Security Analyst Customer & Audit Compliance

Description

Working in Purolator’s Security and Compliance team, the Customer and Audit Compliance Analyst is accountable to operate and help mature our cybersecurity – vendor risk management (CS-VRM) program as well as be responsible for ensuring compliance to security guidelines and auditing requirements. You will work with a wide array of vendors and internal teams to manage vendor cybersecurity risk. You will have a great opportunity to shape and build our emerging CS-VRM program.

The work we do at Purolator impacts every Canadian. To work with us, you must be eligible to obtain a Reliability Security Clearance.

Responsibilities

• Understand and assess inherent and residual risk associated with vendors providing services to Purolator.
• Understand and bring security awareness to the product teams on applicable standards/policies.
• Manage CS-VRM service provider(s) performance.
• Assist Procurement and project teams with vendor contract negotiation.
• Identify and implement improvements to mature the CS-VRM program.
• Make recommendations to enhance the CS-VRM governance model (e.g. policies, processes, KPIs) as well as existing tolls and solutions to keep up with industry standards.
• Report to management on CS-VRM risk levels.
• Work cooperatively with all stakeholders, internal and external.

Additional Responsibilities

• Experience with cyber security, controls testing, and presenting.
• Familiarity with service organization audit standards (e.g., SOC 2, PCI) and reports.
• Auditing or compliance experience with cloud services would be an asset.
• Ability to understand and interpret penetration test reports.

Education

• Undergraduate degree in computer science, business or equivalent.
• CISSP, CISA certifications and accreditations are all recommended.

Experience

• 1 to 3 years in an information security role.
• 1 to 3 years managing or interacting with vendors (service providers).
• Exceptional interpersonal skills and proven to flourish working in a fast-paced environment.
• Ability to work effectively in a cross-disciplinary team, across multiple projects and multiple locations.
• Sharp analytic and problem-solving capabilities that go beyond strict technical expertise.
• Broad IT knowledge and strong level of familiarity with information security industry best practices.
• Previous CS-VRM experience preferred.