Our culture lifts you up—there is no ego in the way. Our common purpose? We all want to win for our customers. We aim to always be evolving, dynamic, and ambitious. We believe in the power of genuine connections. Each employee is a part of what makes us unique on the market: agile and dedicated. Time Type: Regular Job Description : POSITION SUMMARY The Security Services Analyst will be a key contributor to the organization's Governance, Risk, and Compliance (GRC) function. The GRC Analyst will collaborate with Cybersecurity SMEs and the Risk Management Lead on broader risk assessments and will be responsible for conducting compliance self-assessments, such as those required for PCI DSS or cyber insurance, ultimately contributing to a robust security and compliance posture. KEY RESPONSIBILITIES Manage and execute Third-Party Risk Assessments (TPRA), including vendor categorization, security evaluation, evidence review, risk scoring, the development of mitigation recommendations, contract reviews and ongoing monitoring of vendor risks. Manage Data Loss Prevention (DLP) alerts, ensuring a thorough follow-up with stakeholders. Plan and deploy annual training, awareness and phishing campaigns. Manage GRC solutions and documentation, such as phishing, TPRM, Risk Register, etc. Review and update periodically security policies, standards and guidelines. Process security exception requests, ensuring thorough documentation, appropriate routing, tracking, timely resolution, and contributing to the development and enforcement of exception policies and standards. Coordinate the application approval process, ensuring adherence to security policies and standards, providing guidance to stakeholders on security requirements, and identifying and addressing potential risks associated with new applications. Collaborate with Cybersecurity SMEs and the Lead GRC Analyst to contribute to security risk assessments, including the identification of threats and vulnerabilities, the analysis of potential impact, and the recommendation of appropriate controls. Collaborate with Governance Lead to conduct compliance self-assessment activities related to frameworks such as PCI DSS, cyber insurance requirements, or other relevant regulations, ensuring accurate and timely completion. Contribute to the development, implementation, and maintenance of GRC-related documentation, including policies, standards, guidelines, procedures, and risk assessment templates, ensuring they are up-to-date and effectively communicated. Support Information Security team on projects when required. ACADEMIC TRAINING Bachelor's degree in Information Security, Business Administration, or a related field (or equivalent practical experience). Preferred certifications:, CISSP, CISM, or similar domain-specific certifications SPECIFIC COMPETENCIES Solid and demonstrable understanding of information security principles, risk management methodologies, and compliance frameworks. Experience participating in and contributing to security risk assessments, including identifying and analyzing risks. Familiarity with and experience in conducting or leading compliance self-assessment activities related to frameworks such as PCI DSS, Privacy laws, HIPAA, SOC 2, or others relevant to the organization. Strong analytical and problem-solving skills with a keen attention to detail. Excellent written and verbal communication skills, with the ability to effectively communicate risk and compliance concepts to various audiences. Location : Montréal, QC Company : Cogeco Communications Inc. At Cogeco, we know that different backgrounds, perspectives, and beliefs can bring critical value to our business. The strength of this diversity enhances our ability to imagine, innovate, and grow as a company. So, we are committed to doing everything in our power to create a more diverse and inclusive world of belonging. By creating a culture where all our colleagues can bring their best selves to work, we’re doing our part to build a more equitable workplace and world. From professional development to personal safety, Cogeco constantly strives to create an environment that welcomes and nurtures all. We make the health and well-being of our colleagues one of our highest priorities, for we know engaged and appreciated employees equate to a better overall experience for our customers. If you need any accommodations to apply or as part of the recruitment process, please contact us confidentially at inclusion@cogeco.com Rooted in the communities it serves, Cogeco Inc. is a growing competitive force in the North American telecommunications and media sectors, serving 1.6 million residential and business subscribers. Its Cogeco Communications subsidiary provides Internet, video and phone services in Canada, and in thirteen states in the United States under the Cogeco Connexion, oxio and Breezeline brand names. Through Cogeco Media, it owns and operates 21 radio stations primarily in the province of Québec as well as a news agency. Cogeco's subordinate voting shares are listed on the Toronto Stock Exchange (TSX: CGO). The subordinate voting shares of Cogeco Communications Inc. are also listed on the Toronto Stock Exchange (TSX: CCA).
