Risk and Compliance Analyst

Let’s help you launch your career with the Tugboat Logic! We are looking for a new crew member to join our InfoSec team in Canada as the Risk and Compliance Analyst.

Small but mighty … tiny tugboats can maneuver huge ships … that’s what the crew at Tugboat Logic does time and again by leading our clients through to calm waters. Tugboat Logic sets the industry standard for InfoSec. Our mission is to make security a business advantage for every organization. As the “TurboTax” of information security, our prime directive is to help our clients take the misery and mystery out of security compliance. We demystify the dark art of building and managing InfoSec programs using automation, AI, and powerful workflows. Most importantly, we save our clients time and money and help them become secure and compliant quickly and painlessly! The role of Risk and Compliance Analyst is dynamic, engaging, and challenging … read on to learn more!

___________________________________________________________________THE ROLE

Are you …

  • A bit of a generalist that can flex and shift as new priorities emerge?
  • Highly detail-oriented and an amazing communicator?
  • A team player and enjoy collaborating with cross-functional teams?
  • Experienced working in InfoSec?
  • Knowledgeable in the field of audit and regulatory compliance?
  • Energized working with a highly engaged team?
  • Inspired by staying up to date on the latest development in InfoSec?
  • Keen to work with a leading InfoSec tech start-up?

If you share our values and are looking for a rewarding career you can grow with, then this role may be for you!

We are looking for a dynamic individual who strives for order in the chaos, is motivated to learn continuously, and actively exhibits the pillars of our culture – communication, collaboration, trust, and fun. We value diversity and are committed to an inclusive, fair, and respectful workplace. We have created an open and welcoming environment that allows every crew member to bring their complete, authentic selves to work every day and provides opportunities to grow and reach their full potential. The role of the Risk and Compliance Analyst is to support Tugboat Logic’s Security Assurance Platform by creating new security content as well as supporting existing content concerning various security frameworks (such as SOC 2, ISO27001, PCI DSS, NIST CSF, HIPAA, GDPR, CCPA, etc.), helping customers by responding to security and privacy related questions required for the implementation of controls, assisting cross-teams with security expertise, and contributing to the ongoing improvement of the Tugboat Logic’s Security Assurance platform. This position relies heavily on your security and privacy background as well as sound and repeatable processes.



  • Create content (such as policies, controls, guidance, templates, etc.) for security frameworks
  • Improve and update content upon revision of frameworks or regulations (as applicable)
  • Updating content-related changes in the Tugboat Logic’s Security Assurance Platform
  • Provide support and guidance to customers on the management of security frameworks, control implementation, and guidance
  • Assist customers by responding to security and privacy-related questions
  • Responding to day-to-day requests from different teams on security and compliance-related issues/questions
  • Maintain up-to-date knowledge of the IT security industry
  • Regularly keep apprised of new/revised or improved security solutions, processes, and development of latest threats and attack vectors
  • Participate in internal user acceptance testing for new product releases and assist with QA efforts as needed
  • Maintain detailed knowledge of Tugboat Logic’s Security Assurance Platform
  • Participate in internal compliance as needed
  • Perform other duties as may be assigned by the CISO


  • 3+ years of experience in information security compliance/consulting/research across multiple companies and industries
  • Strong passion for and experience leading security and risk-based discussions with technical and business stakeholders
  • Amazing communication and writing skills
  • Detailed knowledge of security risks and compliance as well as technical understanding of IT security
  • Working or conceptual knowledge of security frameworks (such as SOC 2, ISO27001, PCI DSS, HIPAA, NIST CSF as well as privacy regulations)
  • Working knowledge within key IT controls and risk assessment concepts
  • Good understanding of audit and regulatory compliance (specifically knowledge of audit practices and methodologies)
  • High-level working knowledge of security solutions such as endpoint security, DLP, SIEM, NAC, vulnerability assessments, authentication, and encryption tools and what problems those solutions are designed to solve
  • Ability to multi-task and work on multiple assignments at the same time while managing priorities
  • CISSP, CISM, CISA, or equivalent information security certifications or experience is a value add for this role


  • Critical thinking skills to work through complex issues
  • Driven by collaboration and teamwork
  • Strong communication skills to be able to clearly explain their work to other parties
  • Willingness and desire for continuous learning
  • Demonstrated ability to adapt and grow
  • Attention to detail



  • A fun, fast-paced, and supportive work environment that respects everyone
  • An inclusive and collaborative working environment that encourages creativity, curiosity and celebrates success
  • Competitive compensation commensurate with your experience and skills
  • A full complement of benefits
  • Opportunities for career advancement
  • A remote work environment where you work remotely but don’t feel remote (offices may reopen after COVID)

Our expectations of this role are high, and we demand the best. In return, we provide a work environment that is professionally challenging, personally rewarding, and intellectually stimulating. Guided by strong leadership, we support the initiative, encourage ambition, recognize, and reward talent (monetary incentives and opportunities for advancement).

This position will stay open until a new crew member is brought onboard. We want to thank everyone for their application; however, only those considered for an interview will be contacted.

___________________________________________________________________Collection, use, and retention of personal information will be in accordance with Tugboat Logic, Inc.’s privacy policies and practices. By submitting your resume and personal data to Tugboat Logic, Inc., and participating in a personal interview, you acknowledge and consent to collecting, using, and disclosing your personal information by Tugboat Logic, Inc. to determine your suitability for employment opportunities.

Apply for this position

Allowed Type(s): .pdf, .doc, .docx