Information Security Compliance Analyst

Information Security Compliance Analyst

People Management: No

Travel Required: No

Location: Markham, Ontario, Canada

Join our Team:

DecisivEdge is a Company of talented consultants dedicated to identifying and addressing our Customer’s most pressing opportunities. We have offices in three geographies, Newark, Delaware, United States, Markham, Ontario Canada, and Magarpatta, Pune, India. Our capabilities include optimizing operational business processes, application development, data management, analytics, and business intelligence which we leverage to enable digital transformations in financial services and healthcare. Our Company has developed and commercialized several solutions in a variety of industries including financial services, healthcare, and marine management.

We are looking for an Information Security Compliance Analyst. A team member who is interested in and will take pride in evolving the Company’s culture of providing a great experience to our employees across our three geographic locations, and a secure, scalable, and reliable service to our clients. A contributor who will be a part of our solutions.

This role is based in our Markham, Ontario offices conveniently located near Highways 404 and 407. We are focused on team participation and commit to working a Full-Time schedule in our Markham office.

The Information Security Compliance Analyst will be part of a professional, friendly, and fun-loving team that prioritizes its corporate culture focused on four foundational core values:

• Put Integrity First
• Execute Flawlessly
• Be Passionate
• Think “We” not “Me”

Who We Need:

The Information Security Compliance Analyst provides guidance on the company’s policies, procedures, and risk tolerance. They will be responsible for maturing, administering, and implementing security practices across the organization to maintain a stable and secure environment to support business activities. Additionally, they will validate proper implementation and compliance with controls and interface with all third-party audits and due diligence requests such as vendor reviews and industry certifications. Using risk-based thought leadership to define security and resource investments supported by appropriate controls to manage technology investment, information security, and cybersecurity risks.

What You’ll Do:

Develops and executes the Company’s Information Security strategies

• Monitors and tests information and cybersecurity controls; uses metrics and information to provide assurance of adherence to policies, procedures, and standards.
• Lead the company response to technology or industry alerts and emerging risks that may have an impact on security while maintaining vigilance through routine information security-related exercises.
• Provides guidance and expertise for information and data protection, including participation in new initiatives/projects, third-party/vendor assessments, disaster recovery, and business continuity planning.
• Facilitates regulatory and other external examinations relating to information security and cybersecurity validations such as SOC or ISO audits.
• Monitors and ensures DecisivEdge technology and operational processes remain in compliance with regulatory guidance, laws, and regulations.
• Identifies, analyzes, and implements changes to the Company’s policies, procedures, standards, and guidelines.
• Ensures risk assessments are conducted to evaluate information and cybersecurity risk relating to the operating effectiveness of controls/mitigations
• Ensures an effective information security training program to promote and communicate awareness throughout the entire organization.
• Lead efforts and communicate with leadership in the event of information security breaches/incidents

Delivers client billable consultancy services

• Demonstrates subject area expertise and commitment to client success.
• Develops an understanding of client requirements and uses a logical thought process to develop cutting-edge solutions.

What You’ll Need:

• CISA, CISM, CRISC or equivalent certification preferred
• Working knowledge of SOC and HIPPA objectives and deliverables
• Experience with carrying out Corrective Action Preventive Action plans
• Experience conducting risk assessment and risk mitigation reviews.
• Strong technical foundation across various Operating Systems (Windows/Linux)
• Experience evaluating and defining privacy controls within software applications with respect to GDPR, CCPA, and other emerging state regulations
• Requires solid knowledge of laws and regulations relating to information security within both the Banking and Healthcare industries.
• Technical understanding of Identity and Access Management, Endpoint Security, Network Security, and Vulnerability Management.
• Hands-on experience implementing security frameworks and implementing policies and standards based on NIST, ISO, CIS, or ISACA derivative works.
• Technical understanding of risks caused by cloud technology and services consumption to business operations.

What We Offer:

• Health, dental, and vision coverage
• Paid professional development
• Recognition programs
• Paid life insurance and long-term disability coverage
• Participation in Company sponsored charitable causes
• Open-door policy
• Empowered Company culture
• A competitive compensation package
• Diverse team makeup