Information Security Analyst
Canada
MaxMind
Customize content and comply with regulations using in-depth IP address data. Prevent fraud and chargebacks, manage cyber risk, and flag proxy users.This is a full time remote position, and we welcome candidates to apply from anywhere in Canada.For Canadian candidates, you must be eligible/authorized to work in Canada.
The Position
MaxMind employs a federated security operating model in order to move quickly and integrate security expertise across the business, engineering, and development teams. Working with the Information Security Manager, you as an individual contributor will work on maintaining and enhancing MaxMind’s security and data privacy program. You will have the ability to understand concepts from a multitude of sources including regulatory frameworks, privacy regulations, and contractual obligations and apply them to MaxMind in a variety of areas including policies, procedures, awareness/training, and collaborative discussions. You will have a thirst for self-learning by keeping up with the current security and privacy landscape, attending conferences and trainings, asking questions, and generally being inquisitive about how to keep improving.
MaxMind operates globally and as such adheres to domestic, international, and industry security, and privacy regulations and frameworks. This is a great opportunity for someone with an engineering, IT operations, or analyst background to have direct hands on responsibility and ownership of critical components of a maturing security and privacy program.
You will be exposed to a wide variety of security and privacy technologies, requirements, and concepts. You will interact with members of engineering and non-engineering teams as a steward of the security and privacy program so that you can provide guidance and participate in discussions in a meaningful way.
Our salary range for the Information Security Analyst role begins at $85k CAD with the specific offer dependent upon skills and experience. See more about benefits and compensation below.
On a day to day basis, you will
- Respond to data privacy requests.
- Assist in the coordination and completion of information security operations documentation, including security and privacy related policies and procedures.
- Perform reviews on policies, procedures, inventory, and configurations.
- Assist with supporting the supplier security program, business continuity plan, security and awareness training, incident response program, risk assessments, vulnerability management and data privacy program.
- Track and report on information security vulnerabilities and risks.
- Work on security assurance by identifying and directing areas to enhance monitoring in order to verify that policy and procedures are adhered to and that controls are operational.
- Identify policy and risk management objectives, independent of pre-existing frameworks and implementations. Refactor security policies and standards to focus on the right controls.
- Research, evaluate, and recommend information security and privacy related controls on systems, applications, and platforms.
- Assist with responding to security questionnaires.
- Assist with the configuration management and reporting of AV, vulnerability scanning, password management, and Google WorkSpace.
About You - Minimum Qualifications
- One year of professional experience in Information Security or in a similar business unit like Compliance, Audit, or IT Operations.
- Strong writing skills in order to create and maintain documentation such as policies, procedures, awareness training, guidance, and customer support documentation.
- Self motivated and able to prioritize work accordingly.
- Strong understanding of key concepts including confidentiality, integrity, availability, and access control.
- Familiarity with data privacy regulations and the ability to develop an expertise with them.
- Must be able to work in a remote and highly collaborative environment.
- Must be able to understand high level plans and to create prioritized tasks, procedures, deadlines with minimal direction in order to support the implementation of them.
Highly desired, but not required
- Experience with cloud platforms. Google WorkSpace is a plus.
- Experience with ISO 27001:2013, SOC, OWASP, NIST.
- Capability with spreadsheets including formulas, pivot tables, and filters.
- Education related to Information Assurance or equivalent industry certifications.
Our culture is very important to us. We’re friendly, collaborative, and work-focused. We don’t like office politics and unnecessary stress. We like to have productive workdays and don’t like work to chase us when we’re done for the day. We maintain a set of core, overlapping hours, but are flexible with specific start and end times and are understanding about appointments and life events. We care about helping each other succeed.
In a recent survey, employees listed having a supportive work culture, good co-workers, autonomy, and feeling trusted, valued, and respected as some of the things they liked most about working here.MaxMind has a social mission. MaxMind donates over 60% of profits to charities.
MaxMind’s compensation strives to reward getting stuff done, quality of work, and working well with others.
We are a fully remote company, so communication centers around video chat, and direct and group messaging tools.
