D2L

Information Security Compliance Analyst

D2L

contract

Posted on:

Origin:  • 🇨🇦 Canada

Visit company website
AI Apply
Manual Apply

Salary

💰 CA$80,000 - CA$100,000 per year

Job Level

Mid-LevelSenior

Tech Stack

CloudCyber Security

About the role

  • Being the Information Security Risk and Compliance Analyst at D2L, you are a key influencer and contributor to the refinement and delivery of D2L's security and compliance programs. You work to improve our security posture along with meaningful adoption and execution of operating controls and, in tandem, delivery on a certification strategy that enables business in new markets and sectors.
  • Assist in refining and delivering D2L's Security program and ensuring alignment of these to D2L's compliance program.
  • Promote a culture of security awareness through training and knowledge campaigns across the organization.
  • Improve D2L’s posture and transparency on security, privacy and compliance practices, both internally and externally
  • Perform security risk assessments pertaining to governance, people, data, software, hardware, and cloud infrastructure.
  • Perform alignment of risk mitigation strategies/plans to industry standards - ISO 27001/NIST SP 800-53R4/ PCI DSS etc.
  • Perform third party/vendor/partner security risk assessments.
  • Facilitate and manage external audits and conduct internal audits.
  • Provide security representation and responses for new deals and proposals.
  • Monitor and enforce data privacy policies in partnership with the D2L Legal team.

Requirements

  • A bachelor’s degree in Computer Science, Information Technology, Cybersecurity, or a related field is usually preferred
  • Minimum 4 years experience in the Information Security field required
  • Certifications: Preferred certifications for this role may include: CISSP, CISM, CISA, CompTIA Security+, CEH, GIAC Security Essentials (GSEC)
  • Experience performing security audits, Cloud Security risk assessments, and compliance evaluations to identify vulnerabilities and ensure compliance with policies and regulations
  • Experience using enterprise-grade governance risk and compliance (GRC) tools
  • Knowledge of vulnerability assessment tools and practices
  • You have experience performing audits, particularly in a public cloud & DevOps environment
  • You have experience building, managing and securing the large enterprise, web scale and serverless environments
  • You enjoy getting to the root of a problem and exploring all possible solutions
  • You have a passion for exploring modern technologies and patterns to maintain our customer\'s privacy and confidentiality and protect D2L\'s intellectual property
  • Knowledge of Security Frameworks and Standards: Familiarity with ISO 27001, ISO 27701, NIST 800-53R4, StateRAMP/FedRAMP, CSAE 3416/SSAE18; SOC1/2/3, NIST Cybersecurity Framework, GDPR, or PCI DSS is essential for ensuring compliance with relevant regulations and best practices.
  • Experience using enterprise-grade governance risk and compliance (GRC) tools.
  • You have experience performing audits, particularly in a public cloud & DevOps environment.