IT Compliance, Senior Analyst

at  Interac Corp

IT COMPLIANCE, SENIOR ANALYST

At Interac, we design and deliver products and solutions that give Canadians control over their money so they can get more out of life. But that’s not all. Whether we’re leading real-time money movement, driving innovative commerce solutions like open payments for transit systems, or making advancements in new areas like verification and open banking, we are playing a key role in shaping the future of the digital economy in Canada.
Want to make a lasting impact amongst a community of creative thinkers, problem solvers, technical virtuosos, and high-performance application developers? We want to hear from you.
Collaborating with the Leader, Business and Information Security Office (BISO) & IT Compliance Management, you will engage with internal and external stakeholders to maintain and enhance the audit, regulatory, and contractual compliance activities of the organization. A key initiative will be maintaining the company’s ISO 27001 Certification.
This role will involve a mix of stakeholder management, risk management/tracking, training, and documentation development.

You’ll be responsible for:

• Preparing and maintaining a risk register to track, identify, and remediate gaps found during project, system, and software lifecycles through internal/external audits, security risk assessments or security reviews. This also includes tracking any associated risk acceptances and/or exceptions.
• Creating reporting to measure the effectiveness of the technical controls that can be used to propose compensating controls accordingly
• Enhancing and maintaining established compliance risk assessment frameworks.
• Proactively contributing to compliance initiatives, providing technical and business advice, as well as insight into management processes.
• Aligning and refining Information Security policies and standards with industry best practices, pertinent regulations and standards bodies (ISO 27001/2, PCI DSS. CIS, NIST Series)
• Building compliance aware business units by communicating and guiding the implementation of established security processes and requirements.
• Reviewing documents and architecture diagrams to determine risks to the organization
• Collaborating with stakeholders at all levels to make informed, risk-based recommendations that enhance the compliance posture of the organization, products, and services.
• Weighing operational needs against security concerns to help guide the business to make practical and informed risk decisions
• Leveraging expertise in Information Security Management (ISM) to facilitate the completion of security assessments and compliance audits involving a mix of internal and external/third-party stakeholders.
• Training internal and external stakeholders on their compliance and/or regulatory requirements to help ensure successful audits and legal reviews.
• Serving as a key interface with external and internal auditors for compliance related activities
• Creating and updating technical documentation to support compliance efforts in line with company policies.
• Working alongside internal teams to ensure that that effective business continuity plans (BCPs) and Disaster Recovery Plans (DRPs) are in place and maintained.
• Keeping abreast of changes to industry best practices and cybersecurity risks to ensure our internal practices are current.

• Preparing and maintaining a risk register to track, identify, and remediate gaps found during project, system, and software lifecycles through internal/external audits, security risk assessments or security reviews. This also includes tracking any associated risk acceptances and/or exceptions.
• Creating reporting to measure the effectiveness of the technical controls that can be used to propose compensating controls accordingly
• Enhancing and maintaining established compliance risk assessment frameworks.
• Proactively contributing to compliance initiatives, providing technical and business advice, as well as insight into management processes.
• Aligning and refining Information Security policies and standards with industry best practices, pertinent regulations and standards bodies (ISO 27001/2, PCI DSS. CIS, NIST Series)
• Building compliance aware business units by communicating and guiding the implementation of established security processes and requirements.
• Reviewing documents and architecture diagrams to determine risks to the organization
• Collaborating with stakeholders at all levels to make informed, risk-based recommendations that enhance the compliance posture of the organization, products, and services.
• Weighing operational needs against security concerns to help guide the business to make practical and informed risk decisions
• Leveraging expertise in Information Security Management (ISM) to facilitate the completion of security assessments and compliance audits involving a mix of internal and external/third-party stakeholders.
• Training internal and external stakeholders on their compliance and/or regulatory requirements to help ensure successful audits and legal reviews.
• Serving as a key interface with external and internal auditors for compliance related activities
• Creating and updating technical documentation to support compliance efforts in line with company policies.
• Working alongside internal teams to ensure that that effective business continuity plans (BCPs) and Disaster Recovery Plans (DRPs) are in place and maintained.
• Keeping abreast of changes to industry best practices and cybersecurity risks to ensure our internal practices are current