Information Security Compliance Analyst
We are all about enhancing life’s celebrations and having fun while we excel in our careers! As North America’s largest publicly traded retailer of adult beverages, we operate 240+ retail locations within Alberta, British Columbia and Alaska. Our liquor store banners include Liquor Depot, Wine and Beyond, ACE liquor, and Brown Jug. In May 2018, we changed our name to Alcanna Inc. The new name reflects the expansion of our business into two divisions: alcohol and cannabis. We proudly operate 8 Nova Cannabis locations throughout Alberta!
About the Role
We are currently seeking an Information Security Compliance Analyst to join our growing team. The Information Security Compliance Analyst will be responsible for helping to maintain and administer information security policies, standards, procedures, and associated controls, and for supporting internal and external audits, assessment of policies and controls, and risk identification and analysis. The Information Security Compliance Analyst will be required to perform after hours work as necessary.
Responsibilities include, but are not limited to:
- Perform activities to help measure and monitor compliance with company policies, standards, and procedures
- Risk Management and Mitigation
- Plan and perform recurring security control assessments across company departments, business units and operational locations
- Facilitate customer and auditor/assessor requests and information gathering for audit activities and provide support for onsite audits.
- Support security compliance initiatives and assessments including responses to client security organization audits, questionnaires
- Assist with successful completion of vendor risk assessment activities
- Contribute to the enhancement of our compliance and audit tools and processes to meet compliance business needs
- Support daily work for Alcanna's risk program, such as:
- Intake, triage, and analysis of risks
- Investigate and resolve compliance and other security related incidents reported by the business at large
- Partner with risk owners to create and achieve risk treatment plans
- Ensure completeness and accuracy of the Risk Register
- Drive risk acceptances
- Work with any compliance or security vendors to help resolve issues or implement changes to the overall security and compliance environment as required.
Key Skills & Competencies
- 5-7 years increasing responsibilities in IT risk management, information security or compliance related field
- Knowledge of IT security and compliance standards including PCI, ISO 27001/27002, and SOC1/SOC2
- Ability to interpret information security data and processes to identify potential risk
- Excellent time management skills including the ability to prepare, organize priorities independently, and complete work plans
- Excellent verbal and written communication skills, including the ability to prepare documentation, policies, and build consensus across a broad group
- Ability to clearly and effectively communicate risks, information security and compliance matters to executives, auditors, and end users
- CISA, CISSP, COBIT, ITIL or similar certifications would be an asset
Personal Characteristics and Requirements
- Ability to deal with changing priorities and multi-task several projects
- Ability to identify compromised systems and lead remediation efforts
- Excellent presentation and communication skills
- Demonstrable verbal and written communication experience
- Detail-oriented individuals that work well in a team environment and have a hunger to learn
- Analytical and problem-solving skills
- Independent worker able to accomplish tasks without direct supervision
- Ability to remain calm and composed in stressful situations
- Maintain current technical skills through formal and informal education
- Be the conduit into the organization supporting compliance / audit efforts
- Be a visible presence in the organization promoting responsible information stewardship, communications, integrity and openness
- Successful completion of a background check is required.
- Valid driver’s license and reliable transportation.