D2L is a cloud company that is modernizing education and building the Future of Work. The old models of teaching and learning are in the midst of the largest transformation in history, and D2L is at the heart of that fundamental shift. New models of teaching and learning enable a personalized, student-centric experience – and deliver improved retention, engagement, satisfaction, and results for learners of all ages – in schools, campuses, and companies.D2L is disrupting the way the world learns, by providing the next generation learning environment and solutions to engage and inspire learners. And most importantly, by giving customers a platform that is easy, flexible, and smart. No other company provides a solution as robust and innovative as D2L.D2L has had a singular mission for 25 years and is dedicated to that same mission in the years ahead: to transform the way the world learns – and by doing so, we will help improve human potential globally.A member of our Talent Acquisition team reviews ALL of our applications - yes a real person reviews resumes! They are excited to read more about what amazing things you could add to D2L. Job Summary:Being the Information Security Risk and Compliance Analyst at D2L, you are a key influencer and contributor to the refinement and delivery of D2L's security and compliance programs. You work to improve our security posture along with meaningful adoption and execution of operating controls and, in tandem, delivery on a certification strategy that enables business in new markets and sectors.How Will I Make an Impact'Assist in refining and delivering D2L's Security program and ensuring alignment of these to D2L's compliance program. Promote a culture of security awareness through training and knowledge campaigns across the organization. Improve D2L’s posture and transparency on security, privacy and compliance practices, both internally and externally Perform security risk assessments pertaining to governance, people, data, software, hardware, and cloud infrastructure. Perform alignment of risk mitigation strategies/plans to industry standards - ISO 27001/NIST SP 800-53R4/ PCI DSS etc. Perform third party/vendor/partner security risk assessments. Facilitate and manage external audits and conduct internal audits. Provide security representation and responses for new deals and proposals. Monitor and enforce data privacy policies in partnership with the D2L Legal team. What you’ll bring to the role:In-depth knowledge of information security principles, practices, and technologies, including risk assessment, security controls, encryption, access controls, and incident response.Understanding of relevant data protection and security regulations (e.g., GDPR, HIPAA, PCI DSS) and the ability to ensure the organization's adherence to these requirements.Familiarity with various compliance frameworks, such as ISO 27001, NIST Cybersecurity Framework, and CIS Controls, and the ability to apply them to assess and improve security controls in a DevOps environment. Proficiency in conducting security audits, Cloud Security risk assessments, and compliance evaluations to identify vulnerabilities and ensure compliance with policies and regulations.Capability to develop and update security policies, standards, and procedures to align with industry best practices and regulatory requirements.Competence in identifying, assessing, and prioritizing Cloud/Application/Infrastructure security risks and implementing risk management strategies. The capability to evaluate complex security challenges, think critically, and make informed decisions. Skills A strong understanding of information security principles, best practices, standards (e.g., ISO 27001, NIST Cybersecurity Framework), and relevant regulations (e.g., GDPR, HIPAA).Familiarity with compliance frameworks and risk assessment methodologies to identify, assess, and mitigate security risks within the organization.Ability to conduct security assessments and audits to ensure compliance with internal policies and external regulations.Strong analytical skills to evaluate security incidents, identify patterns, and recommend improvements to security controls and processes.Knowledge of IT systems, networks, and infrastructure to understand potential security vulnerabilities and effectively assess security controls.Understanding of data privacy regulations and best practices to protect sensitive information and ensure compliance with data protection laws.Capability to develop and update security policies, standards, and procedures to align with industry best practices and regulatory requirements.Knowledge of vulnerability assessment tools and practices to identify and address potential security weaknesses.Ability to design and deliver security awareness and training programs for employees to promote a security-conscious culture.Effective written and verbal communication skills to articulate security risks, compliance issues, and remediation plans to b
Apply Now
Apply Now