Skip to main content

Information Security Compliance Analyst (12 Month Contract)

D2L is a cloud company that is modernizing education and building the Future of Work. The old models of teaching and learning are in the midst of the largest transformation in history, and D2L is at the heart of that fundamental shift. 

New models of teaching and learning enable a personalized, student-centric experience – and deliver improved retention, engagement, satisfaction, and results for learners of all ages – in schools, campuses, and companies.

D2L is disrupting the way the world learns, by providing the next generation learning environment and solutions to engage and inspire learners. And most importantly, by giving customers a platform that is easy, flexible, and smart. No other company provides a solution as robust and innovative as D2L.

D2L has had a singular mission for 25 years and is dedicated to that same mission in the years ahead: to transform the way the world learns – and by doing so, we will help improve human potential globally.

A member of our Talent Acquisition team reviews ALL of our applications - yes a real person reviews resumes! They are excited to read more about what amazing things you could add to D2L. 

Job Summary:

Being the Information Security Risk and Compliance Analyst at D2L, you are a key influencer and contributor to the refinement and delivery of D2L's security and compliance programs. You work to improve our security posture along with meaningful adoption and execution of operating controls and, in tandem, delivery on a certification strategy that enables business in new markets and sectors. 

How Will I Make an Impact?

  • Assist in refining and delivering D2L's Security program and ensuring alignment of these to D2L's compliance program.
  • Promote a culture of security awareness through training and knowledge campaigns across the organization.  
  • Improve D2L’s posture and transparency on security, privacy and compliance practices, both internally and externally
  • Perform security risk assessments pertaining to governance, people, data, software, hardware, and cloud infrastructure.
  • Perform alignment of risk mitigation strategies/plans to industry standards - ISO 27001/NIST SP 800-53R4/ PCI DSS etc.  
  • Perform third party/vendor/partner security risk assessments.  
  • Facilitate and manage external audits and conduct internal audits.  
  • Provide security representation and responses for new deals and proposals.
  • Monitor and enforce data privacy policies in partnership with the D2L Legal team. 

What you’ll bring to the role:

  • In-depth knowledge of information security principles, practices, and technologies, including risk assessment, security controls, encryption, access controls, and incident response.
  • Understanding of relevant data protection and security regulations (e.g., GDPR, HIPAA, PCI DSS) and the ability to ensure the organization's adherence to these requirements.
  • Familiarity with various compliance frameworks, such as ISO 27001, NIST Cybersecurity Framework, and CIS Controls, and the ability to apply them to assess and improve security controls in a DevOps environment.  
  • Proficiency in conducting security audits, Cloud Security risk assessments, and compliance evaluations to identify vulnerabilities and ensure compliance with policies and regulations.
  • Capability to develop and update security policies, standards, and procedures to align with industry best practices and regulatory requirements.
  • Competence in identifying, assessing, and prioritizing Cloud/Application/Infrastructure security risks and implementing risk management strategies.  
  • The capability to evaluate complex security challenges, think critically, and make informed decisions. 

Skills 

  • A strong understanding of information security principles, best practices, standards (e.g., ISO 27001, NIST Cybersecurity Framework), and relevant regulations (e.g., GDPR, HIPAA).
  • Familiarity with compliance frameworks and risk assessment methodologies to identify, assess, and mitigate security risks within the organization.
  • Ability to conduct security assessments and audits to ensure compliance with internal policies and external regulations.
  • Strong analytical skills to evaluate security incidents, identify patterns, and recommend improvements to security controls and processes.
  • Knowledge of IT systems, networks, and infrastructure to understand potential security vulnerabilities and effectively assess security controls.
  • Understanding of data privacy regulations and best practices to protect sensitive information and ensure compliance with data protection laws.
  • Capability to develop and update security policies, standards, and procedures to align with industry best practices and regulatory requirements.
  • Knowledge of vulnerability assessment tools and practices to identify and address potential security weaknesses.
  • Ability to design and deliver security awareness and training programs for employees to promote a security-conscious culture.
  • Effective written and verbal communication skills to articulate security risks, compliance issues, and remediation plans to both technical and non-technical stakeholders.
  • Skills to manage security compliance projects, coordinate with teams, and ensure timely completion of tasks.
  • Collaboration and teamwork are crucial for working with various departments and stakeholders to achieve compliance objectives. 

