Senior Security Analyst

We're looking for a Senior Security Analyst to report on the security risk management program, providing visibility and helping security leadership understand where security risks reside and where improvements must be made to protect the business. Lightspeed Security is a dynamic and innovative organization committed to maintaining the highest standards of security, governance, and risk management. Our modern risk management program is a cornerstone of our operations!

What you'll be doing: 

• Maintain the completeness and integrity of the security risk program’s risk register
• Review security risk assessments to ensure they adequately summarize and communicate the security risk to stakeholders, with various levels of technical and security knowledge/expertise
• Monitor action plans and milestones for risk remediation requirements resulting from  security risk assessments
• Provide training to the security team on how to document, formulate and enforce security improvements that balance risk with business operations and do not diminish efficiencies or innovation.
• Work closely with enterprise risk management, security leadership, colleagues and stakeholders to evaluate and recommend risk models that align with Lightspeed’s  organizational risk posture and risk appetite.
• Regularly report on security risk metrics to security leadership emphasizing changes in security risk posture and mitigation efforts.
• Review post-incident learnings from security incidents and the results of tabletop exercises and coordinate security risk assessments to document key risk findings
• Maintain a high degree of knowledge with current and proposed security changes impacting regulatory, privacy and security industry best practices.
• Stay abreast of new laws, regulations and standards, and assess their impact to the business.
• Frequently interact with business units to understand their plans, risk posture and tolerance, and how to support their vision and business obligations with security and risk in mind.
• Coordinate with stakeholders to implement effective risk mitigation strategies 
• Work closely with the security awareness team to align security awareness and education initiatives with risk reduction objectives. Pinpoint strengths and areas for improvement related to security posture and risk management/acceptance.
• Using different mediums, create security awareness content employees can comprehend, regardless of their level of cybersecurity knowledge. Distill content and avoid complexity.
• Construct security awareness content around key areas of corporate risk, such as phishing, data protection, password management, social media and general cybersecurity hygiene.
• Assist the PCI DSS and SOC2 compliance assurance programs through monitoring and testing activities and detailed reporting

 What you need to bring: 

• 3+ years’ of security risk management experience.
• A strong bias towards accountability and continuous improvement
• A strong track record of identifying and reporting on  key performance indicators. 
• Excellent verbal and written communication skills
• Ability to summarise task and initiative progress and identify challenges. 
• Experience with security frameworks (e.g., NIST CSF, PCI, ISO/IEC 27001, GDPR)

Even better if you have: 

• Administration and/or familiarity with application security, cloud services, third-party risk management and role-based access.
• Understanding of service design, delivery concepts and control frameworks.
• Relevant certifications such as CISSP, CISM, CRISC, or equivalent.
• An interest in security and growing your career.
• Familiarity with security technologies and best practices, including cybersecurity defences, intrusion detection systems, and encryption technologies.

What’s in it for you: 

• Join a growing team and help us move to the next level
• Amazing benefits & perks, including equity for all Lightspeeders
• Constant development of both your skill-set and business acumen with limitless growth opportunities
• Lots of autonomy, flexible work culture
• Innovation time to explore and learn at work
• Shaping the company by joining cultural & technical committees
• Tons of growth opportunities into technical or people management roles
• Opportunity to join a fast-paced, high-growth company
• Opportunity to learn, expand your skill set, forge wonderful relationships and make your mark within the diverse and inclusive Lightspeed family, a true Canadian tech success story

….  And enjoy a range of benefits that will keep you happy, healthy and (not) hungry.

• Lightspeed equity scheme (we are all owners).
• Flexible paid time off and remote work policies.
• Health insurance.
• Contributions to your pension plan - RRSP.
• Health and wellness benefit of $500 per year.
• Paid leave and assistance for new parents.
• Mental health online platform and counseling & coaching services.
• Training opportunities to grow your skills and career
• Volunteer day.
• Fully stacked kitchen (hot and cold beverages, meals served) 
• Happy hours to build your relationships with colleagues after work