Want to join one of Canada’s Top Employers for Young People and a firm that is proud to be named one of Canada’s Best Diversity Employers?
This is an opportunity for you to join the world’s largest law firm, a firm that offers opportunities to build your career while growing your skills and deepening your expertise.
We have an immediate opportunity for a Compliance Analyst to join our team!
Reporting to the North America Information Security Manager, the compliance analyst will coordinate and support governance and security efforts in collaboration with other key stakeholders in the business. This position will help identify and operationalize risk management initiatives and standards that need to be applied to the operating environment. Key functional areas of the position include initiatives governing the Firm’s client and administrative data / information in accordance with ethical, legal and contractual requirements.
• Review client Information Security requirements, questionnaires and assessments and prepare responses.
• Organize and maintain the client interaction library, including requests, final responses and associated artifacts.
• Maintain a control matrix, mapping NIST/ISO controls frameworks and client requirements.
• Help develop, maintain, evaluate and implement policies and procedures in line with both business requirements and national and international legislative changes, (i.e. ISO 27001/22301, HIPAA processes and procedures.).
• Maintain an inventory of improvement opportunities and action items; prepare periodic reports on trends and compliance.
• Maintain governance inventories such as client security notification requirements.
• Review and track ad-hoc client notifications and requests related to Information Security (e.g. vulnerability notifications, ad-hoc control validation requests)
• Collaborate with the Risk Management and IT teams on implementation of security controls required by clients, such as access restrictions.
• Assist with Third-Party Risk Management program; enhance vendor and cloud service provider inventories, collect risk artifacts such as SOC2 reports.
• Assist with general Information Security program improvements (e.g. awareness communication, projects and enhancements to policies and procedures).
• Other duties as assigned based on the ongoing evolution of the Information Security program.
Experience & Qualifications:
• Minimum of 5 years’ experience in an Information Security role.
• Understanding of Information Security controls, governance principles and standards/frameworks such as NIST CSF or ISO 27001
• Strong written and oral communication skills. Experience responding to audits, RFPs and regulatory/supplier/outsourcer/subcontractor assessments is an asset.
• Ability to prioritize and work effectively under pressure
• Ability to work both independently and in a team-oriented, collaborative environment
• Demonstrate good critical thinking, analytical, and problem-solving skills
• Knowledge of cross-border regulations, such as GDPR and EU data Privacy rules are a plus
• Understanding of the compliance, legal and ethical obligations that organisations should have with respect to logical and physical security, personally identifiable information and data protection
• Industry certification such as CISSP, CISA, CISM, CRISC, is an asset.
*We thank all applicants who apply, only candidates selected for an interview will be contacted.
Equal Opportunity Statement