Information Security & Governance Analyst

Your Next Opportunity

Would you like to be a part of Canada’s leading and progressive Business Law firm?

McMillan has an exciting opportunity as an Information Security & Governance Analyst based in Toronto. You will be part of a team managing the Firm’s Information Security program in accordance with risk and client security requirements.

McMillan LLP is proud to be recognized as one of only two law firms selected for this year’s prestigious Canada’s Top 100 Employers 2024 list by MediaCorp Inc., as announced in the Globe and Mail. McMillan has been recognized for its inclusive HR practices, including comprehensive employee support programs for parents, a culture that values diversity and inclusion, and career development opportunities for women, with 71% of managers at McMillan being women. These initiatives are part of the firm’s broader strategy to ensure a supportive and engaging work environment, which has been instrumental in attracting and retaining top legal talent. By fostering a supportive workplace culture, McMillan serves clients with excellence and responsiveness, delivering the real-time solutions they need to stay ahead.

What You'll Do

As a national business law firm, we are often asked by our clients to review Information Security requirements and respond to security assessments. You will be involved in a wide range of activities, including:

• Support the Risk Management team and the IT team in reviewing, managing and tracking clients’ information security, technical and notification requirements.
• Prepare responses for client questionnaires and assessments. Support external audits, risk assessments, and gap analysis, including coordinating internal teams, answering questions, and providing evidence to demonstrate compliance with client requirements and industry standards.
• Organize and maintain the client interaction library, including requirements, requests, responses, associated artifacts, and action items.
• Manage internal compliance initiatives, including policy review, gap analysis, access rights audit, ISO internal audit, and collaborate with internal teams on security control implementations.
• Develop and maintain policies, standards, guidelines, and procedures that meet compliance requirements and effectively respond to and mitigate security risks. Support the development and testing of Business Continuity Plan and Disaster Recovery Plan.
• Manage the Third-Party Risk Management program; maintain and enhance vendor and service provider inventories; collect, monitor, and flag risk artifacts.
• Prepare periodic reports on trends and compliance. Continuously monitor and evaluate the effectiveness of internal security controls, and make improvements that adapt to evolving security threats and compliance requirements.
• Assist in the development and implementation of the annual Privacy and Information Security training, internal phishing campaigns, and the Change Advisory Board meetings, where all technology changes are presented and discussed.
• Perform other duties as assigned based on the ongoing evolution of the Information Security program.
  
  

While good written and verbal communication skills are essential for this role, it does not require hands-on technical experience. We welcome candidates who are building their career and looking to get a broad experience working on various security, risk and compliance topics.

What You Bring

The ideal candidate will have a University Degree or equivalent work experience in Information Security, Technology, Technical Writing or Training, Operational Risk Management, Compliance, Supplier Risk Management, Privacy, Business Continuity or Technology Audit areas. Experience working in the legal services industry, or a consulting firm is an asset.

• You have a good understanding of Information Security controls, governance principles, and standards/frameworks such as NIST CSF or ISO 27001.
• You have strong written and oral communication skills. Experience responding to audits, RFPs and regulatory/supplier/outsourcer/subcontractor assessments, or managing SOC2 or PCI compliance assessments is an asset.
• You are able to prioritize and work effectively under pressure.
• You are comfortable working both independently and in a team-oriented, collaborative environment.
• You demonstrate good critical thinking, analytical, and problem-solving skills.
• Industry certification such as CISSP, CISA, CISM, CRISC, is an asset.
  
  

McMillan Offers You

Growth

Mentorship and Support

Training as Software Evolves

Commensurate Compensation And Benefits Package

Fun Work Environment

McMillan = You

At the heart of our commitment to being a first-mover on important issues, McMillan believes that equity, diversity and inclusion are catalysts for success. By embracing our differences, we create an inclusive culture that enriches our collective knowledge, broadens our perspectives, and propels us forward. We are dedicated to fostering an environment where everyone feels empowered to bring their whole selves to work, knowing it is through our individual experiences that we can all come together to truly make a positive impact in our firm, for our clients, within our communities, and beyond.

At McMillan, we know we will achieve the most success by attracting and retaining the best talent, and by representing and supporting communities from which we draw our members, the communities in which we live and work and the communities to which we provide legal services.

We are a law firm that prides itself in sustained quality and excellence in service while fostering a positive and collegial work environment which nurtures mentoring inspires enthusiasm and professional excellence. We commit to putting our best efforts forward in achieving our goals, and the goals of our clients. You can help us in that journey!

Need another reason to consider McMillan? Let’s work together to help you achieve your professional goals and career development.

Let’s get started

If this position is for you, and you reside in or around the Toronto area, we look forward to hearing from you. We like cover letters too so don’t forget to include one along with your resume when you click on the Apply Now button.

McMillan is committed to providing accommodation for applicants with disabilities in its recruitment processes. If you require accommodation at any time during the recruitment process, please email us or contact us at 1.888.622.4624 to submit your accommodation request.

McMillan LLP is committed to fostering a culture of inclusion and diversity. We respect and embrace the unique backgrounds, perspectives and experiences of individuals at all levels of the firm. This enables us to provide innovative client service, contribute fully to our communities and advance our firm’s values.