Offer summary

Qualifications:

Bachelor's degree in Information Security, Computer Science, or related field., 3-5 years of experience in Information Security, focusing on GRC, PCI DSS, SOC 2, ISO 27001, and privacy regulations., Knowledge of global privacy laws such as CCPA, GDPR, PIPEDA, and LFPDPPP., Strong understanding of security frameworks, risk management, and compliance audits..

Key responsibilities:

Develop and enforce information security policies and controls.

Conduct security audits and assessments to ensure compliance with standards like PCI DSS, SOC 2, and ISO 27001.

Support the implementation of risk management and incident response processes.

Provide privacy and security training to promote a security-conscious culture.

Job description

We are seeking an enthusiastic Information Security Compliance and Risk Analyst ready to join a talented, hard-working, and ambitious Infosec team.

What you’ll do here

As a key contributor to our security and compliance initiatives, you will apply a deep understanding of risk management principles and a strong command of global privacy regulations.

You’ll bring hands-on experience in designing, implementing, and auditing comprehensive compliance programs aligned with leading industry standards, including PCI DSS, SOC 2, ISO 27001/27002, and the NIST Cybersecurity Framework.

In this role, you will work cross-functionally with internal stakeholders to enhance the organization’s security posture, ensure adherence to data protection requirements, and drive ongoing improvements in response to evolving regulatory and industry demands.

Responsibilities

Support the development, implementation, and enforcement of information security policies, standards, procedures, and controls to meet legal, regulatory, and contractual obligations.

Assist in evaluating the organization’s existing IT architecture against applicable security frameworks (e.g., NIST CSF, NIST 800-53) to ensure compliance and identify areas for enhancement.

Oversee and support the implementation of compliance controls and operational processes aligned with recognized security frameworks and best practices.

Plan and execute regular internal audits to ensure ongoing compliance with key security standards such as PCI DSS, SOC 2, and ISO/IEC 27001.

Enhance and maintain a comprehensive Risk Management and Incident Response framework to ensure effective identification, mitigation, and response to security threats.

Conduct audits and assessments to validate adherence to data protection policies and ensure alignment with global privacy and data protection regulations.

Design and deliver privacy and security training programs, including awareness campaigns to foster a security-conscious culture across the organization.

Monitor regulatory developments and maintain compliance with evolving privacy laws, including but not limited to CCPA, GDPR, PIPEDA (Canada), and LFPDPPP (Mexico).

Experience We’re Looking For

Bachelor's degree in Information Security, Computer Science, or a related field.

Minimum of 3-5 years of experience in Information Security, with a focus on GRC, PCI DSS, SOC 2, ISO 27001, and privacy regulations.

Knowledge in privacy regulations and data protection laws in the USA (e.g., CCPA, Texas Act), Canada (e.g., PIPEDA), and Mexico (e.g., LFPDPPP).

Experience with risk management practices, security audits, and compliance frameworks, including but not limited to NIST, OWASP, SANS, ISO-27001/2, and Cloud Security Alliance.

Strong attention to detail and the ability to work independently.

Excellent problem-solving skills with a proactive attitude toward risk mitigation.

Strong ethical standards and commitment to data security and privacy.

Nice to have

General knowledge of cloud environments.

Experience working with Governance Risk and Compliance technologies.

Experience implementing Data Privacy Technologies.

Certifications such as CISA, ITIL Expert, Certified Governance Risk and Compliance (CGRC)

Required profile