Xello is looking for a Security Analyst
Who are you?
You are a dedicated security professional who thrives in environments where Governance, Risk, and Compliance (GRC) intersect with hands-on security operations. You excel at developing and implementing robust policies and procedures aligned with industry standards such as SOC2, ISO27001, and GDPR. Your proactive approach to risk assessment, incident response, and collaboration ensures that your organization remains compliant, resilient, and ahead of emerging threats.
You possess a strong understanding of regulatory requirements and privacy frameworks, and you stay current with industry best practices. You’re not just knowledgeable about compliance and security tools (SIEMs, IDS/IPS, vulnerability management platforms); you’re adept at using them to identify, assess, and mitigate risks. You’re skilled in creating actionable strategies for security awareness, educating your peers, and ensuring that everyone in the organization has the knowledge to uphold strong security practices.
With a proven track record in incident response, you are calm under pressure, methodical in analyzing threats, and decisive in implementing remediation plans. Your ability to work cross-functionally with IT, legal, and business units, coupled with your excellent communication skills, ensures that stakeholders are aligned on security and GRC goals.
Above all, you are committed to fostering a culture of security and compliance, viewing them not as checkboxes but as opportunities to strengthen the organization. Your work contributes to building trust with clients, external auditors, and regulators, ensuring the organization’s long-term success in a rapidly evolving digital landscape.
What you'll do ...
- Governance, Risk, and Compliance (GRC)
- Develop, implement, and maintain GRC policies, procedures, and controls aligned with regulatory requirements (SOC2, ISO27001, GDPR, CCPA, etc.).
- Lead or assist with security and privacy audits, ensuring compliance with industry standards.
- Perform risk assessments to identify, evaluate, and mitigate risks across the organization.
- Work closely with various departments to ensure proper implementation of controls and to manage security risks.
- Maintain and update the GRC management system to track compliance efforts, manage risks, and report progress to senior leadership.
- Prepare and assist in security and privacy-related questionnaires and vendor risk assessments.
- Stay up-to-date with regulatory changes and industry best practices to ensure the organization remains compliant.
- Incident Response and Security Operations:
- Support the security team in responding to security incidents, including investigation, containment, and remediation of incidents.
- Monitor and analyze security events from various systems and tools (SIEM, IDS/IPS, firewalls) to detect suspicious activity.
- Conduct post-incident analysis to determine root cause and implement preventive measures.
- Develop and improve incident response playbooks and processes to ensure efficient and timely handling of security incidents.
- Assist with vulnerability assessments and penetration testing efforts, working with internal and external teams to prioritize remediation.
- Security Awareness and Education:
- Develop and deliver training programs to educate staff on security and privacy best practices, including data protection and incident handling.
- Conduct regular phishing simulations and social engineering tests to ensure employee readiness.
- Documentation and Reporting:
- Create and maintain accurate documentation for all GRC initiatives, incident response procedures, and remediation efforts.
- Prepare detailed reports for senior management on the state of security, including compliance gaps, risk profiles, and incidents.
- Provide clear and concise updates on ongoing risk assessments, audits, and security metrics.
- Collaboration:
- Work cross-functionally with IT, legal, and business units to ensure proper alignment on GRC and security measures.
- Collaborate with external auditors, regulators, and clients to demonstrate compliance and resolve any findings.
What we're looking for ...
- Bachelor's degree in Information Security, Computer Science, or a related field (or equivalent experience).
- 2-5 years of experience in a similar role, focusing on GRC, privacy, or security operations.
- Experience with compliance frameworks such as SOC2, ISO27001, NIST, GDPR & CyberEssentials.
- Familiarity with incident response processes, security controls, and risk management.
- Hands-on experience with security tools and platforms, such as SIEM, vulnerability management tools, and compliance management software.
- Certifications such as CISSP, CISA, CISM, or equivalent would be an asset.
- Knowledge of data privacy regulations, including GDPR, CCPA, etc.
- Strong analytical and problem-solving skills, with the ability to manage multiple tasks simultaneously.
- Excellent communication skills, both written and verbal.
The compensation for this role offers a range from $72,805 - $103,305 CAD. The final offer will be determined based on the candidate's experience and expertise, as assessed during the interview process.
We’re Xello - Join us!
We are Xello (CASCAID in the UK), the leading developer of future readiness programs in North America and the UK and soon the world! Our mission is to help anyone, anywhere in the world to create a successful future through self-knowledge, exploration, and planning.
We believe that by bringing our best selves to our work and collaborating with one another, we can change the world. We are a very diverse group of individuals who work hard, laugh often and share in each other’s lives. We are an inclusive, equal opportunity employer.
Embracing agile practices, an innovative mindset, and keeping our users at the heart of what we do, are just a few of the keys to our success.
In addition to working with leading technologies, we are committed to continuous learning and growth through internal/external training and mentoring, which includes a PD budget for every employee.
For our Canadian based staff, we also offer:
- Flexible work arrangements including hybrid and remote
- 4 weeks of vacation
- Employer-paid health and dental benefits
- 4-month top-up for parental leave
- Group RRSP with 3% matching
For our US based staff, we also offer:
- Remote work environment
- 4 weeks of vacation
- 80% employer-paid health benefits
- 4-month top-up for parental leave
- 401(k) with 3% matching
For our UK based staff, we also offer:
- Remote work environment
- 28 days annual leave (inc. 3 days at Christmas) + bank holidays. With additional annual leave days added to reward long service
Like what you hear? Apply Now!