Information Security Compliance Analyst

The Information Security Compliance Analyst supports the Manager, Identify & Protect in the design, implementation, operation, and continuous improvement of the organization’s information security compliance program.

Requirements

• Support the development, maintenance, and implementation of information security policies, procedures, standards, and guidelines.
• Assist in monitoring and ensuring compliance with applicable data protection laws and regulations.
• Perform security compliance assessments, control testing, and evidence collection to identify gaps or deficiencies.
• Support internal and external audits by coordinating evidence requests, preparing documentation, and tracking remediation activities.
• Assist with risk assessments by identifying information security risks, documenting findings, and supporting mitigation efforts.
• Track, monitor, and report on information security compliance issues, corrective actions, and remediation progress.
• Maintain compliance documentation, registers, metrics, and dashboards to support reporting and governance needs.
• Collaborate with IT, Legal, Privacy, and business stakeholders to support consistent implementation of security and compliance requirements.
• Monitor regulatory changes and emerging security threats that may impact compliance obligations.
• Support training and awareness activities related to information security policies, standards, and compliance requirements.
• Help ensure third-party and contractual information security requirements are documented and supported through evidence collection and reviews.
• Participate in reviews to identify root causes of noncompliance and support development of corrective and preventive actions.
• Support monitoring, measurement, and reporting of the effectiveness and efficiency of information security controls.
• Promote information security and compliance practices as part of the organization’s culture.