Risk and Compliance Analyst

Caseware is one of Canada's original Fintech companies, having led the global audit and accounting software industry for over 30 years, with more than 500,000 users across 130 countries and available in 16 different languages. While you might not have heard of us (yet) over 36,000 accounting and audit professionals list Caseware as a skill on their LinkedIn profiles!
Caseware is looking for Risk and Compliance professionals to continue our compliance journey, as it relates to our products, and services, and to Caseware as a whole. The Risk and Compliance Analyst will be a part of the Risk and Compliance team, within our Information Security group that is responsible for ensuring appropriate oversight, and reporting over Caseware’s compliance with ISO 27001:2022, SOC 2, and Privacy with respect to PIPEDA and GDPR. Additionally, our team helps design appropriate remediation policy and processes while clarifying fellow teams' understanding of compliance requirements. You’ll be part of a committed team that continuously strengthens, and matures, Casewares Risk and Compliance Management practices, helping protect Caseware, an industry leading Financial Technology services organization. As part of the team, you’ll be working with experienced professionals, well versed in enterprise risk management and industry practices.

What you will do:

• Security Questionnaires and Requests for Proposals (RFPs).
• Review and recommend updates to sales and or contract agreements to be inline with Caseware’s security and privacy practices.
• Complete security questionnaires sent yearly by Caseware’s existing customers, or as required by commercial teams in support of RFP’s.
• Provide feedback to the Risk and Compliance Manager in regards to recurring framework, process, and controls, maturity themes noted or requested during these surveys;  improvement considerations, and customer requests necessary to meet or exceed customer requirements in support of commercial success.
• Represent Caseware’s Risk and Compliance team on customer facing calls
• Manage, update, and continuously conduct improvements to the security questionnaire library and FAQ inventory for all Caseware products. This knowledge base needs to be developed to ensure consistent, efficient responses to surveys and RFP’s.
• Work closely with Legal, and Commercial Success teams (Sales, Distributors, etc.) as a Risk and Compliance focused liaison for these groups.
• Supply Chain Risk Assessment.
• Conduct security risk assessments of existing high and critical vendors in our supply chain on a yearly basis (AWS, Salesforces, etc.) to ensure Caseware’s security, availability, and privacy commitments are not impacted through reliance on vendors.
• Evaluate Complementary User Entity Controls (CUECs) that Caseware must have in place as noted by vendors, and revalidate traceability to Caseware’s implemented controls.
• Assess new vendors (not yet onboarded/obtained by Caseware), ensuring their security, availability, and privacy practices are in-line with Caseware’s security posture, policy and expectations.

What you bring:

• Has Intermediate-level and developing experience in auditing IT and operational controls, within a SaaS environment
• Knowledge and understanding of SOC 2, ISO 27001, PCI DSS, PIPEDA, GDPR or a demonstrable ability to learn and apply industry practices within these frameworks
• Hands-on experience with vendor security reviews, particularly of SaaS applications
• Previous experience in a cloud environment, preferably AWS and/or Azure
• Possess basic knowledge of AWS Cloud infrastructureExcellent written and verbal skills (English)
• Accountability: holds self and others accountable to meet commitments
• Collaboration and Teamwork: works with others to deliver results, meaningfully contributing to the team and prioritizing group needs over individual needs
• Open Communication: clearly conveys thoughts, both written and verbally, listens attentively and asks questions for clarification and understanding, then takes action
• Problem Solving: uses an organized and logical approach to find solutions to complex problems. Looks beyond the obvious to understand the root cause of problems, and navigates appropriately

About Caseware
Caseware's cutting-edge software products are meticulously designed for accounting firms, corporations, and governments. Our teams are continually collaborating, innovating, and building upon our existing suite of products. With a customer-focused mindset, we are building technology that is shaping what the future of audits, financial reporting, and financial data analytics will look like.
With a recent strategic investment from Hg Capital in 2020, Caseware is now in its next major growth phase as we double down on the people and products that have made Caseware so successful to date.
One of Caseware's core values is Many Voices, One Team and with that in mind, we're dedicated to building teams as diverse as our customers in an equitable and inclusive way. We welcome and encourage candidates of all backgrounds to apply. Should you require accommodations or have any questions at any point during the application or interview process, please e-mail our People Operations team at careers@caseware.com.
Any candidates successful in obtaining an offer for a position will need to successfully complete a background check through Certn.co which typically includes an Identity Verification and Criminal Record Check. Executives and Senior Managers will undergo a Soft Credit Check as well.
#LI-Remote