IT Security and Compliance Specialist

The Opportunity

The IT Security and Compliance Specialist is an integral member of the IT team, responsible for developing, implementing, and managing security policies, procedures, and compliance programs. This role ensures the protection of digital assets, adherence to regulatory requirements, and effective risk mitigation in relation to information security. The Specialist reports directly to the Director of Information Technology.

Position Description

1. Compliance Management: Monitor and ensure compliance with industry regulations, standards, and legal requirements related to information security and data privacy. Stay informed on regulatory changes and update organizational policies and practices accordingly.
2. Policy Development and Implementation: Develop, review, and implement comprehensive IT security policies, procedures, and guidelines to safeguard the organization’s information systems. Ensure all security measures align with relevant laws and best practices.
3. Risk Assessment and Mitigation: Perform regular risk assessments and vulnerability analyses to identify potential security threats and risks to information assets. Implement strategies and security measures to effectively mitigate identified risks. Coordinate security audits, vulnerability assessments, and penetration testing to detect system weaknesses. Collaborate with internal and external stakeholders to address and close security gaps.
4. Security Incident Response: Maintain and update an incident response plan to effectively handle security breaches and emergencies. Investigate security incidents, determine their impact, and implement necessary corrective actions. Keep detailed records of security incidents, investigations, and resolution efforts. Provide senior management with comprehensive reports on security status, incidents, and compliance.
5. Security Awareness and Training: Develop and deliver security awareness programs to educate employees on security policies, best practices, and emerging threats. Foster a security-conscious culture within the organization to ensure staff adherence to security protocols.
6. Access Control and Monitoring: Establish and manage access control mechanisms to ensure only authorized personnel can access sensitive data and systems. Continuously monitor and analyze access logs to detect suspicious activities and potential security breaches.
7. Security Technology Evaluation: Assess and recommend new security technologies and tools to strengthen the organization’s security posture. Work closely with the IT team to implement, configure, and manage security solutions effectively.

Experience

Over 7 years of proven experience in information security, compliance management, and risk assessment within an organizational environment.

Qualifications

• Deep knowledge of relevant laws, regulations, and industry standards related to IT security and compliance (e.g., PIPEDA, HIPAA, ISO 27001)
• Strong analytical, problem-solving, and decision-making skills, complemented by excellent communication and interpersonal abilities
• Ability to collaborate effectively within a team, manage multiple projects simultaneously, and thrive in a dynamic, fast-paced work environment

Education

• Bachelor’s degree in Information Technology, Computer Science, or a related field
• Advanced degrees or certifications in security (e.g., CISSP, CISM, CISA) are highly preferred