Enable job alerts via email!
Security Analyst
Xello
Toronto
Hybrid
CAD 72,000 - 104,000
Full time
Today
Be an early applicant
Boost your interview chances
Create a job specific, tailored resume for higher success rate.
Job summary
Xello is seeking a Security Analyst to foster a culture of security and compliance. The role requires strong skills in Governance, Risk, and Compliance, along with experience in incident response. The ideal candidate will drive security awareness and ensure regulatory compliance while collaborating across the organization to mitigate risks effectively. This position offers a competitive salary with valuable benefits, including flexible work arrangements and employer-paid health benefits.
Benefits
Flexible work arrangements including hybrid and remote
4 weeks of vacation
Employer-paid health and dental benefits
4-month top-up for parental leave
Group RRSP with 3% matching
Qualifications
- 2-5 years of experience in a similar role focusing on GRC and security operations.
- Experience with compliance frameworks such as SOC2, ISO27001, GDPR.
- Certifications such as CISSP, CISA, or CISM are an asset.
Responsibilities
- Develop and implement GRC policies and procedures aligned with regulatory requirements.
- Support in responding to security incidents, including investigation and remediation.
- Conduct regular phishing simulations and social engineering tests.
Skills
Governance, Risk, and Compliance
Incident Response
Risk Assessment
Security Awareness
Analytical Skills
Education
Bachelor's degree in Information Security, Computer Science, or related field
Tools
SIEM
IDS/IPS
Vulnerability Management Tools
Compliance Management Software
Job description
Xello is looking for a Security Analyst
Who are you?
You are a dedicated security professional who thrives in environments where Governance, Risk, and Compliance (GRC) intersect with hands-on security operations. You excel at developing and implementing robust policies and procedures aligned with industry standards such as SOC2, ISO27001, and GDPR. Your proactive approach to risk assessment, incident response, and collaboration ensures that your organization remains compliant, resilient, and ahead of emerging threats.
You possess a strong understanding of regulatory requirements and privacy frameworks, and you stay current with industry best practices. You’re not just knowledgeable about compliance and security tools (SIEMs, IDS/IPS, vulnerability management platforms); you’re adept at using them to identify, assess, and mitigate risks. You’re skilled in creating actionable strategies for security awareness, educating your peers, and ensuring that everyone in the organization has the knowledge to uphold strong security practices.
With a proven track record in incident response, you are calm under pressure, methodical in analyzing threats, and decisive in implementing remediation plans. Your ability to work cross-functionally with IT, legal, and business units, coupled with your excellent communication skills, ensures that stakeholders are aligned on security and GRC goals.
Above all, you are committed to fostering a culture of security and compliance, viewing them not as checkboxes but as opportunities to strengthen the organization. Your work contributes to building trust with clients, external auditors, and regulators, ensuring the organization’s long-term success in a rapidly evolving digital landscape.
You possess a strong understanding of regulatory requirements and privacy frameworks, and you stay current with industry best practices. You’re not just knowledgeable about compliance and security tools (SIEMs, IDS/IPS, vulnerability management platforms); you’re adept at using them to identify, assess, and mitigate risks. You’re skilled in creating actionable strategies for security awareness, educating your peers, and ensuring that everyone in the organization has the knowledge to uphold strong security practices.
With a proven track record in incident response, you are calm under pressure, methodical in analyzing threats, and decisive in implementing remediation plans. Your ability to work cross-functionally with IT, legal, and business units, coupled with your excellent communication skills, ensures that stakeholders are aligned on security and GRC goals.
Above all, you are committed to fostering a culture of security and compliance, viewing them not as checkboxes but as opportunities to strengthen the organization. Your work contributes to building trust with clients, external auditors, and regulators, ensuring the organization’s long-term success in a rapidly evolving digital landscape.
What you'll do ...
- Governance, Risk, and Compliance (GRC)
- Develop, implement, and maintain GRC policies, procedures, and controls aligned with regulatory requirements (SOC2, ISO27001, GDPR, CCPA, etc.).
- Lead or assist with security and privacy audits, ensuring compliance with industry standards.
- Perform risk assessments to identify, evaluate, and mitigate risks across the organization.
- Work closely with various departments to ensure proper implementation of controls and to manage security risks.
- Maintain and update the GRC management system to track compliance efforts, manage risks, and report progress to senior leadership.
- Prepare and assist in security and privacy-related questionnaires and vendor risk assessments.
- Stay up-to-date with regulatory changes and industry best practices to ensure the organization remains compliant.
- Incident Response and Security Operations:
- Support the security team in responding to security incidents, including investigation, containment, and remediation of incidents.
- Monitor and analyze security events from various systems and tools (SIEM, IDS/IPS, firewalls) to detect suspicious activity.
- Conduct post-incident analysis to determine root cause and implement preventive measures.
- Develop and improve incident response playbooks and processes to ensure efficient and timely handling of security incidents.
- Assist with vulnerability assessments and penetration testing efforts, working with internal and external teams to prioritize remediation.
- Security Awareness and Education:
- Develop and deliver training programs to educate staff on security and privacy best practices, including data protection and incident handling.
