Information Security Compliance Analyst

About Gowling WLG

At Gowling WLG, our commitment to excellence begins with our people. As an international law firm with offices in Canada, the U.K., Europe, the Middle East, and Asia, we’re proud to recruit and retain top talent who bring energy, insight, and a singular focus on delivering exceptional experiences – for our clients and each other.

We’re intentional about building a workplace that’s both high‑performing and supportive, ensuring that everyone is empowered to do their best work and reach their full potential. Our culture is grounded in our shared values:
Raise the Bar, Embrace Differences, and Thrive Together. These values shape how we collaborate, lead, and succeed – across teams, time zones, and career paths.

Whether you’re pursuing a role in law or business services, explore what’s possible and make your mark with Gowling WLG.

We are looking for an Information Security Compliance Analyst to join our Firm!

This role will be responsible for assessing and managing client contractual and Outside Counsel Guideline (OCG) requirements for information security, leading the firm’s responses to client security assessments, and organizing third‑party and internal security audits. The Compliance Analyst will work closely with the firm’s Information Security Coordinator to prepare for and manage the firm’s annual ISO 27001 audits.

The Information Security Compliance Analyst will manage the firm’s obligations under the Controlled Goods Program (CGP) as the Designated Official (DO) and oversee compliance with Canada’s Contract Security Program (CSP) while serving as the Company Security Officer (CSO).

This position can be based in any of our Canadian offices! This is a primarily remote role with in‑office attendance as required.

• Review and assess client contractual obligations and Outside Counsel Guidelines (OCGs) related to cybersecurity, confidentiality, and information governance.
• Coordinate and manage the firm’s responses to client security assessments, questionnaires, and audits.
• Track compliance obligations and provide clear reporting to firm leadership and practice groups.
• Collaborate with IS Coordinator and IT to ensure controls align with client and industry standards (OCG, ISO/IEC 27001:2022, NIST, etc.).

• Organize and manage third‑party security audits and internal audits to ensure continuous improvement of the firm’s Information Security Management System (ISMS).
• Work with the Information Security Coordinator to prepare for and assist in annual ISO/IEC 27001 audits, including surveillance and recertification audits.
• Monitor the effectiveness of security controls, policies, and procedures, ensuring compliance with ISO/IEC 27001:2022 requirements.

• Act as the firm’s Designated Official (DO) under the Controlled Goods Program (CGP), responsible for registration, compliance, and monitoring.
• Serve as the firm’s Company Security Officer (CSO) under Canada’s Contract Security Program (CSP).
• Oversee personnel security screening, compliance training, and incident reporting in line with regulatory obligations.
• Act as primary liaison with Public Services and Procurement Canada (PSPC), and other regulatory bodies.

• Develop, implement, and maintain procedures, and training programs that support compliance with client and regulatory security requirements.
• Conduct regular risk assessments and internal reviews to identify compliance gaps and oversee corrective actions.
• Provide ongoing compliance training and awareness for lawyers, staff, and management.
• Maintain comprehensive documentation and evidence of compliance activities.

• Bachelor’s degree in information security, Business Administration, or a related field.
• 5+ years of experience in compliance, cybersecurity governance, or regulatory affairs (law firm or professional services sector strongly preferred).
• Demonstrated knowledge of ISO/IEC 27001:2022 and experience with internal/external audit preparation and management.
• The following certifications are required for…