InfoSec Compliance Analyst "Job Details"

Burnaby, BC, Canada

Job Identification

15827

Job Category

Information Security

Locations

• Burnaby, BC, Canada

Posting Date

03/26/2024, 05:10 PM

Degree Level

Bachelor's Degree

Job Schedule

Full time

Job Description

We are seeking an InfoSec Certification and Compliance Analyst to join our InfoSec team. In this role, you will help on various certification projects. You will review certification requirements, map the requirements to security controls, perform gap analysis, and work with internal teams to remediate risks and close the security gaps. You will work with team members to ensure the Information Security Management System (ISMS) adherence to industry standards, laws, best practices, and various certification requirements. Additionally, you will help to support company-wide compliance and regularity requirements, maintain and improve the ISMS to uphold the confidentiality, integrity, and availability of sensitive information .

Responsibilities:

• Work with team members to achieve and maintain compliance with ISO 27K, SOC2, NIST, SCRM, GDPR, and other security standards and regulatory frameworks.
• Review various security certification and compliance requirements, perform requirement mapping, and prepare gap analysis report.
• Develop action plans and follow up with internal teams to close the security control gaps.
• Contribute to the continuous improvement of the ISMS in accordance with ISO 27001 and NIST SP800-53 Standards.
• Develop IT policies, procedures and guidelines, and provide improvement recommendations to current ones.
• Conduct risk assessment to information systems and business processes.
• Collaborate with operation teams to ensure that appropriate controls are implemented, operating properly, in accordance with the corporate policies and compliance requirements.
• Conduct audit readiness assessments and coordinate with internal and external functions and audit resources.
• Develop, collect and analyze security metrics to determine compliance and risk levels, as well as trends in systems and processes, and make recommendations on improvements and decisions based on information from the metrics.
• Work closely with Corporate Information Security Team and other business units as required to understand IS-related challenges and develop plans aimed at addressing these challenges.
• Respond to request for information on security compliance from customers and partners.

Qualifications and Experience:

• Bachelor degree in Information Security, Cybersecurity, Information Technology, or a related field
• 3+ years of hands-on experience in information security, audit, compliance, risk management, or a related field.
• Extensive expertise in managing compliance frameworks such as ISO 27001, SOC2, NIST, SCRM, and GDPR.
• Proven track record in designing and implementing information security policies, procedures, and controls.
• Experience with key security technologies including Security Information and Event Management (SIEM) systems, firewalls, network and host intrusion prevention and detection systems, proxies, vulnerability scanners, and endpoint protection solutions.
• Experience or deep knowledge in cloud security, including cloud-specific security frameworks such as the Cloud Security Alliance's (CSA) Cloud Controls Matrix (CCM), FedRAMP and ISO/IEC 27017, 27018.
• Demonstrated ability to comprehend and interpret audit and security requirements effectively.
• One or more of the following certifications preferred: ISO 27001 LA, CISA, CISM, CISSP and CCSP; The ISO 27001 LA and CISA certifications are highly desirable.
• Proficient in Microsoft Office applications (Word, Excel, and PowerPoint), collaboration platforms (SharePoint, Outlook, and Teams), and GRC/Compliance Management tools.
• Soft Skills: Exceptional interpersonal and communication abilities; meticulous attention to detail and accuracy; strong organizational and project management acumen.

Additional Mandatory Requirements:

• This position requires a hybrid work model, with employees expected to work on-site at our Burnaby office for a minimum of three days per week.

Join our team and contribute to the safeguarding of our organization's sensitive information while ensuring compliance with the latest industry standards and regulations. Apply your expertise to enhance our security posture and maintain the integrity of our systems and processes.

The Canada base salary range for this full-time position is expected to be between $94,000 - $127,000 annually. Wage ranges are based on various factors including the labour market, job type, and job level. Exact salary offers will be determined by factors such as the candidate's subject knowledge, skill level, qualifications, and experience.

Fortinet strives to provide you and your family with a comprehensive benefits package. Benefits eligibility starts on your first day of hire and comprises of 100% company paid medical, dental, and vision coverage, including a Health Spending Account and a Personal Spending Account that gives you flexibility to spend where you need it the most. Our Employee & Family Assistance Plan (EFAP) offers you and your family access to various services like counseling, legal advice, mental health resources etc. We also provide critical illness, disability, and life insurance, as well as a Group Registered Retirement Savings Plan (RRSP) with a company match to help you save faster for retirement. We offer competitive Paid Time Off and flexible leave policies, including paid health days, to help you take care of yourself and your family members.

All roles are eligible to participate in the Fortinet equity program. Bonus eligibility is reviewed at time of hire and annually at the Company's discretion.

About Us

Fortinet (NASDAQ: FTNT) secures the largest enterprise, service provider, and government organizations around the world. Fortinet empowers its customers with intelligent, seamless protection across the expanding attack surface and the power to take on ever-increasing performance requirements of the borderless network - today and into the future. Only the Fortinet Security Fabric architecture can deliver security without compromise to address the most critical security challenges, whether in networked, application, cloud or mobile environments. Fortinet ranks number one in the most security appliances shipped worldwide and more than 500,000 customers trust Fortinet to protect their businesses.

We are committed to providing reasonable accommodations for all qualified individuals with disabilities. If you require assistance or accommodation due to a disability, please contact us at [email protected].

Fortinet is an equal opportunity employer. We value diversity in our company, and all qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, disability, age, military/veteran status or any other applicable legally protected characteristics in the location in which the candidate is applying.

The Fortinet Team is looking for an Information Security Analyst to join the Information Security team for Burnaby site. It is a highly technical role assisting the Information Security leadership with daily information security operation activities, both on an organizational and technical level.

Fortinet is looking for an IT Security and Compliance Analyst to assist the Corporate Information Security Team

Page InfoSec Compliance Analyst - Candidate Experience site Careers loaded

#J-18808-Ljbffr