Security and Compliance Specialist

Summary

Join Unbounce, a leading landing page platform, as a Security and Compliance Specialist to contribute to the company's data security and compliance objectives. Develop, maintain, and enhance Unbounce's Governance, Risk, and Compliance (GRC) program. Serve as the primary point of contact for data privacy, information security, and compliance matters. Collaborate with cross-functional teams, including Engineering, Legal, and IT, to ensure a robust security and compliance posture. This role involves partnering with Engineering on technical policy reviews, responding to compliance inquiries, proactively updating controls, and developing a comprehensive cyber education and awareness program. Advance Unbounce's security, compliance, and data privacy initiatives by staying current on regulations and best practices.

Requirements

• A minimum of 3 years of experience in privacy and compliance roles (e.g., GRC Analyst, GRC Specialist, Privacy Analyst, Compliance Analyst, Privacy & Compliance Specialist)
• Extensive experience in IT systems, security policies, standards, industry trends, and techniques
• Ability to articulate risk in terms of business impact and suggest reasonable strategies for mitigation
• Experience supporting internal and external audits, including driving continuous compliance and remediation efforts
• Strong understanding and experience in policy development, designing information security controls and managing risk registers, control libraries and compliance metrics
• Experience working with external audit partners
• Strong understanding of data protection, privacy, and regulatory frameworks, including GDPR, CCPA, PCI, HIPAA, PCI-DSS, US data privacy laws
• Experience in GRC activities, policy creation, development, and associated lifecycle management activities
• Familiarity with contract processes and language specific to data protection and privacy regulations
• Excellent interpersonal, communication, organizational, research, and analytical skills with a proven ability to interact with co-workers, clients, and third-party vendors. Ability to adopt a customer-first approach

Responsibilities

• Partnering with Engineering on technical policy reviews & controls (Change Management - CI/CD, Access Control, encryption)
• Respond to slack threads to clarify compliance requirements
• Spot checking & updating controls proactively with the teams, aimed at the point of focus and our organizations needs
• Analyst will also take a senior lead in the development and maintenance of an organization wide Cyber Education and awareness program to include awareness communications, training course development, and social engineering testing
• Stays current on applicable laws, regulations, developing regulatory concerns and changing IT and InfoSec trends, standards.and security best practices
• Supports internal and external audit processes for related compliance requirements
• Perform IT Security Reviews and prepare audit evidence
• Collaborates to develop IT and organizational policies and standards in support of legal and regulatory compliance needs as well as general IT and organizational information security practices
• Act as the point of contact to assist and respond to requests and questions from IT stakeholders, business leaders, third parties/vendors, consultants, and government agencies
• Monitoring and Reporting: Track remediation efforts, escalate issues as needed, and report control statuses to management
• Develop materials to provide regular updates to Executives on the overall health of the program including preparing necessary information to facilitate management discussion and decision making
• Control Documentation: Develop and maintain documentation of ITGCs, control matrices, unified control frameworks, risk assessments, and testing methodology
• Performs internal risk assessments; validates effectiveness of security controls; recommends appropriate actions to mitigate risks; assesses / evaluates / makes recommendations related to adequacy of security controls
• Supports vulnerability management efforts (e.g., remediation tracking, status reporting, enhancements)
• Training and Guidance: Guide business teams on SOX and SOC 2 compliance requirements as well as corporate security policies and best practices

Preferred Qualifications

• You possess at least one professional certification related to data privacy, compliance, and/or information security, such as IAPP, CIPP, CIPP/E, CCEP, CCEP-I
• One or more professional security certifications (e.g., CISSP, CISA, CISM, CRISC)

Benefits

• $76,363 - $99,183 CAD
• Flexible Time Off Policy - We encourage a minimum of 4 weeks per year!
• Remote First Team
• Flexible Hours
• Work From Anywhere Program
• Health Insurance
• Employee Assistance Program (EAP)
• Quarterly Company Wide Recharge Days
• End of Year Company Wide Holiday Closure
• Maternity & Parental Leave Program
• $2000 Lifestyle Spending Account (LSA)
• Weekly Virtual Yoga Classes
• RRSP, 401(K), WWK Pension Personal Contributions
• Volunteer Day
• Team Building Budget
• Referral Program ($1000)
• Anniversary Milestone LSA Top Up
• Birthday Day Off
• Professional Development Budget