Information Security Compliance Analyst
Job Fit Check
Base Career helps you apply smarter for this job.
Key skills for this role
About the Role
Gowling WLG seeks an Information Security Compliance Analyst to manage client contractual security requirements, lead ISO 27001 audits, and oversee compliance with Canadian security programs (CGP, CSP).
Key Skills for This Role
Responsibilities
- Review and assess client contractual obligations and Outside Counsel Guidelines (OCGs) related to cybersecurity, confidentiality, and information governance.
- Coordinate and manage the firm’s responses to client security assessments, questionnaires, and audits.
- Track compliance obligations and provide clear reporting to firm leadership and practice groups.
- Collaborate with IS Coordinator and IT to ensure controls align with client and industry standards (OCG, ISO/IEC 27001:2022, NIST, etc.).
- Organize and manage third party security audits and internal audits to ensure continuous improvement of the firm’s Information Security Management System (ISMS).
- Work with the Information Security Coordinator to prepare for and assist in annual ISO/IEC 27001 audits, including surveillance and recertification audits.
- Monitor the effectiveness of security controls, policies, and procedures, ensuring compliance with ISO/IEC 27001:2022 requirements.
- Act as the firm’s Designated Official (DO) under the Controlled Goods Program (CGP), responsible for registration, compliance, and monitoring.
- Serve as the firm’s Company Security Officer (CSO) under Canada’s Contract Security Program (CSP).
- Oversee personnel security screening, compliance training, and incident reporting in line with regulatory obligations.
- Act as primary liaison with Public Services and Procurement Canada (PSPC), and other regulatory bodies.
- Develop, implement, and maintain procedures, and training programs that support compliance with client and regulatory security requirements.
Requirements
- Bachelor’s degree in information security, Business Administration, or a related field
- 5+ years of experience in compliance, cybersecurity governance, or regulatory affairs (law firm or professional services sector strongly preferred)
- Demonstrated knowledge of ISO/IEC 27001:2022 and experience with internal/external audit preparation and management
- Willingness to obtain ISO/IEC 27001:2022 Lead Auditor or Lead Implementer certification, CGP Designated Official Certification, and CSP Company Security Officer training
- Strong understanding of client facing compliance processes (e.g., OCGs, security questionnaires, vendor due diligence)
- Excellent organizational, communication, and problem solving skills
- Proven ability to handle sensitive information with discretion and professionalism
Full Job Posting
About Gowling WLG
- At Gowling WLG, our commitment to excellence begins with our people. As an international law firm with offices in Canada, the U.K., Europe, the Middle East, and Asia.
Profile
- We are looking for an Information Security Compliance Analyst to join our Firm!
- This role will be responsible for assessing and managing client contractual and Outside Counsel Guideline (OCG) requirements for information security, leading the firm’s responses to client security assessments, and organizing third party and internal security audits.
- The Information Security Compliance Analyst will manage the firm’s obligations under the Controlled Goods Program (CGP) as the Designated Official (DO) and oversee compliance with Canada’s Contract Security Program (CSP) while serving as the Company Security Officer (CSO).
- This position can be based in any of our Canadian offices! This is a primarily remote role with in office attendance as required.
Client & Contractual Compliance
- Review and assess client contractual obligations and Outside Counsel Guidelines (OCGs) related to cybersecurity, confidentiality, and information governance.
- Coordinate and manage the firm’s responses to client security assessments, questionnaires, and audits.
- Track compliance obligations and provide clear reporting to firm leadership and practice groups.
- Collaborate with IS Coordinator and IT to ensure controls align with client and industry standards (OCG, ISO/IEC 27001:2022, NIST, etc.).
ISO 27001 Compliance & Audits
- Organize and manage third party security audits and internal audits to ensure continuous improvement of the firm’s Information Security Management System (ISMS).
- Work with the Information Security Coordinator to prepare for and assist in annual ISO/IEC 27001 audits, including surveillance and recertification audits.
