AQIII - Quebec Association of IT Freelancers

Member profile

Claude L'Arrivée

Business name:
Services de consultation Minerva consulting services

Nov. 1, 2018
Analyst / Advisor
Experience year(s):
Change Management Consultant, Business Analyst, Process Analyst, Quality Assurance Analyst / Test, Systems Analyst, Security Analyst, Business Continuity Planning (BCP) Consultant, Implementation Consultant, Infrastructure Consultant, Methodology Consultant, Telecommunications / Networks Consultant, Telephony Consultant, Strategic Consultant
Experience year(s):
Business Architect, Enterprise Architect, Network Architect, Security Architect, Information Systems Architect, Technology Architect
Project management / PCO
Experience year(s):
Management - Project, Management - Project Coordinator, Management - Program Director, Management - Project Manager, Management - IT Director, Management - Project Management Office (PMO)
Other expertise
Experience year(s):
General Practitioner

Claude L’Arrivée possesses more than 30 years of combined working experience and academic credentials in the information technology industry, with a CISSP, CISA, CRISC and ITIL(F) certifications and extensive experience in the areas of information security governance, policies and controls, security architecture, risk management, compliance and security audit, and project management.

He is looking for the opportunity to contribute to the cyber security needs of your organization in a Senior role by defining and implementing a security governance, formulating security strategies, designing security enterprise framework and architecture, and performing security audit and risk assessments in-line with your industry and best practices.

Mr. L’Arrivée’s impressive list of both private and public clientele speaks volumes regarding his credibility. He possesses a tried and tested ability to take on a senior role in information security while considering and executing business process transformation to generate focused, accountable, measurable and profitable security initiatives that are of the highest caliber.

His expertise and experience includes but is not limited to:

o Governance, frameworks and standards: Cloud Capability Matrix (CCM), ISO (27001, 27002, 27011, 9001), COBIT, NIST SP 800-53, SOX, PCI-DSS v3.x, HIPAA, NERC-CIP v.3 and v.5, System/Software Development Life Cycle (SDLC), ITIL, ISO 20000 (ITSM), WLA.
o Performing critical Information security tasks such as:
• Cloud security: Risk management, threat and risk assessment, and audit in compliance with security requirements.
• Business Continuity / Disaster Recovery planning: ISO 22301 / BS 25999.
• Risk Management conducted in accordance with: ISO 27005 (ISMS) and 31000, NIST SP-800-30, OWASP risk rating methodology, COSO, Government of Canada Harmonized TRA methodology, and statistical risk models.
• Compliance and IT Audit, Certification & Accreditation (C&A) conducted in accordance with: SOC I and II/Type I and II, SSAE16 and ISAE 3402 reports and audits, CMMI, ISO 27004, 27007 (ISMS), ISO 15504.
• Developing and delivering Information security awareness and training programs.
o Enterprise security architecture:
• TOGAF and SABSA architecture frameworks and methodologies.
• Multi-tier application security: Understand how to secure all layers of an n-tier application. This includes applications incorporating Web services and Thin Client infrastructure/architecture.
• Platforms: Knowledge of primary operating systems (Windows, Linux, Unix), the configuration and management of these platforms at an enterprise scale, the security risks associated with these platforms, and how to mitigate those risks.
• Network security:
➢ Understand the standard network model and the risks present at each layer, the functions of network equipment such as switches, routers, firewalls, proxies, and load-balancers, and network architecture.
➢ OSI and TCP-IP network architectural models complemented with workplace experience in troubleshooting different layers of the models.
o Incident management: develop security incident response plans and processes to address security incidents or violations effectively, system monitoring, incident prevention, detection, response, recovery, and restoration.
o SME: Security-related topics such as cloud computing, mobility, vendor management, authentication mechanisms, data privacy-protection-validation checking, encryption, hashing, principles of least privilege and segregation of duties, software attack methodologies, physical and environmental security, social engineering, awareness and training, etc.
o Administrative and managerial duties, financial resources management.

Abitibi-Témiscamingue, Other - International, Other - Rest of Canada (ROC), Other - Telework, Bas-Saint-Laurent, Centre-du-Québec, Chaudière-Appalaches, Côte-Nord, Estrie, Gaspésie–Îles-de-la-Madeleine, Lanaudière, Laurentians, Laval, Mauricie, Montérégie, Montreal - Downtown, Montreal - East, Montreal - North, Montreal - West, Nord-du-Québec, Outaouais - Gatineau, Quebec - North Shore, South Shore of Montreal, Saguenay-Lac-Saint-Jean