Information Security Compliance Analyst
Pivotree
Toronto, Ontario
3d ago

Description

Information Security Compliance Analyst

Role : Information Security Compliance Analyst

Reporting to : VP of Security and Compliance

Introduction :

Pivotree architects, builds, hosts and manages a wide range of commerce experiences for well-known domestic and global brands.

Customers turn to Pivotree as their trusted partner when they want to grow revenue, increase online and in-store traffic, improve customer experience, grow a loyal customer base, achieve operational efficiencies, and higher profits.

Pivotree is a privately-held and venture backed company with an aggressive growth objective including strategic acquisitions.

2018 was a transformational year for Pivotree with the combination of three existing businesses in this sector : Tenzing, ThinkWrap and Spark : Red.

Our combined team is made up of a diverse blend of engineers, solution architects, programmers, UI developers, project managers and analysts who work together to create and manage next-generation commerce excellence.

We hold ourselves to the very highest standards and our employees take great pride in our accomplishments.

Position Summary :

We are currently seeking an Information Security Compliance Analyst to join our growing team. The Information Security Compliance Analyst will be responsible for helping to maintain and administer information security policies, standards, procedures, and associated controls, and for supporting internal and external audits, assessment of policies and controls, and risk identification and analysis.

The Information Security Compliance Analyst will participate in on-call rotation and after hours work as necessary.

Roles &Responsibilities :

  • Perform activities to help measure and monitor compliance with company policies, standards, and procedures
  • Risk Management
  • Plan and perform recurring security control assessments across company departments, business units and operational locations
  • Facilitate customer and auditor / assessor requests and information gathering for audit activities and provide support for onsite audits.
  • Support security compliance initiatives and assessments including responses to client security organization audits, questionnaires
  • Assist with successful completion of vendor risk assessment activities
  • Contribute in enhancing our GRC tool and processes to meet compliance business needs
  • Support daily work for Pivotree’s risk program, such as : Intake, triage, and analysis of risksPartner with risk owners to create and achieve risk treatment plansEnsure completeness and accuracy of the Risk RegisterDrive risk acceptancesManage JIRA backlog for risk items
  • KEY SKILLS & COMPETENCIES :

  • 2-3 years increasing responsibilities in IT risk management, information security or compliance related field
  • Knowledge of IT risk assessment methodologies and frameworks such as NIST 800-30r1 and ISO 31000
  • Knowledge of IT security and compliance standards including PCI, ISO 27001 / 27002, and SOC1 / SOC2
  • Prior experience with GRC applications
  • Ability to interpret information security data and processes to identify potential risks
  • Ability to work within a globally distributed organization
  • Excellent time management skills including the ability to prepare, organize priorities independently, and complete work plans
  • Excellent verbal and written communication skills, including the ability to prepare documentation, policies, and build consensus across a broad group
  • Ability to clearly and effectively communicate risks, information security and compliance matters to executives, auditors, and end users
  • CISA, CRISC or other relevant professional certification preferred
  • Apply
    My Email
    By clicking on "Continue", I give neuvoo consent to process my data and to send me email alerts, as detailed in neuvoo's Privacy Policy . I may withdraw my consent or unsubscribe at any time.
    Continue
    Application form