At Cotality, we are driven by a single mission—to make the property industry faster, smarter, and more people-centric. Cotality is the trusted source for property intelligence, with unmatched precision, depth, breadth, and insights across the entire ecosystem. Our talented team of 5,000 employees globally uses our network, scale, connectivity and technology to drive the largest asset class in the world. Join us as we work toward our vision of fueling a thriving global property ecosystem and a more resilient society.
Cotality is committed to cultivating a diverse and inclusive work culture that inspires innovation and bold thinking; it's a place where you can collaborate, feel valued, develop skills and directly impact the real estate economy. We know our people are our greatest asset. At Cotality, you can be yourself, lift people up and make an impact. By putting clients first and continuously innovating, we're working together to set the pace for unlocking new possibilities that better serve the property industry.
Job Description:
Lieu : Hybride*, Montréal, Québec (*Vous devez être en mesure de vous déplacer au bureau de Montréal pour des rencontres en personne lorsque demandé.)
Relève de : Directeur principal, Sécurité de l'information
À propos du rôle
Nous recherchons un analyste en sécurité de l’information pour rejoindre la fonction de sécurité et de conformité d’une organisation de développement de logiciels de premier plan opérant dans un secteur hautement réglementé. Ce rôle est conçu comme un point d'entrée vers un parcours de leadership à long terme. Grâce à une formation structurée et à une exposition aux cadres de conformité, à la réponse aux incidents et à la gouvernance des fournisseurs, vous acquerrez les compétences et l'expérience nécessaires pour évoluer vers des postes de direction en sécurité.
Vous commencerez par des responsabilités concrètes en matière de gouvernance, de risque, de conformité et d'opérations techniques, tout en développant votre sens des affaires et vos compétences en communication interfonctionnelle. Ce rôle exige à la fois des capacités techniques et l'ambition d'évoluer pour devenir un conseiller de confiance auprès des dirigeants des secteurs affaires et technologies.
VOS RESPONSABILITÉS
Opérations GRC (Gouvernance, Risque et Conformité)
- Aider au maintien des contrôles de conformité et de la documentation basés sur les cadres ISO 27001, ISO 27017, ISO 27034, ISO 22301 et NIST.
- Participer aux audits internes et externes pour l'obtention de certifications.
- Réaliser des auto-évaluations et remplir des questionnaires pour les parties prenantes.
- Évaluer et suivre les risques liés aux fournisseurs, en soutenant la diligence raisonnable et la gouvernance.
- Maintenir les métriques et les rapports destinés à éclairer la prise de décision de la direction.
Opérations de sécurité
- Participer à la modélisation des menaces et aux évaluations des risques techniques.
- Maintenir les guides opérationnels, les registres d'incidents et la documentation technique de sécurité.
- Suivre les changements technologiques et soutenir la gouvernance de la gestion du changement.
- Contribuer à la détection, à la classification et à la coordination de la réponse aux incidents.
- Aider aux enquêtes et à la documentation des incidents de sécurité.
- Participer aux tests de continuité des affaires et de plans de relève informatique (DRP).
- Contribuer au maintien des indicateurs de sécurité sur Hyperproof.
Gestion des identités et des accès
- Réviser et documenter les droits d'accès des utilisateurs, en soutenant l'application du principe du moindre privilège.
- Aider aux audits d'accès périodiques et à la gestion du cycle de vie des utilisateurs.
Inventaire des actifs
- Maintenir les inventaires des appareils, des applications et des comptes.
- Suivre les changements technologiques et soutenir la gouvernance de la gestion du changement.
---------------------------------------------------------------------------------------------------------------------
Location: Hybrid*, Montreal, Quebec (*You must be able to be located close enough to Montreal to meet in person at the office when requested.)
Reports to: Senior Principal, Information Security
About the Role
We are seeking an Information Security Analyst to join the security and compliance function of a leading software development organization operating in a highly regulated industry. This role is designed as an entry point into a long-term leadership track. With structured training and exposure to compliance frameworks, incident response, and vendor governance, you will gain the skills and experience needed to grow into future senior security leadership.
You will begin with hands-on responsibilities across governance, risk, compliance, and technical operations, while also building business acumen and cross-functional communication skills. This role requires both technical capability and the ambition to evolve into a trusted advisor for business and technology executives.
WHAT YOU’LL BE DOINGGRC Operations- Assist in maintaining compliance controls and documentation based on ISO 27001, ISO 27017, ISO 27034, ISO 22301 and NIST frameworks.
- Participate in internal and external audits for certification.
- Performs self-assessments and completes questionnaire for stakeholders.
- Assess and track vendor risks, supporting due diligence and governance.
- Maintain metrics and reporting that inform executive decision-making.
- Participates in threat modeling and technical risk assessments.
- Maintains runbooks, incident registries, and technical security documentation.
- Track technology changes and support change management governance.
- Contribute to incident detection, classification and response coordination.
- Assist in investigations and documentation of security incidents.
- Participate in business continuity and DRP testing.
- Contribute to maintaining security metrics on Hyperproof.
- Review and document user access rights, supporting least-privilege enforcement.
- Assist with periodic access audits and user lifecycle management.
- Maintain inventories of devices, applications, and accounts.
- Track technology changes and support change management governance.
Job Qualifications:
CE QUE NOUS RECHERCHONS
Formation
- Baccalauréat en génie informatique, informatique ou dans un domaine connexe.
- Des études de cycles supérieurs en sécurité de l'information, en administration des affaires ou en science des données sont un atout.
