Information Security Analyst

Location

Hybrid

• Montreal, Quebec

Reports to

Principal, Senior Information Security

• You must be able to be located close enough to Montreal to meet in person at the office when requested.

About the Role

We are seeking an Information Security Analyst to join the security and compliance function of a leading software development organization operating in a highly regulated industry. This role is designed as an entry point into a long-term leadership track. With structured training and exposure to compliance frameworks, incident response, and vendor governance, you will gain the skills and experience needed to grow into future senior security leadership.

You will begin with hands-on responsibilities across governance, risk, compliance, and technical operations, while also building business acumen and cross-functional communication skills. This role requires both technical capability and the ambition to evolve into a trusted advisor for business and technology executives.

Onboarding

Training Period (6 months)

Contract with Ceiba Law, including mentorship, structured training, and exposure to the client's regulated environment.

Performance Development

Monthly reviews focused on both technical mastery and leadership potential.

Transition

Upon successful completion and client approval, transition to full-time employment with Cotality, with a career track toward security leadership.

WHAT YOU'LL BE DOING

GRC Operations

• Assist in maintaining compliance controls and documentation based on ISO 27001, ISO 27017, ISO 27034, ISO 22301 and NIST frameworks.
• Participate in internal and external audits for certification.
• Perform self-assessments and complete questionnaires for stakeholders.
• Assess and track vendor risks, supporting due diligence and governance.
• Maintain metrics and reporting that inform executive decision-making.

Security Operations

• Participate in threat modeling and technical risk assessments.
• Maintain runbooks, incident registries, and technical security documentation.
• Track technology changes and support change management governance.
• Contribute to incident detection, classification and response coordination.
• Assist in investigations and documentation of security incidents.
• Participate in business continuity and DRP testing.
• Contribute to maintaining security metrics on Hyperproof.

Access & Identity Management

• Review and document user access rights, supporting least-privilege enforcement.
• Assist with periodic access audits and user lifecycle management.

Asset Inventory

• Maintain inventories of devices, applications, and accounts.
• Track technology changes and support change management governance.

WHAT WE'RE LOOKING FOR

Education

• Bachelor's degree in computer engineering, Computer Science, or a related field.
• Graduate-level studies in information security, business administration, or data science are an asset.

Certifications (preferred, or willingness to obtain)

• CompTIA Security+, (ISC)² SSCP, or equivalent entry-level certification.
• ISO 27001 Lead Implementer / Lead Auditor training.
• Cloud security certifications (e.g., CCSK, AWS Certified Security).
• Long-term career interest in CISSP, CISM, or MBA for leadership track.

Technical & Professional Skills

• Familiarity with ISO, NIST, and related security frameworks, with an understanding of their application in regulated industries.
• Knowledge of risk management and security governance principles, including risk assessment, control selection, and reporting.
• Strong foundation in networking, databases, and secure development practices, with exposure to SaaS, cloud security, and emerging technologies (AI experience is an asset).
• Strong organizational, analytical, and problem-solving skills, with the ability to prioritize and follow through.
• Excellent communication and collaboration skills, able to convey security concepts clearly to technical and non-technical stakeholders.
• Integrity, accountability, and professionalism in handling sensitive matters.
• Curiosity and drive to continuously learn, with the ambition to grow toward executive-level security leadership (CISO track).

Details

• Start Date: October 2025
• Compensation: Up to CAD $100,000, depending on experience.
• Background Check Required — Includes criminal, credit, and financial checks (required by client).