Senior Security Analyst

Summary

Join Lightspeed Security as a Senior Security Analyst and contribute to a robust security risk management program. You will maintain and report on the risk register, review security assessments, and provide training to the security team. Collaboration with various stakeholders is crucial to evaluate and recommend risk models aligned with Lightspeed's risk posture. Responsibilities include monitoring risk remediation, reporting on security metrics, and reviewing post-incident learnings. You will also engage with business units, implement mitigation strategies, and create security awareness content. This role requires experience in security risk management and familiarity with security frameworks.

Requirements

• 3+ years’ of security risk management experience
• A strong bias towards accountability and continuous improvement
• A strong track record of identifying and reporting on key performance indicators
• Excellent verbal and written communication skills
• Ability to summarise task and initiative progress and identify challenges
• Experience with security frameworks (e.g., NIST CSF, PCI, ISO/IEC 27001, GDPR)

Responsibilities

• Maintain the completeness and integrity of the security risk program’s risk register
• Review security risk assessments to ensure they adequately summarize and communicate the security risk to stakeholders, with various levels of technical and security knowledge/expertise
• Monitor action plans and milestones for risk remediation requirements resulting from security risk assessments
• Provide training to the security team on how to document, formulate and enforce security improvements that balance risk with business operations and do not diminish efficiencies or innovation
• Work closely with enterprise risk management, security leadership, colleagues and stakeholders to evaluate and recommend risk models that align with Lightspeed’s organizational risk posture and risk appetite
• Regularly report on security risk metrics to security leadership emphasizing changes in security risk posture and mitigation efforts
• Review post-incident learnings from security incidents and the results of tabletop exercises and coordinate security risk assessments to document key risk findings
• Maintain a high degree of knowledge with current and proposed security changes impacting regulatory, privacy and security industry best practices
• Stay abreast of new laws, regulations and standards, and assess their impact to the business
• Frequently interact with business units to understand their plans, risk posture and tolerance, and how to support their vision and business obligations with security and risk in mind
• Coordinate with stakeholders to implement effective risk mitigation strategies
• Work closely with the security awareness team to align security awareness and education initiatives with risk reduction objectives. Pinpoint strengths and areas for improvement related to security posture and risk management/acceptance
• Using different mediums, create security awareness content employees can comprehend, regardless of their level of cybersecurity knowledge. Distill content and avoid complexity
• Construct security awareness content around key areas of corporate risk, such as phishing, data protection, password management, social media and general cybersecurity hygiene
• Assist the PCI DSS and SOC2 compliance assurance programs through monitoring and testing activities and detailed reporting

Preferred Qualifications

• Administration and/or familiarity with application security, cloud services, third-party risk management and role-based access
• Understanding of service design, delivery concepts and control frameworks
• Relevant certifications such as CISSP, CISM, CRISC, or equivalent
• An interest in security and growing your career
• Familiarity with security technologies and best practices, including cybersecurity defences, intrusion detection systems, and encryption technologies

Benefits

• Amazing benefits & perks, including equity for all Lightspeeders
• Constant development of both your skill-set and business acumen with limitless growth opportunities
• Lots of autonomy, flexible work culture
• Innovation time to explore and learn at work
• Shaping the company by joining cultural & technical committees
• Tons of growth opportunities into technical or people management roles
• Opportunity to join a fast-paced, high-growth company
• Opportunity to learn, expand your skill set, forge wonderful relationships and make your mark within the diverse and inclusive Lightspeed family, a true Canadian tech success story
• Lightspeed equity scheme (we are all owners)
• Flexible paid time off and remote work policies
• Health insurance
• Contributions to your pension plan - RRSP
• Health and wellness benefit of $500 per year
• Paid leave and assistance for new parents
• Mental health online platform and counseling & coaching services
• Training opportunities to grow your skills and career
• Volunteer day
• Fully stacked kitchen (hot and cold beverages, meals served)
• Happy hours to build your relationships with colleagues after work