- Monitor the effectiveness of security controls, policies, and procedures, ensuring compliance with ISO/IEC 27001:2022 requirements.
Controlled Goods Program (CGP) & Contract Security Program (CSP)
- Act as the firm’s Designated Official (DO) under the Controlled Goods Program (CGP), responsible for registration, compliance, and monitoring.
- Serve as the firm’s Company Security Officer (CSO) under Canada’s Contract Security Program (CSP).
- Oversee personnel security screening, compliance training, and incident reporting in line with regulatory obligations.
- Act as primary liaison with Public Services and Procurement Canada (PSPC), and other regulatory bodies.
Governance, Training & Risk Management
- Develop, implement, and maintain procedures, and training programs that support compliance with client and regulatory security requirements.
- Conduct regular risk assessments and internal reviews to identify compliance gaps and oversee corrective actions.
- Provide ongoing compliance training and awareness for lawyers, staff, and management.
- Maintain comprehensive documentation and evidence of compliance activities.
Qualifications
- Bachelor’s degree in information security, Business Administration, or a related field.
- 5+ years of experience in compliance, cybersecurity governance, or regulatory affairs (law firm or professional services sector strongly preferred).
- Demonstrated knowledge of ISO/IEC 27001:2022 and experience with internal/external audit preparation and management.
- The following certifications are required for this position. If the successful candidate does not have them, they must be willing to obtain: ISO/IEC 27001:2022 Lead Auditor or Lead Implementer; Completion of the Controlled Goods Program Designated Official Certification Program; Completion of Contra
- The following certifications would be considered an asset: CISA, ISC2 CGRC, CRISC, CIPP/C, CIPM, Security+, NIST Cybersecurity Framework training, or equivalent GRC/audit/compliance credentials.
- Familiarity with Canadian security programs: Controlled Goods Program (CGP) and Contract Security Program (CSP).
- Experience serving as, or supporting, a Designated Official (DO) and/or Company Security Officer (CSO) is an asset.
- Strong understanding of client facing compliance processes (e.g., OCGs, security questionnaires, vendor due diligence).
- Excellent organizational, communication, and problem solving skills.
- Proven ability to handle sensitive information with discretion and professionalism.
- Bilingualism (English/French) is considered an asset.
Benefits/Perks
- 100% employer paid health, dental, and mental health coverage, plus an annual lifestyle spending allowance
- Benefits coverage for Firm members and their dependents from day one!
- 15+ vacation days and hybrid work flexibility
- Parental leave top up for 26 weeks (after 12 months of full time employment)
- Group Retirement Savings Plan with employer match
- Financial protection through short & long term disability, life, accident & critical illness insurance
- Employee & Family Assistance Program, guided CBT, and an internal network of 120+ trained Mental Health First Aid responders
- Recognition awards, appreciation events, and a supportive, collaborative work culture
- Perks and preferred pricing programs, referral bonuses and more
Salary Range
- The starting range for this role is CAD 100,000 to CAD 115,000.
Apply for this job in 1 click
Skip the repetitive application forms
Install the Base Career Chrome Extension and autofill job applications across major job boards with your profile.
Trusted by over 500,000 job seekers on Base Career
More from this employer
More jobs at Gowling WLG
Director, Legal Talent
Toronto, CAN
Gowling WLG seeks a Director, Legal Talent to lead recruitment, development, and retention of associates within the Disputes Department. The role implements strategic talent initiatives and collaborates with shared servi
Information Security Compliance Analyst
Calgary, CAN
Gowling WLG is seeking an Information Security Compliance Analyst to manage client contractual security requirements, lead responses to security assessments, and oversee ISO 27001 audits. The role also involves managing
CRM Coordinator
Ottawa, CAN
Gowling WLG is looking for a CRM Coordinator to support day-to-day CRM administration, data quality, and user support. The role involves maintaining data accuracy, preparing reports, and assisting with testing and traini