Senior IT Compliance Analyst (17-month contract)

Senior IT Compliance Analyst (17-month contract)

Join to apply for the Senior IT Compliance Analyst (17-month contract) role at DECIEM | THE ABNORMAL BEAUTY COMPANY.

DECIEM, known as “The Abnormal Beauty Company”, is the parent of The Ordinary, NIOD, and other beauty brands. Founded in 2013 by the late Brandon Truaxe and Co‑Founder Nicola Kilner, DECIEM is an industry disruptor focused on science‑first innovation, authenticity, and transparency. We are growing rapidly and seek a forward‑thinking professional to join our team.

Responsibilities

• Collaborate cross‑functionally with business and IT stakeholders to assess, drive, track, and implement policies, procedures and controls relevant to DECIEM’s technology compliance and information security.
• Serve as subject matter expert on cyber security and technology regulations, including SOX, GxP, PCI‑DSS, and data privacy.
• Participate in vendor onboarding, performing analysis of new and current vendors through questionnaires to ensure compliance.
• Perform impact assessments and drive long‑term remediation for noted cyber‑security incidents.
• Assist in creating and maintaining information, privacy, and data security policies, standards, and guidelines.
• Interface with internal parties to drive self‑assurance audit readiness and with external parties to facilitate audits.
• Develop internal training programs, including creating and facilitating cyber security best practices, awareness programs, guidelines, and innovative education campaigns.
• Monitor emerging threats and recommend relevant mitigation strategies.
• Perform other duties as assigned.
• Develop interactive dashboards using data sources and tools to provide compliance metrics for senior leadership.

Skills & Qualifications Needed

• 5+ years of experience in cyber security and compliance, with IT audit and compliance activities.
• Cyber security certifications such as CISA, CISSP, or CISM required.
• Working knowledge of regulations such as SOX, PCI‑DSS, GxP, and data privacy.
• Experience with vendor risk assessments, incident response, and risk management preferred.
• Experience building cyber security and technology compliance/GRC programs an asset.

Benefits & Perks

• Generous vacation & personal days, plus additional time off for volunteering, voting, peaceful protesting, celebrations, and more.
• Six months paid time off for new parents (inclusive of all genders).
• Work from anywhere 4 weeks per year.
• A hybrid work model (applicable roles). 3 days in‑office, 2 days remote.
• Summer Fridays – get off at 1 pm all summer long (applicable roles).
• Unlimited access to an Employee Assistance Program that includes mental health care, mindfulness programs, and more.
• Access to Development Grants & a LinkedIn Learning membership to support ongoing growth.
• A generous discount on DECIEM products for you, your family, and your friends.

Company Core Values

• Do the right thing
• Create impact
• Respect small things
• Care too much
• Be the future

Employment Details

• Seniority level: Mid‑Senior level
• Employment type: Contract
• Job function: Information Technology
• Industries: Research Services

DECIEM is an equal opportunity employer. We prohibit discrimination based on age, colour, disability, national origin, race, religion, sex, gender, sexual orientation, and any other legally protected class in accordance with applicable federal, provincial and local laws. We are also committed to creating and maintaining an inclusive and accessible workplace. If you are contacted to be part of our recruitment process and require accommodation, please let us know.