, ensuring they are up-to-date and effectively communicated.
• Support Information Security team on projects when required.

ACADEMIC TRAINING

• Bachelor's degree in Information Security, Business Administration, or a related field (or equivalent practical experience).
• Preferred certifications:, CISSP, CISM, or similar domain-specific certifications

SPECIFIC COMPETENCIES

• Solid and demonstrable understanding of information security principles, risk management methodologies, and compliance frameworks.
• Experience participating in and contributing to security risk assessments, including identifying and analyzing risks.
• Familiarity with and experience in conducting or leading compliance self-assessment activities related to frameworks such as PCI DSS, Privacy laws, HIPAA, SOC 2, or others relevant to the organization.
• Strong analytical and problem-solving skills with a keen attention to detail.
• Excellent written and verbal communication skills, with the ability to effectively communicate risk and compliance concepts to various audiences.

KEY PERFORMANCE INDICATORS (KPIs)

Success in this role will be measured by the effectiveness of support provided for GRC programs, accuracy of documentation, and contribution to risk and compliance posture:

• Audit & Compliance Support Efficiency:

  • Audit Evidence Provision Time: Timeliness in providing requested evidence for internal and external audits.
  • Audit Finding Tracking Accuracy: Accuracy and completeness of audit finding tracking and status updates.
  • Compliance Report Generation: Timeliness and accuracy of recurring compliance report generation.

• Risk Management Support Effectiveness:

  • Risk Assessment Support Time: Timeliness in supporting the data collection and documentation phases of risk assessments.
  • Risk Register Update Frequency: Regular and accurate updates to the risk register entries.
  • Vendor Assessment Support: Efficiency in completing initial reviews of third-party security assessments.

• Policy & Documentation Quality:

  • Documentation Update Cycle: Adherence to scheduled review and update cycles for assigned GRC policies and standards.
  • Documentation Accessibility/Accuracy: High quality and accuracy of GRC documentation maintained in repositories.

• GRC Tool Utilization:

  • GRC Platform Data Integrity: Accuracy and completeness of data entered into the GRC management platform.
  • Report Generation Efficiency: Ability to efficiently generate ad-hoc and scheduled reports from GRC tools.

Location :

Montréal, QC

Company :

Cogeco Communications Inc.

At Cogeco, we know that different backgrounds, perspectives, and beliefs can bring critical value to our business. The strength of this diversity enhances our ability to imagine, innovate, and grow as a company. So, we are committed to doing everything in our power to create a more diverse and inclusive world of belonging.

By creating a culture where all our colleagues can bring their best selves to work, we’re doing our part to build a more equitable workplace and world. From professional development to personal safety, Cogeco constantly strives to create an environment that welcomes and nurtures all. We make the health and well-being of our colleagues one of our highest priorities, for we know engaged and appreciated employees equate to a better overall experience for our customers.

If you need any accommodations to apply or as part of the recruitment process, please contact us confidentially at

inclusion@cogeco.com