Sign upLog in

Cyber Security Supply Chain Risk Specialist

Axelon

Montreal, QC

Apply
JOB DETAILS
SALARY
$374.64–$642.50 Per Day
SKILLS
Alliance/Partner Management, Auditing, Automation, Banking Services, CISA - Certified Information Systems Auditor, CISSP - Certified Information Systems Security Professional, Cloud Computing, Computer Science, Continuous Improvement, Corrective Action, Data Analysis, Data Management, Data Sets, Database Extract Transform and Load (ETL), Documentation, Due Diligence, English Language, French Language, ISO (International Organization for Standardization), Information/Data Security (InfoSec), Infrastructure as a Service (IaaS), Internal Audit, Internet Security, Leadership, Performance Metrics, Platform as a Service (PaaS), Portuguese Language, Presentation/Verbal Skills, Process Improvement, Program Planning, Project/Program Management, Python Programming/Scripting Language, Regulations, Reporting Dashboards, Risk, Risk Analysis, Risk Management, SQL (Structured Query Language), Security Analysis, Software as a Service (SaaS), Spanish Language, Supply Chain, Supply Chain Management, Team Player, Test Plan/Schedule, U.S. National Institute of Standards and Technology (NIST), Vendor/Supplier Relations, Vendor/Supplier Selection, Writing Skills
LOCATION
Montreal, QC
POSTED
2 days ago
Job Title: Cyber Security Supply Chain Risk Specialist
Location: Montreal, QC

Spanish is mandatory**

Purpose:

The Cyber Security Supply Chain Risk Specialist ensures that third party services across North, Central, and South America meet clients’ business, regulatory, and security standards. The role partners with Relationship Managers, Vendor Management, and global security teams to translate global vendor due diligence findings into actionable local mitigations, run continuous monitoring programs, and lead third party security transformation projects.

Key Responsibilities:
Supply Chain Risk Management
  • Review and understand vendor services and define assessment scope using the client Vendor Questionnaire.
  • Conduct security assessments or work with global team to ensure appropriately scoped assessments are performed; deliver findings in both English and Spanish.
  • Evaluate final assessment reports, define appropriate risk levels, taking into account local control environment (Low/Moderate/Notable, High), and develop implementable corrective actions.
  • Discuss findings with business lines, come to agreement on next steps, and formalize action plans in the system of record
  • Perform periodic outreach to service providers verifying mitigation steps for current treats and open action plans.
Transformation & Projects:
  • Understand business priorities, key initiatives, planned programs and aspirations; collaborate closely with cybersecurity leadership to ensure programs are aligned and communicated
  • Lead initiatives and deliverables within information security domain environments
  • Lead end to end delivery (design, development, testing, implementation, operation and maintenance) of new and existing Third Party and Information Security projects
  • Assist in identifying opportunities for automation through data analysis
  • Operational Efficiency
  • Support and promote automation of repetitive and complex data management tasks to improve efficiency across information security functional areas.
  • Extract, Transform, and Load (ETL) Data with a firm understanding of how to shape datasets using a mixed environment.
  • Design, maintain, and review KPI dashboards that monitor third party risk performance and drive continuous improvement.
Required Qualifications:
Minimum Requirements
  • 6+ years in information security or risk management roles, including 2+ years delivering security projects.
  • Bachelor’s degree in computer science, Information Security, Engineering, or equivalent work experience.
Technical Skills:
  • Vendor risk assessment frameworks (NIST CSF, ISO 27001, SIG).
  • Proficiency with security questionnaires (SIG, CAIQ).
  • Scripting – basic competency in PowerShell, Python, or equivalent.
  • ETL tools (SQL, Alteryx, Python pandas).
  • Languages Fluent written & spoken English and Spanish mandatory (French not required for this role).
  • Certifications (desired) CISSP, CISA, CRISC, or Certified Third-Party Risk Professional (CTPRP).
Soft Skills:
  • Strong written & verbal communication; ability to convey complex security concepts concisely in both languages; excellent stakeholder management; adaptability to shifting priorities; rigorous documentation habits.
  • Legally authorized to work in the Greater Montreal area (no sponsorship). Ability to work on site as an essential function of the role.
Preferred Qualifications:
  • Project management experience delivering IT products in a banking environment.
  • Prior audit experience (internal or external).
  • Additional language(s): Portuguese or French.
  • Experience with cloud service security (IaaS/PaaS SaaS) assessments.

About the Company

A

Axelon