Information Security Compliance Analyst

ABOUT GOWLING WLG

At Gowling WLG, our commitment to excellence begins with our people. As an international law firm with offices in Canada, the U.K., Europe, the Middle East, and Asia, we’re proud to recruit and retain top talent who bring energy, insight, and a singular focus on delivering exceptional experiences – for our clients and each other.

We’re intentional about building a workplace that’s both high-performing and supportive, ensuring that everyone is empowered to do their best work and reach their full potential. Our culture is grounded in our shared values: Raise the Bar, Embrace Differences, and Thrive Together. These values shape how we collaborate, lead, and succeed – across teams, time zones, and career paths.

Whether you’re pursuing a role in law or business services, explore what’s possible and make your mark with Gowling WLG.

PROFILE

We are looking for an Information Security Compliance Analyst to join our Firm!

This role will be responsible for assessing and managing client contractual and Outside Counsel Guideline (OCG) requirements for information security, leading the firm’s responses to client security assessments, and organizing third-party and internal security audits. The Compliance Analyst will work closely with the firm’s Information Security Coordinator to prepare for and manage the firm’s annual ISO 27001 audits.

The Information Security Compliance Analyst will manage the firm’s obligations under the Controlled Goods Program (CGP) as the Designated Official (DO) and oversee compliance with Canada’s Contract Security Program (CSP) while serving as the Company Security Officer (CSO).

This position can be based in any of our Canadian offices! This is a primarily remote role with in-office attendance as required.

RESPONSIBILITIES

Client \& Contractual Compliance

• Review and assess client contractual obligations and Outside Counsel Guidelines (OCGs) related to cybersecurity, confidentiality, and information governance.
• Coordinate and manage the firm’s responses to client security assessments, questionnaires, and audits.
• Track compliance obligations and provide clear reporting to firm leadership and practice groups.
• Collaborate with IS Coordinator and IT to ensure controls align with client and industry standards (OCG, ISO/IEC 27001:2022, NIST, etc.).

ISO 27001 Compliance \& Audits

• Organize and manage third-party security audits and internal audits to ensure continuous improvement of the firm’s Information Security Management System (ISMS).
• Work with the Information Security Coordinator to prepare for and assist in annual ISO/IEC 27001 audits, including surveillance and recertification audits.
• Monitor the effectiveness of security controls, policies, and procedures, ensuring compliance with ISO/IEC 27001:2022 requirements

Controlled Goods Program (CGP) \& Contract Security Program (CSP)

• Act as the firm’s Designated Official (DO) under the Controlled Goods Program (CGP), responsible for registration, compliance, and monitoring.
• Serve as the firm’s Company Security Officer (CSO) under Canada’s Contract Security Program (CSP).
• Oversee personnel security screening, compliance training, and incident reporting in line with regulatory obligations.
• Act as primary liaison with Public Services and Procurement Canada (PSPC), and other regulatory bodies.

Governance, Training \& Risk Management

• Develop, implement, and maintain procedures, and training programs that support compliance with client and regulatory security requirements.
• Conduct regular risk assessments and internal reviews to identify compliance gaps and oversee corrective actions.
• Provide ongoing compliance training and awareness for lawyers, staff, and management.
• Maintain comprehensive documentation and evidence of compliance activities.

QUALIFICATIONS

• Bachelor’s degree in information security, Business Administration, or a related field.
• 5+ years of experience in compliance, cybersecurity governance, or regulatory affairs (law firm or professional services sector strongly preferred).
• Demonstrated knowledge of ISO/IEC 27001:2022 and experience with internal/external audit preparation and management.
• The following certifications are required for this position. If the successful candidate does not have them, they must be willing to obtain:
  • ISO/IEC 27001:2022 Lead Auditor or Lead Implementer
  • Completion of the Controlled Goods Program Designated Official Certification Program, or ability to complete upon appointment
  • Completion of Contract Security Program Company Security Officer training, or ability to complete upon appointment.
• The following certifications would be considered an asset:
  • CISA, ISC2 CGRC, CRISC, CIPP/C, CIPM, Security+, NIST Cybersecurity Framework training, or equivalent GRC/audit/compliance credentials.
• Familiarity with Canadian security programs: Controlled Goods Program (CGP) and Contract Security Program (CSP).
• Experience serving as, or supporting, a Designated Official (DO) and/or Company Security Officer (CSO) is an asset.
• Strong understanding of client-facing compliance processes (e.g., OCGs, security questionnaires, vendor due diligence).
• Excellent organizational, communication, and problem-solving skills.
• Proven ability to handle sensitive information with discretion and professionalism.
• Bilingualism (English/French) is considered an asset.

BENEFITS/PERKS

Gowling WLG’s total rewards program is designed to foster a culture where high performance and personal well-being go hand-in-hand. We support your career and life with:

• 100% employer-paid health, dental, and mental health coverage, plus an annual lifestyle spending allowance
• Benefits coverage for Firm members and their dependents from day one!
• 15+ vacation days and hybrid work flexibility
• Parental leave top-up for 26 weeks (after 12 months of full-time employment)
• Group Retirement Savings Plan with employer match
• Financial protection through short \& long-term disability, life, accident \& critical illness insurance
• Employee \& Family Assistance Program, guided CBT, and an internal network of 120+ trained Mental Health First Aid responders
• Recognition awards, appreciation events, and a supportive, collaborative work culture
• Perks and preferred pricing programs, referral bonuses and more

The starting range for this role is $100,000 to $115,000. Starting salary will be determined based on an applicant’s individual skills, competencies and unique qualifications. Gowling WLG employees have the potential to exceed this range based on tenure and performance.

This position is currently vacant and is open to both internal and external candidates. Gowling WLG is recruiting for this role to support ongoing firm needs and team operations.

This employer may use tools within our applicant tracking system that include artificial intelligence–supported features, such as automated candidate matching. These tools do not make hiring decisions; all screening, assessments, and selections are reviewed and completed by human recruiters and hiring managers.

Gowling WLG is dedicated to building a diverse and inclusive workplace. If you are in need of accommodation or support at any time during the recruitment process, please let us know.