Information Security Compliance Analyst (12 Month Contract)

D2L

  • Kitchener, ON
  • Contrat
  • Temps-plein
  • Il y a 6 jours
Job Summary:Being the Information Security Risk and Compliance Analyst at D2L, you are a key influencer and contributor to the refinement and delivery of D2L's security and compliance programs. You work to improve our security posture along with meaningful adoption and execution of operating controls and, in tandem, delivery on a certification strategy that enables business in new markets and sectors.How Will I Make an Impact?
  • Assist in refining and delivering D2L's Security program and ensuring alignment of these to D2L's compliance program.
  • Promote a culture of security awareness through training and knowledge campaigns across the organization.
  • Improve D2L's posture and transparency on security, privacy and compliance practices, both internally and externally
  • Perform security risk assessments pertaining to governance, people, data, software, hardware, and cloud infrastructure.
  • Perform alignment of risk mitigation strategies/plans to industry standards - ISO 27001/NIST SP 800-53R4/ PCI DSS etc.
  • Perform third party/vendor/partner security risk assessments.
  • Facilitate and manage external audits and conduct internal audits.
  • Provide security representation and responses for new deals and proposals.
  • Monitor and enforce data privacy policies in partnership with the D2L Legal team.
What you'll bring to the role:
  • In-depth knowledge of information security principles, practices, and technologies, including risk assessment, security controls, encryption, access controls, and incident response.
  • Understanding of relevant data protection and security regulations (e.g., GDPR, HIPAA, PCI DSS) and the ability to ensure the organization's adherence to these requirements.
  • Familiarity with various compliance frameworks, such as ISO 27001, NIST Cybersecurity Framework, and CIS Controls, and the ability to apply them to assess and improve security controls in a DevOps environment.
  • Proficiency in conducting security audits, Cloud Security risk assessments, and compliance evaluations to identify vulnerabilities and ensure compliance with policies and regulations.
  • Capability to develop and update security policies, standards, and procedures to align with industry best practices and regulatory requirements.
  • Competence in identifying, assessing, and prioritizing Cloud/Application/Infrastructure security risks and implementing risk management strategies.
  • The capability to evaluate complex security challenges, think critically, and make informed decisions.
Skills
  • A strong understanding of information security principles, best practices, standards (e.g., ISO 27001, NIST Cybersecurity Framework), and relevant regulations (e.g., GDPR, HIPAA).
  • Familiarity with compliance frameworks and risk assessment methodologies to identify, assess, and mitigate security risks within the organization.
  • Ability to conduct security assessments and audits to ensure compliance with internal policies and external regulations.
  • Strong analytical skills to evaluate security incidents, identify patterns, and recommend improvements to security controls and processes.
  • Knowledge of IT systems, networks, and infrastructure to understand potential security vulnerabilities and effectively assess security controls.
  • Understanding of data privacy regulations and best practices to protect sensitive information and ensure compliance with data protection laws.
  • Capability to develop and update security policies, standards, and procedures to align with industry best practices and regulatory requirements.
  • Knowledge of vulnerability assessment tools and practices to identify and address potential security weaknesses.
  • Ability to design and deliver security awareness and training programs for employees to promote a security-conscious culture.
  • Effective written and verbal communication skills to articulate security risks, compliance issues, and remediation plans to both technical and non-technical stakeholders.
  • Skills to manage security compliance projects, coordinate with teams, and ensure timely completion of tasks.
  • Collaboration and teamwork are crucial for working with various departments and stakeholders to achieve compliance objectives.
Suggested Qualifications
  • A bachelor's degree in Computer Science, Information Technology, Cybersecurity, or a related field is usually preferred
  • Minimum 4 years experience in the Information Security field required
  • Certifications: Preferred certifications for this role may include:
  • Certified Information Systems Security Professional (CISSP), Certified Information Security Manager (CISM), Certified Information Systems Auditor (CISA), CompTIA Security+, Certified Ethical Hacker (CEH), GIAC Security Essentials (GSEC)
  • Knowledge of Security Frameworks and Standards: Familiarity with information security frameworks and standards such as ISO 27001, ISO 27701, NIST 800-53R4, StateRAMP/FedRAMP, CSAE 3416/SSAE18; SOC1/2/3, NIST Cybersecurity Framework, GDPR, or PCI DSS is essential for ensuring compliance with relevant regulations and best practices.
  • Experience using enterprise-grade governance risk and compliance (GRC) tools.
  • You have experience performing audits, particularly in a public cloud & DevOps environment.
  • You enjoy getting to the root of a problem and exploring all possible solutions
  • You have experience building, managing and securing the large enterprise, web scale and serverless environments.
  • You have a passion for exploring modern technologies and patterns to maintain our customer's privacy and confidentiality and protect D2L's intellectual property.
Note: this is a fixed term contract for a duration of 12 months

D2L