The purpose of this role is to establish and maintain governance and compliance practices, as well as develop policies, standards, processes and metrics to comply with business and regulatory requirements.In this role you will:-Report to the CEO.-Lead and achieve the SOC2 type I and type II certification.-Report to and advise the senior management on all aspects related to information security.-Participate in the controls and security procedures.-Ensure information security policies, standards, and procedures are and remain up-to-date-Support the implementation of controls and perform periodic audits to ensure that activity is appropriate.-Ensure the full implementation of exagens information security policies and their respect by the employees and contractors.-Initiate and perform periodic information security risk assessment/analysis, mitigation and remediation.-Initiate, facilitate, and promote activities to foster information security awareness within the company.-Evaluate security threats, risks and vulnerabilities and apply tools to mitigate risk as necessary.-Manage security incidents and events.-Act as the main point of contact for all information security related questions and issues (internally and with our clients).-Provide guidance and proactively work with Technology, Operations, and Business to ensure security controls are integrated.-Maintain current knowledge of certification requirements and accreditation standards.

Product support and management support (around 60% of the time)-Ensure general compliance with policies, standards, norms and laws by providing advice and recommendations to the software solution team on the development and integration of best practices meeting security requirements; -Participate in the process of integrating security into the product development cycle; assess the security posture of our products and propose solutions;-Facilitate interactions between product teams, development teams and security specialists; -Participate in the integration of provisions ensuring compliance with information security requirements in service agreements and contracts;-Manage, Coach and develop a team of 7 IT security experts.Information security management plan and compliance (approximately 20% of the time) -Ensure the definition, implementation and organization of the information security management framework using tactical and operational strategies;-Ensure compliance of SaaS products and hosting with the SOC2 standard;-Manage security audits by being responsible for preparation activities, being the first responder to security auditors and being responsible for readjustment and monitoring activities of action plans following audits;-Advise management, the CIO and the executive committee on strategic directions for the governance of information systems;-Analyze the feasibility of security projects and ensure their achievements;-Present business cases, create project plans, organize kick-offs;Administrative activities (approximately 20% of the time)-Manage third party vendors and identify areas where third parties are needed to lead new security initiatives and perform contract and vendor follow-ups;-Develop administrative policies and procedures;-Ensure the planning of the organization's needs for equipment, furniture and supplies and ensure the acquisition, maintenance and replacement of IT equipment.

Summary function:The CISO is responsible for the strategic IT security direction. The CISO works in an international context (Canada, United States, Hong Kong and United Kingdom).Strategic planning- Reporting to the VP IS / IT in terms of security- Serve on committees of security within the company- Establish and maintain sustainable governance structures for oversight, development and implementation of IT security strategies, policies, standards and procedures- Identify and define projects required to maintain and improve security posture. Develop and present required documentation including business cases with cost/benefit, proposals, project charters, project milestones and estimates for timeframes, budget and resources- Lead efforts to define and implement the vision, strategies and goals for the governance, security, risk management and compliance framework and activities- Serve as interface between the IT and their main customers in security: Clients, Legal, HR, CEO, CFOManagement and Risk Management- Management and administration of enterprise-wide IT security functions-Manage 1 staff directly, indirectly 30 IT, Dev & operations- Coordinate the disaster recovery and business continuity plans for IT systems and ensure business risks are addressed- Provide leadership, direction and guidance in assessing and evaluating information security risks and monitor compliance with security standards and appropriate policies- Audit and provide comprehensive risk assessments- Work with Internal Audit and outside consultants as appropriate on required security assessments and audits- Keep abreast of security incidents and act as primary control point during significant information security incidentsControl- Review quarterly profiles of users for all systems with CEO.- Annual review of security policies of the company.- Implementation and compliance controlsTraining:- Create education and awareness programs

Security Project and Quality Assurance- Participate in the development and ensure compliance with policies, guidelines and security procedures- Participate in audits (security, compliance and intrusions) and coordinate the implementation of action plans- Participate in various projects related to information security- Monitor the patches related to operational security - Ensure to have in place programs, systems and processes required for quality management- Ongoing management and improvement of the quality system of the company- Setting up and ensuring compliance with policies, standards, procedures and security of Information

