NTT DATA strives to hire exceptional, innovative and passionate individuals who want to grow with us. If you want to be part of an inclusive, adaptable, and forward-thinking organization, apply now.

We are currently seeking a Security Risk Assessment Analyst to join our team in Montreal, Quebec (CA-QC), Canada (CA).

Job Responsibilities Include:

• Contacting system owners/vendors for assigned systems to gather relevant background material about the system/application and setting up interviews for information gathering.
• Conducting remote/in-person interviews with system owners/vendors to get all the required information for assessment and to identify any gaps.
• Reviewing system-related material including specifications, diagrams, requirements, and test plans to ensure security-related standards are followed.
• Reviewing results with system owners/vendors and Senior Security Architecture Analysts, as needed. - Conducting security assessments using available documentation.
• Creating comprehensive security architecture assessment reports that clearly identify root-cause and remediation strategies.
• Developing and establishing global security standards and processes.
• Evaluating new and emerging products and technologies while making recommendations concerning the introduction of new technologies

• 3+ years of experience in Security Architecture Assessment.
• Bachelor's degree in Information Systems Security or Computer Science

• Minimum of one professional certification amongst CISSP, SSCP, and CISM with good standing will be an added advantage.
• Excellent verbal and written communications skills, including presentations to clients and senior technical resources.
• Ability to manage expectations and handle high-pressure situations with tight deadlines.
• Experience in an information security (application and/or infrastructure) role in an enterprise environment.
• Ability to explain common application vulnerabilities and remediation strategies to developers.
• Ability to explain technology risks; including XSS, CSRF, Injection attacks introduced by application vulnerabilities to a system's Business Owner.
• Ability to quickly adapt to changing priorities and demands.
• Excellent security knowledge (access control) of one or more applicable security technologies or platforms including SSO (Single Sign-On) technologies like SAML2.0 and Kerberos.
• Excellent knowledge of information security processes, response procedures, and various attack methods used for information theft or network intrusion.
• Excellent analytical and problem-solving skills.
• Excellent knowledge of network technologies as they pertain to communications, computer system environments, and related infrastructures.
• Excellent research ability and knowledge update on the security trends and attacks, following OWASP top 10 security understanding.