Information Security Compliance Analyst (12 Month Contract)
Information Security Compliance Analyst (12 Month Contract)
Posted on :
01-09-2025
Employer Active
1 Vacancy
Job Alert
You will be updated with latest job alerts via emailValid email field required
Send jobs
Share
Send me jobs like this
Job Alert
You will be updated with latest job alerts via emailValid email field required
Send jobs
Job Description
Job Summary:
Being the Information Security Risk and Compliance Analyst at D2L you are a key influencer and contributor to the refinement and delivery of D2Ls security and compliance programs. You work to improve our security posture along with meaningful adoption and execution of operating controls and in tandem delivery on a certification strategy that enables business in new markets and sectors.
How Will I Make an Impact
- Assist in refining and delivering D2Ls Security program and ensuring alignment of these to D2Ls compliance program.
- Promote a culture of security awareness through training and knowledge campaigns across the organization.
- Improve D2Ls posture and transparency on security privacy and compliance practices both internally and externally
- Perform security risk assessments pertaining to governance people data software hardware and cloud infrastructure.
- Perform alignment of risk mitigation strategies/plans to industry standards - ISO 27001/NIST SP 800-53R4/ PCI DSS etc.
- Perform third party/vendor/partner security risk assessments.
- Facilitate and manage external audits and conduct internal audits.
- Provide security representation and responses for new deals and proposals.
- Monitor and enforce data privacy policies in partnership with the D2L Legal team.
What youll bring to the role:
- In-depth knowledge of information security principles practices and technologies including risk assessment security controls encryption access controls and incident response.
- Understanding of relevant data protection and security regulations (e.g. GDPR HIPAA PCI DSS) and the ability to ensure the organizations adherence to these requirements.
- Familiarity with various compliance frameworks such as ISO 27001 NIST Cybersecurity Framework and CIS Controls and the ability to apply them to assess and improve security controls in a DevOps environment.
- Proficiency in conducting security audits Cloud Security risk assessments and compliance evaluations to identify vulnerabilities and ensure compliance with policies and regulations.
- Capability to develop and update security policies standards and procedures to align with industry best practices and regulatory requirements.
- Competence in identifying assessing and prioritizing Cloud/Application/Infrastructure security risks and implementing risk management strategies.
- The capability to evaluate complex security challenges think critically and make informed decisions.
Skills
- A strong understanding of information security principles best practices standards (e.g. ISO 27001 NIST Cybersecurity Framework) and relevant regulations (e.g. GDPR HIPAA).
- Familiarity with compliance frameworks and risk assessment methodologies to identify assess and mitigate security risks within the organization.
- Ability to conduct security assessments and audits to ensure compliance with internal policies and external regulations.
- Strong analytical skills to evaluate security incidents identify patterns and recommend improvements to security controls and processes.
- Knowledge of IT systems networks and infrastructure to understand potential security vulnerabilities and effectively assess security controls.
- Understanding of data privacy regulations and best practices to protect sensitive information and ensure compliance with data protection laws.
- Capability to develop and update security policies standards and procedures to align with industry best practices and regulatory requirements.
- Knowledge of vulnerability assessment tools and practices to identify and address potential security weaknesses.
- Ability to design and deliver security awareness and training programs for employees to promote a security-conscious culture.
- Effective written and verbal communication skills to articulate security risks compliance issues and remediation plans to both technical and non-technical stakeholders.
- Skills to manage security compliance projects coordinate with teams and ensure timely completion of tasks.
- Collaboration and teamwork are crucial for working with various departments and stakeholders to achieve compliance objectives.
Suggested Qualifications
- A bachelors degree in Computer Science Information Technology Cybersecurity or a related field is usually preferred
- Minimum 4 years experience in the Information Security field required
- Certifications: Preferred certifications for this role may include:
- Certified Information Systems Security Professional (CISSP) Certified Information Security Manager (CISM) Certified Information Systems Auditor (CISA) CompTIA Security Certified Ethical Hacker (CEH) GIAC Security Essentials (GSEC)
- Knowledge of Security Frameworks and Standards: Familiarity with information security frameworks and standards such as ISO 27001 ISO 27701 NIST 800-53R4 StateRAMP/FedRAMP CSAE 3416/SSAE18; SOC1/2/3 NIST Cybersecurity Framework GDPR or PCI DSS is essential for ensuring compliance with relevant regulations and best practices.
- Experience using enterprise-grade governance risk and compliance (GRC) tools.
- You have experience performing audits particularly in a public cloud & DevOps environment.
- You enjoy getting to the root of a problem and exploring all possible solutions
- You have experience building managing and securing the large enterprise web scale and serverless environments.
- You have a passion for exploring modern technologies and patterns to maintain our customers privacy and confidentiality and protect D2Ls intellectual property.
Note: this is a fixed term contract for a duration of 12 months
Required Experience:
IC
Employment Type
Contract
Key Skills
Report This Job
Disclaimer: Drjobpro.com is only a platform that connects job seekers and employers. Applicants are advised to conduct their own independent research into the credentials of the prospective employer.We always make certain that our clients do not endorse any request for money payments, thus we advise against sharing any personal or bank-related information with any third party. If you suspect fraud or malpractice, please contact us via contact us page.
