IT Security Specialist

Descartes Unites the People and Technology that Move the World

The need for efficient, secure, and agile supply chains and logistics operations has become ever more critical and complex. By combining innovative technology, powerful trade intelligence and the reach of our network, Descartes helps get goods, information, transportation assets, and people where they’re needed, when they’re needed.

We’re one of the most broadly deployed logistics and supply chain technology companies in the world. More than 26,000 customers around the globe use our cloud-based solutions to transform the way they move inventory and information to enhance productivity, better serve customers, thrive competitively, keep pace with evolving regulations, and respond to rapidly changing market conditions. Descartes is publicly traded (Nasdaq:DSGX, TSX:DSG) with headquarters in Waterloo, Ontario, Canada, and offices and partners around the world. With record financial performance for more than 16 years, we lead the industry in innovation investment. Every day, logistics service providers, manufacturers, retailers, distributors, and other logistics-intensive businesses of all sizes rely on our scale, stability, and comprehensive solution footprint to move what’s most important to them. Learn more at www.descartes.com .

We’re growing fast and invite you to join our amazing team.

Reporting and working very closely the Manager of Information Security, the Information Security Compliance Analyst will be responsible for leading the development, implementation and maintenance of a global level information security management system, supporting policy framework and related Governance Risk and Compliance (GRC) activities. The overall GRC program should support multiple compliance and audit obligations including SOC2, ISO27001, PCI, HIPAA and SOX. This individual should have some familiarity with risk identification, risk treatment and risk registers. Additional responsibilities will include communication of the GRC program to the rest of the organization, and internal audit tasks related to the preparation of such audits for external auditors. These GRC activities will extend across on premise and cloud infrastructures and multiple Web applications and multiple office and datacenter locations across the globe.

This newly created opportunity is ideal for an individual who is seeking professional experience and is enthusiastic about the prospect of working at a growing company with a global focus, and who have a keen interest in learning and developing as a professional.

Responsibilities

• Ability to learn and maintain knowledge of specific compliance frameworks and requirements such a HIPAA and PCI
• Coordination, preparation, and internal audit for ISO27001, SOC1, HIPAA, PCI, SOC2 Programs and alignment of program to NIST Cyber Security framework
• Experience in creating Policy Documentation and Metrics to measure compliance with Policy
• Risk Register Management and Security Exception Management
• Participate in Education and Awareness around the area of Compliance and GRC, Security Awareness, and other education campaigns related to Cyber Security.
• Develop and maintain compliance automation tools including on-line GRC systems, automated compliance checks, and other methods to scale and reduce overhead of compliance.
• Participation in Data Privacy initiatives including Data Privacy Impact Analysis
• Coordination with global IT Pillars to achieve Security and Compliance goals
• Threat Modeling new and existing processes and projects
• Cultivate core relationships between internal stakeholders and external partners and other third-party entities that support security requirements for handling sensitive data.
• Participation in creation and maintence of security collateral and whitepapers and RFP/RFI response support
• Establish and maintain compliance within the Public Cloud and utilization of automation technologies such as Cloud Security Posture Management
• Maintain a Security and Compliance roadmap and integration checkpoints for new acquisitions
  
  

Qualifications And Key Attributes

We are seeking an assertive, adaptable individual with excellent analytical skills, and who will thrive as both a team player and as an individual contributor.

• A college diploma is required
• Knowledge of information security best practices, risks and countermeasures.
• Some experience in a compliance related environment including but not limited to PCI Compliance, ISO27001, SOC2, GDPR
• The ability to weigh business risks and enforce appropriate information security measures.
• Outstanding interpersonal, verbal and written communication skills to interface with management, staff, vendors and customer prospects.
• A high degree of integrity and trust, along with the ability to work independently or as part of a team.
• Strong time management skills.
• Excellent documentation and analytical skills.
• Any information security certifications are an asset, including but not limited to CISM, CISSP, CISA, CRISC
• Understanding of complex technical environments including Traditional Datacenter, Public Cloud and Hybrid.
• Some experience in compliance in complex web applications including SDLC, Threat Modeling, Defense in Depth
• Certification in ISO27001 Auditing is a plus
  
  

Salary Range: $90,000 to $100,000 CAD. Compensation information provided is a good faith estimate for this position only. Factors that may be used to determine your actual salary may include your specific skills as well as the years of experience you have. Similar positions located in different geographic regions will not necessarily receive the same compensation.

Location: This is a remote opportunity, open to applicants authorized to work in Canada, ideally in eastern time zone.

Join Us

As we scale, we’re looking for new doers, collaborators and innovators to join Descartes in uniting the people and technology that move the world as the Global Leader in Logistics and Supply Chain Technology. We’re entrepreneurial, hardworking, geeky-in-a-good way problem solvers. Guided by our values, we nurture a TEAM focused culture that invests in people and creates opportunities for advancement across a broad spectrum of career paths. We prioritize work-life balance and foster an environment with the space to take ownership, to be heard, and to carve a path for your individual accomplishments to help drive our success. At Descartes, everyone has a voice and the best idea wins, regardless of who makes it. We offer competitive compensation, great benefits, remote and flexible work hours, and the opportunity to join a company on an awesome mission with a great existing team and trajectory.

Descartes also has a deep sense of environmental responsibility. Learn more about how we helped our customers save over 552,000 metric tons of CO2 in 2020 by reducing fuel and paper consumption: https://www.descartes.com/who-we-are/social-responsibility-sustainability/environmental-impact . Join a team that’s committed to working with customers to conserve resources and enhance sustainability.

If you feel you have 70% of the qualifications we are looking for, and Descartes sounds like the team and the mission you want to be part of, apply now. We can't promise it will be a fit, but we do promise to consider your experience.

Through COVID-19, we implemented a virtual hiring process and continue to interview and onboard candidates by video using Microsoft TEAMS. We record interviews and use them strictly for quality assurance, training and general record keeping purposes. Should you have any questions about this process, please connect with our hiring team in advance of scheduled interviews. We value the safety of each member of our community because we know we're all in this together.

We are an Equal Employment employer. We do not discriminate in hiring on the basis of sex, gender identity, sexual orientation, race, color, religious creed, national origin, physical or mental disability, protected status, or any other characteristic protected by federal, provincial, or local law. For more information about our commitment to equal employment opportunity, please review our Code of Business Conduct and Ethics at Descartes.com . Descartes is committed to working with and providing reasonable accommodations to job applicants with disabilities. Applicants in North America with a disability who require a reasonable accommodation for any part of the application or hiring process can email us at hrna@descartes.com . Provide your name and contact information along with the accommodation needed to assist you with the application process. Your request will be responded to as soon as possible. Reasonable accommodations will be determined on a case-by-case basis.