Security Compliance Analyst

Working Here
At CARFAX Canada, we’re more than just obsessed with cars. We’re obsessed with data and using it to help millions of Canadians buy, sell and maintain cars - but you can learn that on our website. Let’s talk about the sweet perks you’ll get when working here (i.e. what you actually want to know): Some days you’ll be taking in-house leadership training courses, other days you’ll be eating a catered lunch with your team mates. Grab a seat in the state-of-the-art office at 100 Kellogg Lane and collaborate the day away. What’s that, it’s the summer? Well, the 4-day work weeks have kicked in; enjoy those extra paid days off! Why not use one of your paid volunteer days to give back to your community? What else can we list? Competitive wages, amazing benefits like a wellness spending fund, a company-matched pension program, monthly “work from anywhere” days, yearly performance-based bonuses, health and wellness programs, a literal award-winning culture, parental leave top-ups and all kinds of social events. To top all of this off, every day you get to choose how you get to do meaningful work with incredible people. So, looks like we’re obsessed with a few things here – data and our people!

Job Details
CARFAX Canada is excited to announce the position of Security Compliance Analyst. In this role you will work on-site from our London, ON office and report to the Cyber Security Manager.  

As a Security Compliance Analyst, you will be responsible for planning, executing, and leading security audits, coordinating efforts for internal and external audits, as well as managing compliance and regulatory requests. In this role, you will also work on vulnerability assessments, design remediation for identified deficiencies, and ensure the company’s adherence to applicable laws, regulations, and protection of all systems and data.

The ideal candidate will possess strong knowledge and work experience in NIST, ISO27002, SOC2, & CIS frameworks, and will have the ability to work with local and global IT and business partners to provide guidance and support to the company.

Position Responsibilities

• Support internal and external audit processes for relevant compliance requirements including PCI-DSS, CCPA, SOX, SOC2
• Coordinate the creation of required attestation documents
• Manage internal and external security assessments and risk analysis strategies to ensure company’s compliance with security standards
• Perform assessments on new and existing systems, processes, and technologies
• Support the vendor due diligence process and help define overall third-party risk management efforts
• Perform gap assessments to validate compliance on an ongoing basis
• Work with the security team to establish configuration management and system hardening baselines
• Remain informed on current regulatory concerns and IT and information security trends
• Participate actively in the security community such as ISACA, ISC2, SANS Institute
• Interface with global IT and business partners to provide guidance and support
• Perform in-depth analysis of logs, audits, and security related events
• Advise on the identification, analysis, and resolution of specific security factors, risks, vulnerabilities; protection of personal privacy issues; and appropriate industry and international security standards

Education and Experience Required

• Bachelor’s degree in Computer Systems Technology, Information Security, or Cyber Security or equivalent work experience
• 5+ years of experience with legal and regulatory compliance standards such as PCI-DSS, SOX, SOC2, CCPA, GDPR, HIPAA, etc
• 5 + years in IT (various roles) Security Engineer or network, endpoint, SOC analyst
• 2+ years of experience working with Azure cloud security environments
• Working knowledge of IT security frameworks, particularly NIST, ISO27001, SOC2, CIS
• Strong understanding of fundamental information security concepts and technology
• Creating low level security architectures and procedures, authorization roles and defending against unauthorized access, modifications, and destruction
• Consulting with staff, managers, and executives about the best security practices and providing technical advice
• Strong analytical and critical thinking skills
• ISACA or (ISC)2 certification considered an asset

Equal Opportunity Employer
CARFAX Canada is an equal opportunity employer, and all qualified candidates will receive consideration for employment without regard to race/ethnicity, color, religion, sex, sexual orientation, gender identity, national origin, age, disability, marital status, military veteran status, unemployment status, or any other status protected by law. 

We’re committed to providing accommodations by request for candidates taking part in all aspects of the recruitment and selection process. For a confidential inquiry or to request an accommodation, please contact your recruiter or email hr@carfax.ca.

If you are interested in applying for this position, please visit our website https://www.carfax.ca/careers. Applications will be accepted until a suitable candidate is hired. 

We thank all applicants for their interest; however only those selected for an interview will be contacted. 

About Us
CARFAX’s mission is to help millions of people shop, buy, service and sell used cars with more confidence. As a leader in vehicle history and valuation, CARFAX provides impartial and comprehensive information for consumers and the automotive industry. CARFAX‘s Canadian headquarters in London, Ontario supports Canadian and U.S. markets, drawing on billions of data records from thousands of sources, enabling used vehicle buyers and sellers to make informed decisions. CARFAX is consistently recognized as a top employer and business. CARFAX is a part of S&P Global (NYSE: SPGI). Find out more at www.carfax.ca and connect with CARFAX on Instagram, Facebook and LinkedIn.