Your role:

The Information Security Coordinator 2 is responsible for leading compliance initiatives and maturing and implementing enhancements to Global Relay’s Information Security Management System (ISMS). The successful candidate will engage other teams, including Finance (especially the ISO 27001 internal auditor), the DR/BCP team, Operations/DevOps, Development, and Business Development to strengthen our ISMS, including managing our annual ISO 27001 and SOC 2 audits.

Your responsibilities:

• Act as the primary information security resource for the maintenance of Global Relay’s ISMS and related ISO 27001 and SOC 2 programs.
• Support Information Security, Operations/DevOps, and Business Management on risk issues related to information security.
• Participate in actions to maintain and improve risk management and compliance programs.
• Monitor information security compliance trends and keep Information Security team leadership informed about information security related matters.
• Document compliance with policies, customer contracts, and applicable laws related to information security.
• Collaborate with Security, Operations/DevOps, and Business Management to identify and manage information security priorities.
• Assist in the development of security recommendations and manage security project implementations.
• Provide ongoing support of the Global Relay employee security awareness program.
• Participate in business continuity activities, including business impact analyses, business continuity exercises, pandemic planning, and disaster recovery tests.
• Ensure quality control and reporting for the ISMS.
• Manage the company-wide risk register and manage risk issues related to information security.
• Ensure success in annual audits, particularly ISO 27001 and SOC 2, including structured remediation and persistent follow-up of non-conformities in a timely manner.
• Initiate collection and reporting of risk Information relevant for Security leadership team awareness and action.
• Act as key resource in data resiliency planning and business continuity planning, and track technical team status and effectiveness of annual DRP testing.

About you:

• Experience with audits and managing audit controls, collecting audit evidence from technical resources, and interacting with auditors, such as weekly status meetings.
• 3 years of experience in key information security technical areas, including audit compliance, business continuity planning, and related ISO 27001 controls.
• Completion of post-secondary education; a concentration in Information Security is an asset.
• Previous work experience in the technology industry or in area operational security.
• Good understanding of security in a SaaS computing environment.
• Application development or application security background with knowledge of system development lifecycle processes from design, testing, and deployment to post-production and the various risk elements associated with each step.
• Experience with Unix/Linux operating systems, Windows, Active Directory, TCP/IP networking, firewalls, and data center infrastructure.
• Knowledge of security processes, including risk assessment, policy development, compliance program management, audits, security incident response, security awareness training, and business continuity exercises.
• Knowledge of security tools, including intrusion detection and prevention (IDP) tools, vulnerability scanning tools, enterprise-class SIEM software, penetration testing tools, and malware detection and mitigation tools.
• Ability to research and maintain proficiency in software, tools, techniques, countermeasures, and trends in information security, network vulnerabilities, and encryption.
• Ability to communicate diplomatically and effectively at all levels of the organization.
• Solid problem-solving skills.
• Excellent verbal and written communication skills.
• Superior time management and prioritizing ability.
• Strong relationship building skills.

Working Conditions

• Availability after hours for escalations.