Security Compliance Analyst

Department: Managed Security

Employment Type: Full Time

Location: Canada - Remote

• Understand and follow “The VC3 Way”. This is our set of standards and processes that produce a predictable result for the client. You must be aware of and maintain our standards
• Conduct internal VC3 security audits and assessments to identify vulnerabilities, weaknesses, and non-compliance issues. Report identified audit exceptions to the security team leadership
• Collaborate with teams to develop and update security compliance policies, procedures, and guidelines in accordance with industry best practices. Provide recommendations to security leadership for policy improvements that will reduce risk and align VC3 to industry standards
• Develop a process and collaborate with the administration team for maintaining CJIS certification status of VC3. Maintain and gather information current and future state regulations for CJIS certification. Interact with state agencies as necessary
• Conduct client risk assessments to identify potential security risks and develop mitigation plans. Identify and create remediation plans to reduce identified risks and audit exceptions. Collaborate with security, service delivery and strategic advisors to present assessments to clients and develop a schedule of remediation
• Monitor and interpret relevant client regulations, standards, and frameworks (e.g., GDPR, HIPAA, ISO 27001, CMMC, FISMA, CJIS) to ensure our organization's client compliance. Communicate changes to security team leadership, service delivery and client strategy teams
• Maintain accurate records and documentation related to security compliance activities, including audit reports, policies, and incident reports
• Generate and deliver client compliance and security reports to security team leadership and relevant stakeholders, ensuring timely reporting to clients
• Continuously evaluate and improve compliance process improvement, driving down the required time to complete client audits
• Look for and recommend automation opportunities with current and/or new systems to drive efficiency
• Provide recommendations and assistance in tool (Cynomi) development and implementation

• Collaborate with AST teams and Strategic Advisors to help clients achieve improved regulatory compliance and to provide information regarding current compliance state
• Maintain accurate and real time timesheets, record complete and accurate notes of communication with clients
• Receive mentoring and feedback from peers and others
• Where appropriate, escalate complicated issues to a senior resource or other appropriate teams
• Review Tickets with Manager
• Actively Participate in Team Huddles, L10 Meetings, One on One Meetings, and any other Team Meetings
• Create and update documentation when changes or occur, or when discoveries are made
• Attend monthly training & team meetings as required
• Additional duties as required

• Good problem solving and decision-making skills; ability to understand and analyze complex issues
• Self-motivated, detail orientated, highly organized and able to handle a variety of tasks and responsibilities in an efficient manner with a high level of quality
• Possess strong oral and written communication skills and be comfortable interfacing with client executive teams
• Process driven with high attention to detail and excellent follow through skills
• Professional demeanor and outstanding client service skills
• Strong work ethic with a desire to learn, grow, and develop new skills
• Bachelor's degree in Information Security, Computer Science, or a related field (or equivalent work experience)
• Certification in relevant security and compliance standards (e.g., CISSP, CISM, CISA) is a plus
• Knowledge of security standards, frameworks, and regulations (e.g., ISO 27001, NIST, GDPR, FISMA, CMMC)
• Strong analytical and problem-solving skills
• Excellent communication and interpersonal skills
• Ability to work collaboratively in a cross-functional team environment
• Attention to detail and a commitment to upholding the highest standards of security and compliance

• Applicant selected will be subject to a criminal and department of motor vehicles background checks and must meet Criminal Justice Information Systems (CJIS) requirements post-employment
• VC3 offers a comprehensive benefit package and 401K/RRSP company matching