Job Summary:
Join our team as a Senior Information Security Analyst, where you will play a pivotal role in refining and delivering our Information Security Program, focusing on endpoints, applications, and infrastructure. You'll conduct regular security scans, generate comprehensive reports, and engage stakeholders to address identified issues efficiently. Additionally, you will collaborate closely with operational teams, provide expert advice on emerging security risks, and support various security compliance programs, ensuring a robust Information Security Continuous Monitoring Program is in place. As a Senior Information Security Analyst at D2L, you are a key influencer and contributor to the refinement and delivery of D2L's Information Security Program!
How Will I Make an Impact?
- Assist in refining and delivering D2L's Information Security Program with particular focus on endpoints, applications, and the underlying infrastructure.
- Perform regular application/infrastructure security scans, generate reports, and liaise with related stakeholders to work towards closing open issues.
- Liaise with operational teams on existing and emerging information security risks and provide subject matter expertise.
- Monitor/track information security risks and related artifacts throughout their lifecycle.
- Support the Information Security Continuous Monitoring Program(s) aligned with specific security compliance programs.
- Support the product sales cycle by completing security questionnaires from prospective clients.
- Collaborate with internal subject matter experts to collate, review, and submit periodic security questionnaires from D2L’s client.
- Support internal D2L teams during security assessments/reviews/audits.
- Review independent third-party reports from vendors, suppliers and partners for adequacy and alignment with D2L’s Information Security Program.
- Track identified gaps from third party assessments and follow up with stakeholders to close outstanding issues.
Competencies (What you’ll bring to the role):
- Ability to think critically
- Ability to engage process owners and explain security controls associated with processes
- Ability to breakdown complex technical concepts to simple terms for various levels of stakeholders
- Ability to achieve outcomes with minimal supervision.
- Ability to learn fast and synthesize information from different domains and sources.
- Ability to work well with teams within a matrix structure and operational setting
Skills
- Sound knowledge of Static Application Security Testing (SAST), Dynamic Application Security Testing (DAST) and Software Composition Analysis (SCA).
- Sound knowledge of public cloud infrastructure
- Practical knowledge of implementing security controls in public cloud deployments/workloads
- Practical knowledge of Governance Risk and Compliance (GRC) tools
- Practical knowledge of infrastructure and application security scanning tools
- Deep understanding of vulnerability management and penetration testing
- Sound knowledge of risk management framework and standards
- Sound knowledge of Information Security frameworks and standards including ISO 27001, NIST 800-53 etc.
D2L Leadership Competencies
- Leads by Example with personal and professional integrity, high accountability and say/do ratio
- Boundaryless collaboration and influence skills both within team, peer group and broader organization. Effective communicator with a proven track record of success.
- Delivers Awesome Outcomes: Strategic mindset and business acumen, with strong prioritization skills and a focus on organizational outcomes vs. team tasks. Effective problem solver, able to achieve results individually and through others, in fast paced, deadline-driven
- environments.
- Talent Magnet: Talent-focused leader, with demonstrated ability to coach, build and lead a high performing, diverse team.
- Better, Smarter, Faster: An agile learner, with a growth mindset, attention to detail and organizational skills. An operationally minded leader, with a focus on continuous improvement and innovation.
- Wins Hearts and Minds: An effective communicator, with the ability to connect the why and the what. A change agent, with proven delegation, motivation, and team building skills.
Suggested Qualifications/Experience:
- You have previous hands-on experience implementing information security controls across a wide range of domains including Endpoint Security, Application Security, and Infrastructure Security.
- You have hands-on experience with public cloud services like Amazon Web Services (AWS), Azure etc.
- You have hands-on experience performing vulnerability assessments and penetration tests.
- You have demonstrable experience working with teams that have implemented security controls based on ISO 27001/NIST 800-53, CSAE 3416/SSAE18, SOC1/2/3.
- You have experience using enterprise-grade governance risk and compliance (GRC) tools.
- You have experience assessing security control implementations on large enterprise, web scale and serverless environments.
- You have experience engaging stakeholder in remediating security-related findings
- You have experience supporting an audit exercise by generating security-related evidence
About the team
- We work daily to enhance our defenses and actively anticipate potential threats to ensure we are protecting the availability, integrity and confidentiality of D2L services and data.
- Our solutions are heavily focused on the native AWS technology stack while also making use of a variety of supporting technologies such as Terraform, Cloud Formation, and Jenkins.
- Our current compliance coverage includes ISO27001, ISO 27701, ISO 27017, ISO 27018; CSAE 3416/SSAE18; SOC1/2/3; TX-RAMP; Cyber Essentials
- Our team is physically located at D2L’s HQ in Kitchener, Ontario Canada but we maintain a strong virtual presence to enable us to collaborate from wherever we may be.