Job Summary:

Every day, our software is used by millions of people around the world, and we are looking for individuals who share in our excitement and passion for transforming the way the world learns. At D2L, we believe that learning should be accessible and engaging. Our goal is to create easy, flexible, and smart software that ignites the desire to learn in everyone. To do this, we need to give talented, enthusiastic, and passionate people opportunities to create, develop, and collaborate on projects that revolutionize the learning environment.

As an Information Security Analyst or Specialist at D2L, you are a key influencer and contributor to the refinement and delivery of D2L's Information Security Program

How Will I Make an Impact?

• Assist in refining and delivering D2L's Information Security Program with particular focus on endpoints, applications, and the underlying infrastructure.
• Perform regular application/infrastructure security scans, generate reports, and liaise with related stakeholders to work towards closing open issues.
• Liaise with operational teams on existing and emerging information security risks and provide subject matter expertise.
• Monitor/track information security risks and related artifacts throughout their lifecycle.
• Support the Information Security Continuous Monitoring Program(s) aligned with specific security compliance programs.
• Support the product sales cycle by completing security questionnaires from prospective clients.
• Collaborate with internal subject matter experts to collate, review, and submit periodic security questionnaires from D2L’s client.
• Support internal D2L teams during security assessments/reviews/audits.
• Review independent third-party reports from vendors, suppliers and partners for adequacy and alignment with D2L’s Information Security Program.
• Track identified gaps from third party assessments and follow up with stakeholders to close outstanding issues.

Competencies (What you’ll bring to the role):

• You have previous hands-on experience implementing information security controls across a wide range of domains including Endpoint Security, Application Security, and Infrastructure Security.
• You have hands-on experience with public cloud services like Amazon Web Services (AWS), Azure etc.
• You have hands-on experience performing vulnerability assessments and penetration tests.
• You’re familiar with Static Application Security Testing (SAST), Dynamic Application Security Testing (DAST) and Software Composition Analysis (SCA).
• You have demonstrable experience working with teams that have implemented security controls based on ISO 27001/NIST 800-53R4, CSAE 3416/SSAE18; SOC1/2/3.
• You have experience using enterprise-grade governance risk and compliance (GRC) tools.
• You are excited at the prospect of potentially rolling up your sleeves and getting your hands dirty.
• You have experience assessing security control implementations on large enterprise, web scale and serverless environments.
• You have a passion for exploring modern technologies and patterns to maintain our customer's privacy and confidentiality and protect D2L's intellectual property.
• You are a fast learner and want to contribute on day one.

About the team

• We work daily to enhance our defenses and actively anticipate potential threats to ensure we are protecting the availability, integrity and confidentiality of D2L services and data.
• Our solutions are heavily focused on the native AWS technology stack while also making use of a variety of supporting technologies such as Terraform, Cloud Formation, and Jenkins.
• Our current compliance coverage and road map include ISO27001/17/18; CSAE 3416/SSAE18; SOC1/2/3; TX-RAMP.
• Our team is physically located at D2L’s HQ in Kitchener, Ontario Canada but we maintain a strong virtual presence to enable us to collaborate from wherever we may be.