IT Security Compliance Analyst

Join Team CARFAX as an IT Security Compliance Analyst

 Isn't it time you bragged about where you work? At CARFAX, we do, every day. We pride ourselves on being mission-focused on helping to grow a brand built on accuracy and integrity. We care deeply about our products and our customers. We’re more than just a company: We help millions of consumers make more informed decisions every day. We know that our teammates are our most valuable asset, and we value a balanced life while tackling challenging projects in a fast-paced environment.  One last thing: Our four-day week continues in Summer 2023!

We’re looking for an IT Security Compliance Analyst to join our IT Security team at our London, ON office and provide support to meet CARFAX’s legal, audit, compliance, and risk management needs. 

This role has an expectation of 3 days in the office per week, subject to change based on future business needs.

What you’ll be doing:

• Defining, creating, and managing IT and organizational policies and standards
• Ensuring that all policies and procedures are implemented and well-documented in addition to performing internal reviews
• Coordinating the creation of required attestation documents
• Supporting internal and external audit processes for relevant compliance requirements including PCI-DSS, CCPA, SOX, SOC2
• Examining and evaluating internal controls based on various security and privacy standards (PCI, SOC2, NIST), ensuring controls are adequate, appropriate and effective
• Managing internal and external security assessments and risk analysis strategies to help avoid non-compliance
• Assisting various business units with reviewing security and contract requirements included in partnership and vendor agreements
• Performing assessments on new and existing systems, processes, and technologies
• Support the vendor due diligence process and help to lead and define overall third-party risk management efforts
• Perform periodic gap assessments to validate compliance on an ongoing basis
• Work with the security team to establish configuration management and system hardening baselines
• Remain informed on current regulatory concerns and IT and information security trends
• Actively participate in the security community such as ISACA, ISC2, SANS Institute
• Interface with global IT and business partners to provide guidance and support

What we’re looking for:

• 5+ years of experience with legal and regulatory compliance standards such as PCI-DSS, SOX, SOC2, CCPA, GDPR, HIPAA, etc
• Working knowledge of IT security frameworks, particularly NIST, ISO27001, SOC2, CIS
• Strong understanding of fundamental information security concepts and technology
• Possess strong analytical and critical thinking skills
• Bachelor’s degree in an area such as Computer Systems Technology, Information Security, Cyber Security or equivalent work experience
• ISACA or (ISC)2 Certification a plus

What’s in it for you:

• Competitive compensation, benefits and generous time-off policies
• 4-Day summer work weeks and a winter holiday break
• RRSP matching
• Annual bonus program
• Casual, dog-friendly, and innovative office spaces

Don’t just take our word for it:

• 10X Virginia Business Best Places to Work
• 9X Washingtonian Great Places to Work
• 9X Washington Post Top Workplace
• Louis Post-Dispatch Best Places to Work

About CARFAX

CARFAX, part of S&P Global Mobility, helps millions of people every day confidently shop, buy, service and sell used cars with innovative solutions powered by CARFAX vehicle history information. The expert in vehicle history since 1984, CARFAX provides exclusive services like CARFAX Used Car Listings, CARFAX Car Care, CARFAX History-Based Value and the flagship CARFAX® Vehicle History Report™ to consumers and the automotive industry. CARFAX owns the world’s largest vehicle history database and is nationally recognized as a top workplace by The Washington Post and Glassdoor.com. Shop, Buy, Service, Sell – Show me the CARFAX™. S&P Global Mobility is a division of S&P Global (NYSE: SPGI). S&P Global is the world’s foremost provider of credit ratings, benchmarks, analytics and workflow solutions in the global capital, commodity and automotive markets.

CARFAX is an Affirmative Action/Equal Opportunity Employer. It is the policy of CARFAX to provide equal employment opportunity to all persons regardless of race, color, sex, pregnancy, religion, national origin, age, ancestry, citizenship status, veteran status, military status, disability or handicap, sexual orientation, genetic information or any other status protected by federal, state or local law. In addition, CARFAX will provide reasonable accommodations for qualified individuals with disabilities. We maintain a drug-free workplace. We are a participant in E-Verify.