Information Security Audit Analyst

■ INFORMATION SECURITY AUDIT ANALYST

The Information Security Office, together with Business Capability Enablement (BCE) and Infrastructure and Operations (I&O), form the CMPA IT team.

The Information Security Office plays a pivotal role in safeguarding CMPA’s digital assets, infrastructure, and sensitive information from an array of potential threats. Its primary objective is to design, implement, and maintain robust security measures to mitigate risks posed by cyberattacks, data breaches, malware, and other malicious activities. The Information Security Office is responsible for ensuring the protection of the confidentiality, integrity, and availability of the CMPA’s information and technology assets and so plays an essential role in protecting and safeguarding the CMPA’s reputation and ensuring that it continues to provide high-quality services to its members. The Information Security Office works closely with other departments across the Association to ensure that security is integrated into all aspects of the CMPA’s operations.

The Information Security Office consists of the Information Security Management and Cybersecurity Operations teams.

POSITION OVERVIEW

Reporting to the Lead, Information Security Management, the Information Security Audit Analyst is a vital member of the Information Security Management team who works closely with the Lead in safeguarding the organization’s information assets. This role focuses on the identification, assessment, and mitigation of cyber and information security risks, with accent on de-duplication, de-identification, and data classification activities. In addition, this role supports information security audit activities with final aim of contributing to the maintenance and enhancement of the organization’s security posture. The Analyst works alongside various departments to ensure seamless integration of security measures into business processes and assists in the development and execution of a comprehensive Information Security Program.

As a detail-oriented and analytical professional, the Analyst is instrumental in the continuous improvement of the security risk management framework and supports the organization’s commitment to resilience and compliance.

POSITION ACTIVITIES

• Supports with the creation and maintenance of the security audit program, supporting internal security audit requirements and practices, with detailed reporting and accompanying technology recommendations and identifying opportunities for improvement
• Supports with implementing security audit compliance solutions to run and maintain audit and compliance assessments, interpreting compliance scoring, tracking improvement actions, and providing audit‑ready reports
• Collaborates with the security, infrastructure, BCE, Business Intelligence, AI and advanced analytics, privacy & records management teams to translate security audit requirements, using audit compliance tools, into audit policies, audit queries, and compliance workflows
• Supports document de-duplication governance and compliance at CMPA
• Support data classification practices and technologies at CMPA with the aim to minimize the risk of valuable or sensitive data being lost or mismanaged
• Responsible for exploring data discovery and deduplication tools for unstructured information
• Responsible in evaluating data deduplication tools, defining deduplication requirements, and running proofs of concept to select fit‑for‑purpose solutions
• Aligns deduplication tool selection with stakeholder needs across relevant cross functional teams
• Acts as a point of contact for questions about how de-duplication is performed/managed
• Maintains detailed documentation for de-duplication plans and reviews them regularly
• Works with relevant stakeholders on establishing processes, procedures, tools in managing and disposing duplicate copies at scale with an aim to minimize the volume of non-valuable and sensitive information and the risks associated with it
• Partners with relevant teams to align deduplication logic with data standards and regulatory/compliance requirements
• Provides training and guidance to users and support teams on deduplication procedures and best practices for maintaining high‑quality data
• Develops and maintains an understanding of the technical environment, as well as the functional requirements within the CMPA to better understand security safeguards and technologies
• Provides clear, constructive verbal and written responses to security‑related requests and inquiries
• Participates in information security projects and activities as required

EDUCATION AND EXPERIENCE

• Bachelor’s degree in Cybersecurity, Information Technology, Computer Science, or a related field of study
• Minimum of 3-5-years of experience in IT cybersecurity experience, with at least 2 of those years in an operationally focused security practitioner role
• Strong working experience of Microsoft 365 services (Exchange, SharePoint, OneDrive, Teams)
• Knowledge and working experience with Microsoft Purview components (i.e. Compliance Manager, Audit, Data Lifecycle Management/retention, Insider Risk, eDiscovery, Content Search) is highly desired
• Knowledge and working experience in configuring and interpreting compliance assessments and scores in Purview Compliance Manager is highly desired
• Strong knowledge of de-identification and de-duplication governance and compliance
• Strong knowledge of data classification practices and tools to discover, identify and label unstructured data
• Strong knowledge of common industry frameworks (i.e. ISO 27001, NIST CSF), audit methodologies (i.e. SOC 2, CIS controls)
• Strong understanding of networks, web technologies, and common enterprise architectures
• Strong working knowledge and experience in planning, managing, and executing security audits and assessments based on security risk assessments, with a proven ability to meet deadlines in dynamic environments
• Demonstrated experience working in an agile environment

• Demonstrated ability to maintain up-to-date knowledge of industry best practices, standards, and new & emerging technologies

• Demonstrates a high level of discretion and sensitivity in handling confidential information and the organization’s reputation

• Strong analytical and problem-solving skills with the ability to interpret analytical results and findings in a meaningful way to the intended audience

• Attention to detail with an ability to work in an ever changing and fast-paced environment
• Ability to document operational processes, work with cross‑functional teams, and communicate clearly with both technical and non‑technical audiences
• Solid report-writing skills with the ability to explain risks and controls in non-technical language
• Strong knowledge of concepts like de-duplication, de-identification, anonymization vs pseudonymization, and knowledge of basic data analysis tools
• Ability to communicate effectively and deliver presentations clearly to both technical and non-technical team members and to instruct others in the use of new data, technology, and/or processes
• Self-motivated with the ability to prioritize multiple tasks within a collaborative team environment, and meet tight timelines
• Ability to work independently and within a team environment
• Ability to perform work outside of normal business hours on occasion
• Strong analytical, documentation, and stakeholder‑communication skills to support internal and external audits
• Proven ability to work collaboratively with cross‑functional technology teams
• Project coordination experience including the usage of relevant project coordination tools

POSTING DETAILS

• Job type: This is a regular full-time opportunity.
• This posting is for a newly created position.
• Salary range: $85,500-$114,400 – this role is classified as a level 8.
• Location: Hybrid - Primary Remote. You can work from a home-based office the majority of the time within the provinces of Ontario and Québec, with regular on-site presence at the CMPA office (1-2 days per week). If you prefer, you can choose to work out of the CMPA office in Ottawa, Ontario near the beautiful Dow’s Lake.
• Skill assessment: selected candidates may be required to complete a skill assessment.
• Application deadline: March 31, 2026 at 4:00pm EST.

The CMPA is an equal opportunity employer and is committed to being responsive to those living with disabilities and strives to prevent and remove barriers to accessibility. The CMPA will provide support and accommodation in its recruitment processes to applicants living with disabilities. If you are invited to participate in an interview and/or skills assessment and have accommodation needs, please let us know.

Equity, diversity, and inclusion (EDI) is a key priority, and we actively strive to build a culture of inclusion where employees can be their authentic selves and are valued for their diverse experiences and perspectives.

We welcome and encourage candidates from diverse backgrounds and a variety of lived experiences to apply.