We are looking for an Information Security Advisor to complete its Trust and Compliance team.. The Information Security Advisor will be involved in the continuous improvement of the company’s security and privacy compliance posture through taking an active part in security and privacy-related audits, assessments, certifications and compliance initiatives. This includes helping ensure the company’s SaaS offerings meet and operate according to security and privacy company policies, customer commitments, contractual, legal and regulatory requirements, as well as adopted security and privacy-related frameworks (e.g. ISO 27001, SOC 2, HIPAA, etc.). Working with R&D and Operations teams, the Information Security Advisor will ensure that the required administrative, technical and physical controls are identified, documented, implemented, maintained and periodically tested to ensure they operate effectively and efficiently across multiple product lines. Additionally, as a subject-matter expert, the Information Security Advisor will support the sales process by responding to customer due diligence inquiries, addressing security questions and concerns about the company’s products and services.
Responsibilities:
• Actively partake in compliance and certification initiatives by defining, implementing and documenting required controls as well as monitoring and reporting on their continuous operating effectiveness
• Develop, monitor and report on action plans for identified security and compliance issues
• Act as liaison with external auditors, assessors and customers on ongoing compliance and audit initiatives
• Support the sales process by working with business analysts, pre-sales engineers and technical account managers in responding to customer security, privacy and compliance questions
• Collaborate with product management, product owners, R&D, operations and project teams on the definition and implementation of security, privacy and compliance controls for our products and services
• Advise technical teams on implementation of controls to meet security best practices
• Support R&D and Operations teams in the identification and correction of any vulnerabilities or security issues identified in our products and services
• Participate in the development, review and implementation of various security policies, standards, guidelines and processes
• Contribute to risk management and vendor risk management processes
Requirements:
• Bachelor’s degree in Information Systems, Computer Science, Information security or equivalent
• Minimum of 5 years of cumulated hands-on security, audit and compliance experience
• Professional certifications in the security, risk management and audit areas highly desirable: CISSP, CRISC, CISM, CISA, etc.
• Ability to understand and translate business needs and compliance requirements into actionable technical and administrative controls
• Keen attention to detail
• Excellent communication & documentation skills
• Strong command of the English language
• Demonstrated initiative
• Ability to plan and deliver on commitment
• Strong problem-solving and decision-making skills
Preferred skills:
• Field experience in security and/or privacy audits and/or compliance initiatives
• Experience in regulated industries
• Experience with information security frameworks such as SOC 2, ISO 27001 NIST 800-53, NIST CSF
• Familiarity with GDPR, FedRAMP, HIPAA, PIPEDA and other security and privacy-related laws, regulations and frameworks.
• Experience in a SaaS environment