Information Security Compliance Analyst

About The Position

Requirements

• Bachelor’s degree in information security, Business Administration, or a related field.
• 5+ years of experience in compliance, cybersecurity governance, or regulatory affairs (law firm or professional services sector strongly preferred).
• Demonstrated knowledge of ISO/IEC 27001:2022 and experience with internal/external audit preparation and management.
• The following certifications are required for this position. If the successful candidate does not have them, they must be willing to obtain: ISO/IEC 27001:2022 Lead Auditor or Lead Implementer, Completion of the Controlled Goods Program Designated Official Certification Program, or ability to complete upon appointment, Completion of Contract Security Program Company Security Officer training, or ability to complete upon appointment.
• Familiarity with Canadian security programs: Controlled Goods Program (CGP) and Contract Security Program (CSP).
• Strong understanding of client-facing compliance processes (e.g., OCGs, security questionnaires, vendor due diligence).
• Excellent organizational, communication, and problem-solving skills.
• Proven ability to handle sensitive information with discretion and professionalism.

Nice To Haves

• The following certifications would be considered an asset: CISA, ISC2 CGRC, CRISC, CIPP/C, CIPM, Security+, NIST Cybersecurity Framework training, or equivalent GRC/audit/compliance credentials.
• Experience serving as, or supporting, a Designated Official (DO) and/or Company Security Officer (CSO) is an asset.
• Bilingualism (English/French) is considered an asset.

Responsibilities

• Review and assess client contractual obligations and Outside Counsel Guidelines (OCGs) related to cybersecurity, confidentiality, and information governance.
• Coordinate and manage the firm’s responses to client security assessments, questionnaires, and audits.
• Track compliance obligations and provide clear reporting to firm leadership and practice groups.
• Collaborate with IS Coordinator and IT to ensure controls align with client and industry standards (OCG, ISO/IEC 27001:2022, NIST, etc.).
• Organize and manage third-party security audits and internal audits to ensure continuous improvement of the firm’s Information Security Management System (ISMS).
• Work with the Information Security Coordinator to prepare for and assist in annual ISO/IEC 27001 audits, including surveillance and recertification audits.
• Monitor the effectiveness of security controls, policies, and procedures, ensuring compliance with ISO/IEC 27001:2022 requirements.
• Act as the firm’s Designated Official (DO) under the Controlled Goods Program (CGP), responsible for registration, compliance, and monitoring.
• Serve as the firm’s Company Security Officer (CSO) under Canada’s Contract Security Program (CSP).
• Oversee personnel security screening, compliance training, and incident reporting in line with regulatory obligations.
• Act as primary liaison with Public Services and Procurement Canada (PSPC), and other regulatory bodies.
• Develop, implement, and maintain procedures, and training programs that support compliance with client and regulatory security requirements.
• Conduct regular risk assessments and internal reviews to identify compliance gaps and oversee corrective actions.
• Provide ongoing compliance training and awareness for lawyers, staff, and management.
• Maintain comprehensive documentation and evidence of compliance activities.

Benefits

• 100% employer-paid health, dental, and mental health coverage, plus an annual lifestyle spending allowance
• Benefits coverage for Firm members and their dependents from day one!
• 15+ vacation days and hybrid work flexibility
• Parental leave top-up for 26 weeks (after 12 months of full-time employment)
• Group Retirement Savings Plan with employer match
• Financial protection through short & long-term disability, life, accident & critical illness insurance
• Employee & Family Assistance Program, guided CBT, and an internal network of 120+ trained Mental Health First Aid responders
• Recognition awards, appreciation events, and a supportive, collaborative work culture
• Perks and preferred pricing programs, referral bonuses and more