The Security Analyst is responsible for GRC policies, incident response, and security operations to maintain compliance and mitigate risks.
Xello is looking for a Security Analyst
Who are you?
Who are you?
You are a dedicated security professional who thrives in environments where Governance, Risk, and Compliance (GRC) intersect with hands-on security operations. You excel at developing and implementing robust policies and procedures aligned with industry standards such as SOC2, ISO27001, and GDPR. Your proactive approach to risk assessment, incident response, and collaboration ensures that your organization remains compliant, resilient, and ahead of emerging threats.
You possess a strong understanding of regulatory requirements and privacy frameworks, and you stay current with industry best practices. You’re not just knowledgeable about compliance and security tools (SIEMs, IDS/IPS, vulnerability management platforms); you’re adept at using them to identify, assess, and mitigate risks. You’re skilled in creating actionable strategies for security awareness, educating your peers, and ensuring that everyone in the organization has the knowledge to uphold strong security practices.
With a proven track record in incident response, you are calm under pressure, methodical in analyzing threats, and decisive in implementing remediation plans. Your ability to work cross-functionally with IT, legal, and business units, coupled with your excellent communication skills, ensures that stakeholders are aligned on security and GRC goals.
Above all, you are committed to fostering a culture of security and compliance, viewing them not as checkboxes but as opportunities to strengthen the organization. Your work contributes to building trust with clients, external auditors, and regulators, ensuring the organization’s long-term success in a rapidly evolving digital landscape.What you'll do ...
You possess a strong understanding of regulatory requirements and privacy frameworks, and you stay current with industry best practices. You’re not just knowledgeable about compliance and security tools (SIEMs, IDS/IPS, vulnerability management platforms); you’re adept at using them to identify, assess, and mitigate risks. You’re skilled in creating actionable strategies for security awareness, educating your peers, and ensuring that everyone in the organization has the knowledge to uphold strong security practices.
With a proven track record in incident response, you are calm under pressure, methodical in analyzing threats, and decisive in implementing remediation plans. Your ability to work cross-functionally with IT, legal, and business units, coupled with your excellent communication skills, ensures that stakeholders are aligned on security and GRC goals.
Above all, you are committed to fostering a culture of security and compliance, viewing them not as checkboxes but as opportunities to strengthen the organization. Your work contributes to building trust with clients, external auditors, and regulators, ensuring the organization’s long-term success in a rapidly evolving digital landscape.What you'll do ...
- Governance, Risk, and Compliance (GRC)
- Develop, implement, and maintain GRC policies, procedures, and controls aligned with regulatory requirements (SOC2, ISO27001, GDPR, CCPA, etc.).
- Lead or assist with security and privacy audits, ensuring compliance with industry standards.
- Perform risk assessments to identify, evaluate, and mitigate risks across the organization.
- Work closely with various departments to ensure proper implementation of controls and to manage security risks.
- Maintain and update the GRC management system to track compliance efforts, manage risks, and report progress to senior leadership.
- Prepare and assist in security and privacy-related questionnaires and vendor risk assessments.
- Stay up-to-date with regulatory changes and industry best practices to ensure the organization remains compliant.
- Incident Response and Security Operations:
- Support the security team in responding to security incidents, including investigation, containment, and remediation of incidents.
- Monitor and analyze security events from various systems and tools (SIEM, IDS/IPS, firewalls) to detect suspicious activity.
- Conduct post-incident analysis to determine root cause and implement preventive measures.
- Develop and improve incident response playbooks and processes to ensure efficient and timely handling of security incidents.
- Assist with vulnerability assessments and penetration testing efforts, working with internal and external teams to prioritize remediation.
- Security Awareness and Education:
- Develop and deliver training programs to educate staff on security and privacy best practices, including data protection and incident handling.
- Conduct regular phishing simulations and social engineering tests to ensure employee readiness.
- Documentation and Reporting:
- Create and maintain accurate documentation for all GRC initiatives, incident response procedures, and remediation efforts.
- Prepare detailed reports for senior management on the state of security, including compliance gaps, risk profiles, and incidents.
- Provide clear and concise updates on ongoing risk assessments, audits, and security metrics.
- Collaboration:
- Work cross-functionally with IT, legal, and business units to ensure proper alignment on GRC and security measures.
- Collaborate with external auditors, regulators, and clients to demonstrate compliance and resolve any findings.
- Bachelor's degree in Information Security, Computer Science, or a related field (or equivalent experience).
- 2-5 years of experience in a similar role, focusing on GRC, privacy, or security operations.
- Experience with compliance frameworks such as SOC2, ISO27001, NIST, GDPR & CyberEssentials.
- Familiarity with incident response processes, security controls, and risk management.
- Hands-on experience with security tools and platforms, such as SIEM, vulnerability management tools, and compliance management software.
- Certifications such as CISSP, CISA, CISM, or equivalent would be an asset.
- Knowledge of data privacy regulations, including GDPR, CCPA, etc.
- Strong analytical and problem-solving skills, with the ability to manage multiple tasks simultaneously.
- Excellent communication skills, both written and verbal.
The compensation for this role offers a range from $72,805 - $103,305 CAD. The final offer will be determined based on the candidate's experience and expertise, as assessed during the interview process.
Top Skills
Ccpa
Gdpr
Ids/Ips
Iso27001
Nist
SIEM
Soc2
Vulnerability Management Platforms
Similar Jobs
_0.png)
Productivity • Software • Conversational AI
Responsible for enhancing security enablement across Twilio by implementing Security Champions Program and collaborating with teams to improve security practices.
Top Skills:
CybersecurityInformation Security
Big Data • Fintech • Mobile • Payments • Financial Services
Responsible for leading programs and coordinating teams at Affirm to improve business processes using data-driven strategies and metrics.
Top Skills:
SQL
Big Data • Fintech • Mobile • Payments • Financial Services
Lead the Product Management team for Customer Servicing, focusing on improving consumer interactions through research, AI, and streamlined workflows.
Top Skills:
AIAutomationData AnalysisSoftware
What you need to know about the Ottawa Tech Scene
The capital city of Canada and the nation's fourth-largest urban area, Ottawa has proven a rapidly growing global tech hub. With over 1,800 tech companies, many of which are leaders in their sectors, the city's tech talent now makes up more than 13 percent of its total workforce. This growth is driven not only by the big players like UL Solutions and Dropbox, but also by a thriving startup ecosystem, as new businesses emerge to follow in the footsteps of those that came before them.