Suggested Qualifications

  • A bachelor's degree in Computer Science, Information Technology, Cybersecurity, or a related field is usually preferred  
  • Minimum 4 years experience in the Information Security field required 
  • Certifications: Preferred certifications for this role may include: 
  • Certified Information Systems Security Professional (CISSP), Certified Information Security Manager (CISM), Certified Information Systems Auditor (CISA), CompTIA Security+, Certified Ethical Hacker (CEH), GIAC Security Essentials (GSEC) 
  • Knowledge of Security Frameworks and Standards: Familiarity with information security frameworks and standards such as ISO 27001, ISO 27701, NIST 800-53R4, StateRAMP/FedRAMP, CSAE 3416/SSAE18; SOC1/2/3, NIST Cybersecurity Framework, GDPR, or PCI DSS is essential for ensuring compliance with relevant regulations and best practices. 
  • Experience using enterprise-grade governance risk and compliance (GRC) tools. 
  • You have experience performing audits, particularly in a public cloud & DevOps environment. 
  • You enjoy getting to the root of a problem and exploring all possible solutions 
  • You have experience building, managing and securing the large enterprise, web scale and serverless environments. 
  • You have a passion for exploring modern technologies and patterns to maintain our customer's privacy and confidentiality and protect D2L's intellectual property. 

Note: this is a fixed term contract for a duration of 12 months

The expected base salary range for a new hire in this role is listed below. The annualized base salary offered is determined by each candidate’s relevant knowledge, skills, education, training and experience. It is aligned to ensure both internal and external competitiveness using market data for the geographic location and industry. As part of the total compensation at D2L the role may be eligible for additional benefits including a Wellness Subsidy, Equity Grants, Variable Incentive, and more.

Base Salary Range
$80,000$100,000 CAD

Don’t meet every single requirement? We strongly encourage you to still apply! At D2L, we are committed to creating a diverse and inclusive environment. We encourage your application even if you don't believe you meet every single qualification outlined, because we love to help our people grow and develop!

Why we're awesome:

 

At D2L, we are dedicated to providing you with the tools to do the best work of your life. While some of our perks and benefits may vary depending on location or employment type, we are proud to provide employees with the following through #LifeAtD2L:

  • Impactful work transforming the way the world learns
  • Flexible work arrangements
  • Learning and Growth opportunities
  • Tuition reimbursement of up to $4,000 CAD for continuing education through our Catch the Wave Program
  • 2 Paid Days off for Catch the Wave related activities like exams or final assignments
  • Employee wellbeing (Access to mental health services, EFAP program, financial planning and more)
  • Retirement planning
  • 2 Paid Volunteer Days
  • Competitive Benefits Package
  • Home Internet Reimbursements
  • Employee Referral Program
  • Wellness Reimbursement
  • Employee Recognition
  • Social Events
  • Dog Friendly Offices at our HQ in Kitchener, Winnipeg, Vancouver and Melbourne.

D2L is committed to a fair and inclusive work environment. We are an equal opportunity employer that hires and attracts talent regardless of age, race, creed, color, religion, national origin, ancestry, marital status, affectional or sexual orientation, gender identity or expression, disability, nationality, sex, status as a protected veteran or any other legally protected grounds and will not discriminate on these bases. We draw on diversity of thought and experience to reflect the rich array of cultures representing our broad customer base and we seek talent with diversity of life experiences and perspectives from around the world. If you have special accessibility requirements that need to be considered during the recruitment process, please let us know by emailing us at [email protected] and a member of our HR team will get back to you. Information received relating to accommodation needs of applicants will be addressed confidentially. D2L maintains a drug-free workplace.

Disclaimer and Consent:

By clicking on the “Submit Application” button above, you acknowledge, agree and/or provide your explicit consent for the D2L family of companies


The D2L family of companies and its vendors, partners, and third parties and their systems may be located in jurisdictions different from your jurisdiction of residence.

For more information on how the D2L family of companies protects your privacy, please review D2L’s Privacy Statement.

To all recruitment agencies: D2L does not accept agency resumes. Please do not forward resumes to our HR alias e-mail address, to any D2L employee, or to other Desire2Learn e-mail addresses. D2L will not pay any fees related to unsolicited resumes.