Information Security Compliance Associate

Case IQ is a leading B2B SaaS company in the governance, risk, and compliance (GRC) space, helping organizations build safer, more accountable workplaces. We offer a comprehensive suite of solutions that enable organizations to move from reactive approaches to proactive risk management. Our software helps teams across compliance, HR, legal, and investigations report, manage, investigate, and prevent workplace risk - including ethics violations, fraud, harassment, discrimination, security incidents, and third-party issues - so they can better protect their people, culture, and business.

Backed by over 25 years of domain expertise and trusted by Fortune 500 companies, Case IQ has supported the management of millions of cases and helped mitigate billions in financial and reputational risk.

Role Summary

We are looking for an Information Security Compliance Associate to support Case IQ's security, privacy, and compliance program under the direction of the Director of Information Security. This remote-first role is a strong fit for an early-career professional who is interested in information security, compliance, audit support, and documentation within a growing security program.

In this role, you will help maintain policies and compliance documentation, support customer and vendor security questionnaires, organize audit evidence, assist with security and compliance tools, and work cross-functionally with IT, Security, and internal stakeholders to support established security controls and processes.

While the role is remote, we are seeking candidates based in the Ottawa area.

What You'll Do

• Support the company’s security and compliance program under the direction of the Director of Information Security
• Maintain and update security, privacy, and compliance policies and documentation
• Assist with customer and vendor security questionnaires, including evidence collection
• Support internal and external audits by organizing evidence, tracking requests, and coordinating with internal teams
• Help manage and operate compliance and security tools (e.g., GRC platforms, monitoring tools)
• Track changes to security and regulatory requirements and flag potential impacts
• Partner with IT and Security teams to support systems for network, endpoint, and user controls (e.g., EDR, MDM)
• Respond to security and compliance inquiries from internal and external stakeholders

What Success Looks Like

• 30 Days: Complete onboarding, role-specific training, and required security/compliance expectations. Build context on Case IQ’s security program, compliance obligations, audit processes, DPA reviews, security awareness training, tools, documentation standards, and key internal stakeholders. Complete initial policy reviews and basic updates, audit support activities, and assigned questionnaires.
• 60 Days: Begin supporting more in-depth policy/documentation updates, evidence collection, questionnaire coordination, security awareness training development and audit request tracking with guidance from the Director of Information Security.
• 90 Days: Own defined recurring security and compliance support tasks with increasing independence, including policy maintenance, questionnaire management, evidence collection, DPA tracking and reviews, audit support, security awareness program administration, accurate documentation, and timely stakeholder follow-up.
• 6 Months: Contribute independently to smoother audit readiness, stronger documentation hygiene, security awareness program maturity, clearer tracking of security/compliance requests, and stronger cross-functional coordination.
• 1 Year: Operate as a trusted security and compliance partner who helps keep processes organized, documentation current, audits supported, training programs maintained, stakeholders informed, and compliance initiatives moving forward while supporting the growth of the security program.

Who You Are

• Foundational knowledge of information security and compliance concepts
• Experience editing or maintaining policies, procedures, or compliance documentation
• Exposure to audits, risk assessments, or security questionnaires
• General technical understanding of IT systems, endpoints, and networks
• Familiarity with endpoint or device management tools (e.g., CrowdStrike, MDM)
• Strong organizational skills and attention to detail
• Clear written and verbal communication skills
• Ability to work cross-functionally and follow established processes
• Exercise the highest level of discretion in the handling and protection of all data and sensitive information.

Assets (Nice to Have)

• Exposure to frameworks such as SOC 2, ISO 27001, GDPR, or NIST CSF.
• Familiarity with GRC or compliance automation tools.
• Entry-level security or compliance certifications.

Perks and Benefits

• Work remotely within a flexible work environment (our team spans 7 countries).
• Competitive company-paid benefits plan.
• Generous professional development budget.
• Half-day Fridays in the summer + weekly meeting-free time blocks.

Selected candidates will be contacted through BambooHR (please check your junk mail).

Case IQ is an equal opportunity employer. All qualified applicants are given consideration regardless of race, religion, color, gender, sex, age, sexual orientation, gender identity, national origin, marital status, citizenship status, disability, veteran status, or any other protected class as provided in applicable employment laws. If you have a disability or special need that requires accommodation, please contact us at hr@caseiq.com.