Solarwinds projectSolarWinds offers IT professionals a suite of software management devices, systems and applications that depend on and connect to the corporate network - the failure and performance configuration, to application performance and IP address management. TheUsers can view real-time statistics and availability of their environment computer from any Web browser.- Develop and implement security policy- Using best practices (ISO 27001, 27002, 27005, COBIT)- Installation and implementation of the laying down and solutions solarwinds (Orion Network Performance Monitor, Orion Network Configuration Manager and Orion modules)- Management and procedure for the security- Planning and specifications- Test of the product- Recipe & DeliveryProject Foundstone (MVM Mc Afee)McAfee Vulnerability Manager provides a clear picture, instant and complete vulnerability of allassets in your network- Develop and implement security policy- Using best practices (ISO 27001, 27002, 27005, COBIT)- Audit and Correction based on a scale of priorities- Proof of invulnerability- Identification and correlation of new threats- Audit strategies and conformity assessment- Options generation flexible reporting- Management and procedure for the security- Planning and specifications- Test of the product- Recipe & Delivery

Mandate: Government of Quebec CSPQMy mandate is to establish and ensure the smooth progress of several projects:RSA SecurID projectThe two-factor authentication with RSA SecurID ® is based on the combination of an immutable identifier you know (password or PIN) and a physical device (or authenticator). This systemguarantees an authentication more reliable than reusable passwords user level.- Develop and implement security policy- Using best practices (ISO 27001, 27002, 27005, COBIT)- Procedure for the management and security (NIST)- Authentication- Access Control- Management of credentials- Data loss Prevention - Fraud Prevention- Encryption and Key Management- Security Information and Event Management (SIEM)- Planning and specifications- Recipe & DeliveryUAG / IAG projectMicrosoft Forefront offers a complete line of security products and identity to help you grow your business safely, and reduce costs. By integrating them into your existing IT infrastructure and their deployment and easy administration to achieve these products provide greater protection and better control of your business.- Design and deploy remote access solutions with Forefront Unified Access Gateway2010 (UAG).- Develop and deploy web access, remote access and protection solutions mails with TMG (Threat Management Gateway 2010)- Procedure for the management and security- Access Control - Planning and specifications- Test of the product- Recipe & Delivery

Mandate: Government of Quebec CSPQ (Shared Services Centre of Quebec)- Administrator of the system infrastructure- AD Administrator- Security Management- Procedure for security- Secure FileTransfer - Managing exchanges file- Application Integration- Monitoring and control - Operation in client mode or server- Automation and Planning- Security (SSL / TLS)- Reliability and Performance- Multi platform, multi-network and multi-protocol- Server and router file- Homogeneous Managing exchanges between multiple partners (FTP, HTTP, HTTPS, SMTP/POP3, Ssh-FTP, OFTP PeSIT)- Administration, Control and Surveillance- applications and business data flow- Protection of the corporate network- Secure access and data Concept - Encryption of files- Integration with PKIs

- Write the security policies (control of access `)- Manage server administration (AD, Exchange 2007, Windows file servers 2003, etc.);- Manage the IT equipment (network, desktop, IP phones);- written, produces, validates security testing, test cases to outcomes;- Participate in the development of technical regulations and design standards;- Develop, edits, modifies and documents moderately complex analyzes raise accordance with the specifications of the architecture;- Work with networks such as Ethernet and elements of infrastructure that up;- Provided assistance and consultancy on security best practices for all IT projects.

- Ensure `s administration of all Windows 2003 network (Active Directory, Backup servers Symantec, Checkpoint, Double Take, Exchange, Business Object, Swift, SMTP Relay Server Security, Intranet BM, Novabank, MACSS, BLACKBERRY);- Auditing for IT department- Budget - Ensure the proper functioning of all Windows 2003 servers, routers and switches (support levels 2-3);- Ensure technology management applications and computer security;- Lead the planning and implementation of security solutions to customer needs- configure and validate secure systems, and test products and security systems to identify gaps in security.- Ensure the authorization management and access (email, Internet, Blackberry);- Participate in the implementation of the architecture;- Ensure the implementation of the room Data Recovery;- Ensure the support and training of users of banking (Office, Windows XP, specialized software);- Perform the configuration, installation and support of machines;- Manage the IT equipment (network, desktop and mobile);- Ensure the implementation of amenities agencies;- Participate in Agency projects, Fingerprint, Penetration test, Checkpoint;- Participate in the migration project from Exchange 2003 to 2007 (using the achievement records architecture, participation in the establishment of the target infrastructure, achievement of migration of 350 mailboxes, setting up the Exchange Notes with the proceeds Double Take).- Project Agency (Establishment of all branches of the bank)