AddressDentons US LLP is currently recruiting for a Compliance Analyst. Reporting to the Director, Information Security & Technology Services, the Compliance Analyst will coordinate and support governance and security efforts in collaboration with other key stakeholders in the business for Dentons Canada. This position will help identify and operationalize risk management initiatives and standards that need to be applied to the operating environment. Key functional areas of the position include initiatives governing the Firm's client and administrative data / information in accordance with ethical, legal and contractual requirements.
Responsibilities:
- Review client Information Security requirements, questionnaires and assessments and prepare responses.
- Organize and maintain the client interaction library, including requests, final responses and associated artifacts.
- Maintain a control matrix, mapping NIST/ISO controls frameworks and client requirements.
- Help develop, maintain, evaluate and implement policies and procedures in line with both business requirements and national and international legislative changes, (i.e. ISO 27001/22301, HIPAA processes and procedures.).
- Maintain an inventory of improvement opportunities and action items; prepare periodic reports on trends and compliance.
- Maintain governance inventories such as client security notification requirements.
- Review and track ad-hoc client notifications and requests related to Information Security (e.g. vulnerability notifications, ad-hoc control validation requests)
- Collaborate with the Risk Management and IT teams on implementation of security controls required by clients, such as access restrictions.
- Assist with Third-Party Risk Management program; enhance vendor and cloud service provider inventories, collect risk artifacts such as SOC2 reports.
- Assist with general Information Security program improvements (e.g. awareness communication, projects and enhancements to policies and procedures).
- Other duties as assigned based on the ongoing evolution of the Information Security program.
Experience & Qualifications:
- Minimum of 5 years’ experience in an Information Security role.
- Understanding of Information Security controls, governance principles and standards/frameworks such as NIST CSF or ISO 27001
- Strong written and oral communication skills. Experience responding to audits, RFPs and regulatory/supplier/outsourcer/subcontractor assessments is an asset.
- Ability to prioritize and work effectively under pressure
- Ability to work both independently and in a team-oriented, collaborative environment
- Demonstrate good critical thinking, analytical, and problem-solving skills
- Knowledge of cross-border regulations, such as GDPR and EU data Privacy rules are a plus
- Understanding of the compliance, legal and ethical obligations that organizations should have with respect to logical and physical security, personally identifiable information and data protection
- Industry certification such as CISSP, CISA, CISM, CRISC, is an asset.
Dentons offers a competitive salary and benefits package including medical, dental, vision, 401k, profit sharing, short-term/long-term disability, life insurance, tuition reimbursement, paid time off, paid holidays and discretionary bonuses.
Dentons US LLP is an Equal Opportunity Employer of Individuals with Disabilities and Protected Veterans. We are an Affirmative Action Employer. Pursuant to local ordinances, we will consider for employment qualified applicants with arrest and conviction records.
About Dentons
Across over 80 countries, Dentons helps you grow, protect, operate and finance your organization by providing uniquely global and deeply local legal solutions. Polycentric, purpose-driven and committed to inclusion, diversity, equity and sustainability, we focus on what matters most to you. www.dentons.com
