Security Specialist, IT Risk & Compliance
Blake, Cassels & Graydon LLP (Blakes), one of Canada’s largest and most successful law firms, has an opening for a Security Specialist, IT Risk & Compliance to join the Information Technology department in the Toronto office.
This position is responsible for maintaining security of information and data in Firm information systems and infrastructure, ensuring that it remains protected from compromise. This role is also responsible for monitoring compliance to Firm information security policies and standards, monitoring security apparatus, investigating reports of security incidents and conducting security risk assessments.
Primary responsibilities of the position include, but are not limited to:
- Audit and Compliance Management – managing end-to end-client-initiated and ISO 27001/SOC2 audits
- Risk Management – conducting risk assessments, understanding and clearly communicating possible risk to the Firm, and recommending controls for mitigation
- Information Security Policy Management – developing, maintaining, and communicating information security policies that support the information security strategy
- Security Incident Management and Response – developing and maintaining the capability to detect and manage security incidents so that exposure can be minimized, recovery can be achieved in accordance to Firm objectives, and analytical/reporting capability maintained
- Performing security risk assessments and maintaining IT Risk Registry
- Performing internal IT audits and respond to external clients’ audits requests
- Managing ISO 27001/27017/SOC2 certifications related activities
- Leads or commissions suitable information security awareness, training and educational activities for IT teams
- Providing information security consulting, guidance and assistance to internal stakeholders including the IT teams and legal professionals
- Interfacing with internal stakeholders and responding to security related issues; reporting, investigating and resolving security breaches and implementing responsive measures
- Degree or diploma in computer science, technology or information security
- Minimum of five years of experience in performing and documenting security risks on multiple platforms
- Experience with ISO 27001 and SOC2 is required
- CISSP certification is strongly recommended
- CRISC, CISA and CISM certifications are recommended
- CCSP (Cloud Security) certification would be an asset
- Strong verbal and written communication skills
- Strong attention to detail
- Comfortable communicating and building relationships with senior stakeholders and upper management
- Strong presentation, influencing and analytical thinking skills
- Ability to build consensus to remediate security control gaps
- Ability to prioritize, organize and manage multiple tasks simultaneously
- Ability to work independently with minimal supervision
How to Apply:
To apply for this position, please submit your application along with a cover letter and résumé directly to our application portal.
Blakes wishes to thank all applicants for their interest. However, only those candidates selected for an interview will be contacted.
Who We Are
At Blakes, we are all about our people. We are committed to not only providing exceptional client experiences, but also fostering an open and inclusive workplace culture for legal and administrative professionals. As a winner of the Canada’s Best Diversity Employers award, as well as the Greater Toronto’s Top Employers award, we know that diversity and inclusion are not simply initiatives on the perimeter of our business — they are the core of our success. We understand the importance of cultivating an environment that brings out the best in each person. Our success as a Firm starts with the hiring, development and retention of top talent.
Blakes welcomes applications from all qualified applicants. The Firm is committed to maintaining an inclusive work environment comprised of people with diverse perspectives, backgrounds, identities and cultures.
The Firm provides accommodation for applicants with disabilities and in respect of other protected grounds during the recruitment process in accordance with applicable laws. Please contact us to request accommodation.