- Conduct regular phishing simulations and social engineering tests to ensure employee readiness.
- Documentation and Reporting:
- Create and maintain accurate documentation for all GRC initiatives, incident response procedures, and remediation efforts.
- Prepare detailed reports for senior management on the state of security, including compliance gaps, risk profiles, and incidents.
- Provide clear and concise updates on ongoing risk assessments, audits, and security metrics.
- Collaboration:
- Work cross-functionally with IT, legal, and business units to ensure proper alignment on GRC and security measures.
- Collaborate with external auditors, regulators, and clients to demonstrate compliance and resolve any findings.
What we're looking for ...
- Bachelor's degree in Information Security, Computer Science, or a related field (or equivalent experience).
- 2-5 years of experience in a similar role, focusing on GRC, privacy, or security operations.
- Experience with compliance frameworks such as SOC2, ISO27001, NIST, GDPR & CyberEssentials.
- Familiarity with incident response processes, security controls, and risk management.
- Hands-on experience with security tools and platforms, such as SIEM, vulnerability management tools, and compliance management software.
- Certifications such as CISSP, CISA, CISM, or equivalent would be an asset.
- Knowledge of data privacy regulations, including GDPR, CCPA, etc.
- Strong analytical and problem-solving skills, with the ability to manage multiple tasks simultaneously.
- Excellent communication skills, both written and verbal.
The compensation for this role offers a range from $72,805 -$103,305CAD. The final offer will be determined based on the candidate's experience and expertise, as assessed during the interview process.
We’re Xello - Join us!
We are Xello (CASCAID in the UK), the leading developer of future readiness programs in North America and the UK and soon the world! Our mission is to help anyone, anywhere in the world to create a successful future through self-knowledge, exploration, and planning.
We believe that by bringing our best selves to our work and collaborating with one another, we can change the world. We are a very diverse group of individuals who work hard, laugh often and share in each other’s lives. We are an inclusive, equal opportunity employer.
Embracing agile practices, an innovative mindset, and keeping our users at the heart of what we do, are just a few of the keys to our success.
In addition to working with leading technologies, we are committed to continuous learning and growth through internal/external training and mentoring, which includes a PD budget for every employee.
For our Canadian based staff, we also offer:
- Flexible work arrangements including hybrid and remote
- 4 weeks of vacation
- Employer-paid health and dental benefits
- 4-month top-up for parental leave
- Group RRSP with 3% matching
For our US based staff, we also offer:
- Remote work environment
- 4 weeks of vacation
- 80% employer-paid health benefits
- 4-month top-up for parental leave
- 401(k) with 3% matching
For our UK based staff, we also offer:
- Remote work environment
- 28 days annual leave (inc. 3 days at Christmas) + bank holidays. With additional annual leave days added to reward long service
Like what you hear? Apply Now!
Get your free, confidential resume review.
or drag and drop a PDF, DOC, DOCX, ODT, or PAGES file up to 5MB.
'/%3e%3cpath%20d='M101.744%2012.4726L102.894%2016.1947L99.0021%2013.2201L101.744%2012.4726ZM105.3%208.40937H100.488L99.0026%203.59473L97.5116%208.41047L92.7%208.40385L96.5965%2011.3834L95.1055%2016.1942L99.0021%2013.2196L101.408%2011.3834L105.3%208.40992V8.40937Z'%20fill='white'/%3e%3cdefs%3e%3clinearGradient%20id='paint0_linear_5593_1381'%20x1='90'%20y1='9.44471'%20x2='99'%20y2='9.44471'%20gradientUnits='userSpaceOnUse'%3e%3cstop%20stop-color='%2300AD70'/%3e%3cstop%20offset='0.998594'%20stop-color='%2300B67A'/%3e%3cstop%20offset='1'%20stop-color='%23DCDCE6'/%3e%3c/linearGradient%3e%3c/defs%3e%3c/svg%3e){kind=small}
Similar jobs
Sr. IT Security Analyst
Kinross Gold Corporation
Toronto null
Hybrid
Hybrid
CAD 90,000 - 130,000
Full time
Today
Be an early applicant
Associate Security Analyst
Coconut Software
null null
Remote
Remote
CAD 60,000 - 80,000
Full time
6 days ago
Be an early applicant
IT Security Analyst
IFG International Financial Group Ltd
South Frontenac null
Remote
Remote
CAD 90,000 - 130,000
Full time
7 days ago
Be an early applicant
IT Security Analyst - Identity Access Management
IFG International Financial Group Ltd
South Frontenac null
Remote
Remote
CAD 80,000 - 110,000
Full time
7 days ago
Be an early applicant
IT Security Analyst
Nuclear Waste Management Organization (NWMO)
Toronto null
Hybrid
Hybrid
CAD 75,000 - 100,000
Full time
5 days ago
Be an early applicant
Principal Security Analyst - Remote
Cyderes
Toronto null
Remote
Remote
CAD 80,000 - 120,000
Full time
30+ days ago
Principal Security Analyst - Remote
Cyderes
Toronto null
Remote
Remote
CAD 100,000 - 125,000
Full time
30+ days ago
Land a better
job faster
job faster
