Information Security Compliance Analyst
People Management: No
Travel Required: No
Location: Markham, Ontario, Canada
Join our Team:
DecisivEdge is a Company of talented consultants dedicated to identifying and addressing our Customer’s most pressing opportunities. We have offices in three geographies, Newark, Delaware, United States, Markham, Ontario Canada, and Magarpatta, Pune, India. Our capabilities include optimizing operational business processes, application development, data management, analytics, and business intelligence which we leverage to enable digital transformations in financial services and healthcare. Our Company has developed and commercialized several solutions in a variety of industries including financial services, healthcare, and marine management.
We are looking for an Information Security Compliance Analyst. A team member who is interested in and will take pride in evolving the Company’s culture of providing a great experience to our employees across our three geographic locations, and a secure, scalable, and reliable service to our clients. A contributor who will be a part of our solutions.
This role is based in our Markham, Ontario offices conveniently located near Highways 404 and 407. We are focused on team participation and commit to working a Full-Time schedule in our Markham office.
The Information Security Compliance Analyst will be part of a professional, friendly, and fun-loving team that prioritizes its corporate culture focused on four foundational core values:
- Put Integrity First
- Think “We” not “Me”
- Be Passionate
- Execute Flawlessly
Who We Need:
The Information Security Compliance Analyst provides guidance on the company’s policies, procedures, and risk tolerance. They will be responsible for maturing, administering, and implementing security practices across the organization to maintain a stable and secure environment to support business activities. Additionally, they will validate proper implementation and compliance with controls and interface with all third-party audits and due diligence requests such as vendor reviews and industry certifications. Using risk-based thought leadership to define security and resource investments supported by appropriate controls to manage technology investment, information security, and cybersecurity risks.
What You’ll Do:
Develops and executes the Company’s Information Security strategies
- Ensures risk assessments are conducted to evaluate information and cybersecurity risk relating to the operating effectiveness of controls/mitigations
- Monitors and ensures DecisivEdge technology and operational processes remain in compliance with regulatory guidance, laws, and regulations.
- Monitors and tests information and cybersecurity controls; uses metrics and information to provide assurance of adherence to policies, procedures, and standards.
- Provides guidance and expertise for information and data protection, including participation in new initiatives/projects, third-party/vendor assessments, disaster recovery, and business continuity planning.
- Lead efforts and communicate with leadership in the event of information security breaches/incidents
- Lead the company response to technology or industry alerts and emerging risks that may have an impact on security while maintaining vigilance through routine information security-related exercises.
- Identifies, analyzes, and implements changes to the Company’s policies, procedures, standards, and guidelines.
- Ensures an effective information security training program to promote and communicate awareness throughout the entire organization.
- Facilitates regulatory and other external examinations relating to information security and cybersecurity validations such as SOC or ISO audits.
Delivers client billable consultancy services
- Demonstrates subject area expertise and commitment to client success.
- Develops an understanding of client requirements and uses a logical thought process to develop cutting-edge solutions.
What You’ll Need:
- CISA, CISM, CRISC or equivalent certification preferred
- Working knowledge of SOC and HIPAA objectives and deliverables
- Experience evaluating and defining privacy controls within software applications with respect to GDPR, CCPA, and other emerging state regulations
- Requires solid knowledge of laws and regulations relating to information security within both the Banking and Healthcare industries.
- Hands-on experience implementing security frameworks and implementing policies and standards based on NIST, ISO, CIS, or ISACA derivative works.
- Experience with carrying out Corrective Action Preventive Action plans
- Experience conducting risk assessment and risk mitigation reviews.
- Technical understanding of Identity and Access Management, Endpoint Security, Network Security, and Vulnerability Management.
- Technical understanding of risks caused by cloud technology and services consumption to business operations.
- Strong technical foundation across various Operating Systems (Windows/Linux)
What We Offer:
- A competitive compensation package
- Health, dental, and vision coverage
- Paid life insurance and long-term disability coverage
- Empowered Company culture
- Paid professional development
- Recognition programs
- Open-door policy
- Diverse team makeup
- Participation in Company sponsored charitable causes