Benefits
In addition to competitive compensation, our Canadian benefits include medical, dental, vision, life, accidental death and dismemberment, critical Illness, short and long term disability insurance, Employee and Family Assistance Program, and paid parental leave. You also have access to a group Retirement Savings Plan. In lieu of a Canadian RRSP contribution we provide a bonus payout at the end of each year that employees may decide to use toward retirement savings.
Everyone participates in a company performance-based bonus plan. MaxMind offers a $2,000 USD professional development budget and five days for professional development annually.
Diversity and Inclusion
We're committed to diversity and inclusion and are mindful of incorporating them into all aspects of our company.
We encourage and sincerely welcome applications from candidates of color, women, queer candidates, candidates with family caregiving responsibilities, transgender candidates, and from other communities not well represented in the tech world.
See our complete diversity and inclusion statement - https://www.maxmind.com/en/company/working-at-maxmind.
Our Interview Process
One of the first steps in our interviewing process is a homework assignment, and we will ask you for a submission so we can gain insight into your work. The following step of our interview process would be a first round interview with our hiring manager and our Product Security Engineer. This interview will cover questions specific to the role. Next, there would be a final interview with our COO and our HR Manager. That interview would be a more general / behavioral interview. The final step of our hiring process is reference checking.
Your Application (Cover Letter and Resume)
Your application should include a cover letter that describes your interest in the advertised role and why you would be a good fit. We want to know about you, please share any projects or accomplishments and include a link so we can learn more.
Tags: Cloud Compliance Incident response ISO 27001 Monitoring NIST OWASP Privacy Product security Risk assessment Risk management SOC Vulnerabilities Vulnerability management
Perks/benefits: Career development Competitive pay Conferences Flex hours Health care Insurance Medical leave Parental leave Salary bonus Startup environment Team events
More jobs like this
Explore more InfoSec / Cybersecurity career opportunities
Find even more open roles in Ethical Hacking, Pen Testing, Security Engineering, Threat Research, Vulnerability Management, Cryptography, Digital Forensics and Cyber Security in general - ordered by popularity of job title or skills, toolset and products used - below.
- Open Manager Pentest H/F jobs
- Open Information Security Specialist jobs
- Open Senior Security Analyst jobs
- Open Security Operations Engineer jobs
- Open Cyber Security Architect jobs
- Open Senior Cyber Security Engineer jobs
- Open Product Security Engineer jobs
- Open Senior Information Security Analyst jobs
- Open Cyber Security Specialist jobs
- Open Consultant infrastructure sécurité H/F jobs
- Open Cybersecurity Analyst jobs
- Open Principal Security Engineer jobs
- Open Cybersecurity Consultant jobs
- Open Consultant SOC / CERT H/F jobs
- Open Senior Information Security Engineer jobs
- Open Cybersecurity Specialist jobs
- Open IT Security Analyst jobs
- Open Chief Information Security Officer jobs
- Open Security Researcher jobs
- Open Security Specialist jobs
- Open Senior Penetration Tester jobs
- Open Senior Security Architect jobs
- Open Information Systems Security Officer (ISSO) jobs
- Open IT Security Engineer jobs
- Open Senior Cyber Security Specialist jobs
- Open Agile-related jobs
- Open ISO 27001-related jobs
- Open Application security-related jobs
- Open Windows-related jobs
- Open Network security-related jobs
- Open Pentesting-related jobs
- Open CISM-related jobs
- Open Vulnerability management-related jobs
- Open GCP-related jobs
- Open Analytics-related jobs
- Open IAM-related jobs
- Open SaaS-related jobs
- Open Threat intelligence-related jobs
- Open CISA-related jobs
- Open Security assessment-related jobs
- Open DevOps-related jobs
- Open Java-related jobs
- Open Kubernetes-related jobs
- Open Security Clearance-related jobs
- Open EDR-related jobs
- Open Malware-related jobs
- Open IDS-related jobs
- Open CEH-related jobs
- Open APIs-related jobs
- Open CI/CD-related jobs