Security Analyst

• Governance, Risk, and Compliance (GRC)
  • Develop, implement, and maintain GRC policies, procedures, and controls aligned with regulatory requirements (SOC2, ISO27001, GDPR, CCPA, etc.).
  • Lead or assist with security and privacy audits, ensuring compliance with industry standards.
  • Perform risk assessments to identify, evaluate, and mitigate risks across the organization.
  • Work closely with various departments to ensure proper implementation of controls and to manage security risks.
  • Maintain and update the GRC management system to track compliance efforts, manage risks, and report progress to senior leadership.
  • Prepare and assist in security and privacy-related questionnaires and vendor risk assessments.
  • Stay up-to-date with regulatory changes and industry best practices to ensure the organization remains compliant.
• Incident Response and Security Operations:
  • Support the security team in responding to security incidents, including investigation, containment, and remediation of incidents.
  • Monitor and analyze security events from various systems and tools (SIEM, IDS/IPS, firewalls) to detect suspicious activity.
  • Conduct post-incident analysis to determine root cause and implement preventive measures.
  • Develop and improve incident response playbooks and processes to ensure efficient and timely handling of security incidents.
  • Assist with vulnerability assessments and penetration testing efforts, working with internal and external teams to prioritize remediation.
• Security Awareness and Education:
  • Develop and deliver training programs to educate staff on security and privacy best practices, including data protection and incident handling.
  • Conduct regular phishing simulations and social engineering tests to ensure employee readiness.
• Documentation and Reporting:
  • Create and maintain accurate documentation for all GRC initiatives, incident response procedures, and remediation efforts.
  • Prepare detailed reports for senior management on the state of security, including compliance gaps, risk profiles, and incidents.
  • Provide clear and concise updates on ongoing risk assessments, audits, and security metrics.
• Collaboration:
  • Work cross-functionally with IT, legal, and business units to ensure proper alignment on GRC and security measures.
  • Collaborate with external auditors, regulators, and clients to demonstrate compliance and resolve any findings.

What we're looking for ... 

• Bachelor's degree in Information Security, Computer Science, or a related field (or equivalent experience).
• 2-5 years of experience in a similar role, focusing on GRC, privacy, or security operations.
• Experience with compliance frameworks such as SOC2, ISO27001, NIST, GDPR & CyberEssentials.
• Familiarity with incident response processes, security controls, and risk management.
• Hands-on experience with security tools and platforms, such as SIEM, vulnerability management tools, and compliance management software.
• Certifications such as CISSP, CISA, CISM, or equivalent would be an asset.
• Knowledge of data privacy regulations, including GDPR, CCPA, etc.
• Strong analytical and problem-solving skills, with the ability to manage multiple tasks simultaneously.
• Excellent communication skills, both written and verbal.

The compensation for this role offers a range from $72,805 - $103,305 CAD. The final offer will be determined based on the candidate's experience and expertise, as assessed during the interview process.