Information Security Compliance Analyst

**Information Security Compliance Analyst**

**People Management**: No

**Travel Required**: Occasional

**Location**: Markham, Ontario, Canada

**Join our Team**:
We are looking for an Information Security Compliance Analyst. A team member who is interested in and will take pride in evolving the Company’s culture of providing a great experience to our employees across our three geographic locations, and a secure, scalable, and reliable service to our clients. A contributor who will be a part of our solutions.

This role is based in our Markham, Ontario offices on sunny, green Allstate Parkway. We are conveniently located near Highway 404, with a direct connection to the Don Valley Parkway (DVP). The communities of Richmond Hill, Aurora, Newmarket, Scarborough, and north Toronto are located very close to our offices. We are focused on team participation and commit to working a Full-Time schedule in our Markham office.

The **Information Security Compliance Analyst** will be part of a professional, friendly, and fun-loving team that prioritizes its corporate culture focused on four foundational core values:

- Put Integrity First
- Think “We” not “Me”
- Be Passionate
- Execute Flawlessly

**Who We Need**:
The Information Security Compliance Analyst provides guidance on the company’s policies, procedures, and risk tolerance. They will be responsible for maturing, administering, and implementing security practices across the organization to maintain a stable, secure environment to support business activities. Additionally, they will validate proper implementation and compliance with controls and interface with all third-party audits and due diligence requests such as vendor reviews and industry certifications. Using risk-based thought leadership to define security and resource investments supported by appropriate controls to manage technology investment, information security, and cybersecurity risks.

**What You’ll Do**:
**Develops and executes the Company’s Information Security strategies**
- Assesses and analyzes vulnerabilities by identifying potential security risks in the DecisivEdge environment.
- Ensures risk assessments are conducted to evaluate information and cybersecurity risk relating to the operating effectiveness of controls/mitigations
- Monitors and ensures DecisivEdge technology and operational processes remain in compliance with regulatory guidance, laws, and regulations.
- Monitors and tests information and cybersecurity controls; uses metrics and information to provide assurance of adherence to policies, procedures, and standards.
- Provides guidance and expertise for information and data protection, including participation on new initiatives/projects, third party/vendor assessments, disaster recovery and business continuity planning.
- Lead efforts and communicate with leadership in the event of an information security breaches/incidents
- Lead the company response to technology or industry alerts and emerging risks that may have an impact on security while maintaining vigilance through routine information security-related exercises.
- Identifies, analyzes, and implements changes to the Company’s policies, procedures, standards, and guidelines.
- Ensures an effective information security training program to promote and communicate awareness throughout the entire organization.
- Facilitates regulatory and other external examinations relating to information security and cybersecurity validations such as SOC or ISO audits.

**Delivers client billable consultancy services**
- Develops an understanding of client requirements and uses a logical thought process to develop cutting edge solutions.

**What You’ll Need**:

- CISA, CISM, CRISC or equivalent certification preferred
- Working knowledge of SOC and HIPPA objectives and deliverables
- Requires solid knowledge of laws and regulations relating to information security within both the Banking and Healthcare industries.
- Hands-on experience implementing security frameworks and implementing policies and standards based on NIST, ISO, CIS, or ISACA derivative works.
- Experience with carrying out Corrective Action Preventive Action plans
- Experience conducting risk assessment and risk mitigation reviews.
- Technical understanding of Identity and Access Management, Endpoint Security, Network Security, and Vulnerability Management.
- Technical understanding of risks caused by cloud technology and services consumption to business operations.
- Strong technical foundation across various Operating Systems (Windows/Linux)

**What We Offer**:

- A competitive compensation package
- Health, dental, and vision coverage
- Paid life insurance and long-term disability coverage
- Empowered Company culture
- Paid professional development
- Recognition programs
- Open-door policy
- Diverse team makeup
- Participation in Company sponsored charitable causes