Certifications (privilégiées ou volonté de les obtenir)
- CompTIA Security+, (ISC)² SSCP, ou certification d'entrée de gamme équivalente.
- Formation de responsable de la mise en œuvre (Lead Implementer) ou auditeur principal (Lead Auditor) ISO 27001.
- Certifications en sécurité infonuagique (ex: CCSK, AWS Certified Security).
- Intérêt professionnel à long terme pour l'obtention du CISSP, CISM ou un MBA pour le volet leadership.
Compétences techniques et professionnelles
- Familiarité avec les cadres ISO, NIST et autres référentiels de sécurité, avec une compréhension de leur application dans les industries réglementées.
- Connaissance des principes de gestion des risques et de gouvernance de la sécurité, y compris l'évaluation des risques, la sélection des contrôles et le reporting.
- Solide base en réseautage, bases de données et pratiques de développement sécurisé, avec une exposition au SaaS, à la sécurité infonuagique et aux technologies émergentes (une expérience en IA est un atout).
- Excellentes capacités d'organisation, d'analyse et de résolution de problèmes, avec une aptitude à prioriser les tâches et à assurer le suivi.
- Excellentes compétences en communication et en collaboration, capable de transmettre clairement des concepts de sécurité à des interlocuteurs techniques et non techniques.
- Intégrité, responsabilité et professionnalisme dans le traitement de dossiers sensibles.
- Curiosité et volonté d'apprendre continuellement, avec l'ambition d'évoluer vers un leadership de niveau exécutif (parcours CISO/RSSI).
https://cotalitybenefits.com/CAN/DefaultFR.aspx
Les qualifications, le lieu de résidence du candidat et l'expérience de la personne sélectionnée peuvent influencer la rémunération finale offerte.
----------------------------------------------------------------------------------------------------------------------
WHAT WE’RE LOOKING FOREducation
- Bachelor’s degree in computer engineering, Computer Science, or a related field.
- Graduate-level studies in information security, business administration, or data science are an asset.
Certifications (preferred, or willingness to obtain
- CompTIA Security+, (ISC)² SSCP, or equivalent entry-level certification.
- ISO 27001 Lead Implementer/Lead Auditor training.
- Cloud security certifications (e.g., CCSK, AWS Certified Security).
- Long-term career interest in CISSP, CISM, or MBA for leadership track
Technical & Professional Skills
- Familiarity with ISO, NIST, and related security frameworks, with an understanding of their application in regulated industries.
- Knowledge of risk management and security governance principles, including risk assessment, control selection, and reporting.
- Strong foundation in networking, databases, and secure development practices, with exposure to SaaS, cloud security, and emerging technologies (AI experience is an asset).
- Strong organizational, analytical, and problem-solving skills, with the ability to prioritize and follow through.
- Excellent communication and collaboration skills, able to convey security concepts clearly to technical and non-technical stakeholders.
- Integrity, accountability, and professionalism in handling sensitive matters.
- Curiosity and drive to continuously learn, with the ambition to grow toward executive-level security leadership (CISO track).
Additional benefits can be found here: https://cotalitybenefits.com/CAN/DefaultFR.aspx
Qualifications, location of candidate and experience of the individual ultimately selected for the position may impact the final actual offered compensation, which may vary from this range.
Annual Pay Range
89,100 - 120,000 CADThrive with Cotality
At Cotality, we offer more than just a job, we provide a benefits experience designed to support your whole self. From a flexible working model to competitive time off and standout health coverage with meaningful perks and growth opportunities, our package is built to help you thrive at work and in life.
Highlights include:
- Time off: Generous vacation accrual and 11 paid holidays, plus well-being and volunteer time off.
- Family Support: Up to 16 weeks of fully paid parental leave and a baby stipend.
- Health: Extended Healthcare and Dental plan with mental health and wellness support offerings.
- Retirement: Registered Retirement Savings Plan (RRSP) with company match.
- Financial Perks: $500 annual well-being stipend
- Extras: Recognition Rewards, Referral bonuses, exclusive discounts and more!
- Click here to see a comprehensive list of our benefit offerings.
Cotality's Diversity Commitment:
Cotality is fully committed to employing a diverse workforce and creating an inclusive work environment that embraces everyone’s unique contributions, experiences and values. We offer an empowered work environment that encourages creativity, initiative and professional growth and provides a competitive salary and benefits package. We are better together when we support and recognize our differences.
Equal Opportunity Employer Statement:
Cotality is an Equal Opportunity employer committed to attracting and retaining the best-qualified people available, without regard to race, ancestry, place of origin, colour, ethnic origin, citizenship, creed, sex, sexual orientation, record of offences, age, marital status, family status or disability. Cotality maintains a Drug-Free Workplace.
Please apply on our website for consideration.
Privacy Policy
Global Applicant Privacy Policy
By providing your telephone number, you agree to receive automated (SMS) text messages at that number from Cotality regarding all matters related to your application and, if you are hired, your employment and company business. Message & data rates may apply. You can opt out at any time by responding STOP or UNSUBSCRIBING and will automatically be opted out company-wide.
Connect with us on social media! Click on the quicklinks below to find out more about our company and associates
Top Skills
What We Do
With boundless passion and commitment, our 5,000+ team members share a singular focus: to help millions of people find, buy, and protect the homes they love. As a leading provider of gold standard data, analytics and platforms, CoreLogic enables real estate professionals, financial institutions, insurance carriers, government agencies and other housing market participants to help people make their dream of homeownership a reality.
.png)
