Security Analyst Customer & Audit Compliance
Mississauga, ON, CA, L5N 0E1
Applications have closed
Description
Working in Purolator’s Security and Compliance team, the Customer and Audit Compliance Analyst is accountable to operate and help mature our cybersecurity – vendor risk management (CS-VRM) program as well as be responsible for ensuring compliance to security guidelines and auditing requirements. You will work with a wide array of vendors and internal teams to manage vendor cybersecurity risk. You will have a great opportunity to shape and build our emerging CS-VRM program.
The work we do at Purolator impacts every Canadian. To work with us, you must be eligible to obtain a Reliability Security Clearance.
Responsibilities
- Understand and assess inherent and residual risk associated with vendors providing services to Purolator.
- Understand and bring security awareness to the product teams on applicable standards/policies.
- Manage CS-VRM service provider(s) performance.
- Assist Procurement and project teams with vendor contract negotiation.
- Identify and implement improvements to mature the CS-VRM program.
- Make recommendations to enhance the CS-VRM governance model (e.g. policies, processes, KPIs) as well as existing tolls and solutions to keep up with industry standards.
- Report to management on CS-VRM risk levels.
- Work cooperatively with all stakeholders, internal and external.
Additional Responsibilities
- Experience with cyber security, controls testing, and presenting.
- Familiarity with service organization audit standards (e.g., SOC 2, PCI) and reports.
- Auditing or compliance experience with cloud services would be an asset.
- Ability to understand and interpret penetration test reports.
Education
- Undergraduate degree in computer science, business or equivalent.
- CISSP, CISA certifications and accreditations are all recommended.
Experience
- 1 to 3 years in an information security role.
- 1 to 3 years managing or interacting with vendors (service providers).
- Exceptional interpersonal skills and proven to flourish working in a fast-paced environment.
- Ability to work effectively in a cross-disciplinary team, across multiple projects and multiple locations.
- Sharp analytic and problem-solving capabilities that go beyond strict technical expertise.
- Broad IT knowledge and strong level of familiarity with information security industry best practices.
- Previous CS-VRM experience preferred.
* Salary range is an estimate based on our InfoSec / Cybersecurity Salary Index 💰
Tags: Audits CISA CISSP Clearance Cloud Compliance Computer Science Governance KPIs Risk management Security Clearance SOC SOC 2
More jobs like this
Explore more InfoSec / Cybersecurity career opportunities
Find even more open roles in Ethical Hacking, Pen Testing, Security Engineering, Threat Research, Vulnerability Management, Cryptography, Digital Forensics and Cyber Security in general - ordered by popularity of job title or skills, toolset and products used - below.
- Open Product Security Engineer jobs
- Open Senior Cybersecurity Engineer jobs
- Open Senior Cyber Security Engineer jobs
- Open Information Security Officer jobs
- Open Information Security Specialist jobs
- Open Principal Security Engineer jobs
- Open Senior Penetration Tester jobs
- Open Cloud Security Architect jobs
- Open Chief Information Security Officer jobs
- Open IT Security Engineer jobs
- Open Staff Security Engineer jobs
- Open Cyber Security Specialist jobs
- Open Senior Network Security Engineer jobs
- Open Senior Product Security Engineer jobs
- Open Security Specialist jobs
- Open Cyber Security Architect jobs
- Open Security Operations Analyst jobs
- Open Cybersecurity Consultant jobs
- Open Information System Security Officer jobs
- Open Security Consultant jobs
- Open Information Systems Security Officer jobs
- Open Senior Information Security Analyst jobs
- Open Information Security Architect jobs
- Open Ethical hacker / Pentester H/F jobs
- Open Senior Security Architect jobs
- Open CISA-related jobs
- Open Agile-related jobs
- Open Risk assessment-related jobs
- Open Analytics-related jobs
- Open SOC-related jobs
- Open Network security-related jobs
- Open GCP-related jobs
- Open ISO 27001-related jobs
- Open IAM-related jobs
- Open Application security-related jobs
- Open DoD-related jobs
- Open DevOps-related jobs
- Open Pentesting-related jobs
- Open Threat intelligence-related jobs
- Open APIs-related jobs
- Open Java-related jobs
- Open Vulnerability management-related jobs
- Open Security Clearance-related jobs
- Open CEH-related jobs
- Open Kubernetes-related jobs
- Open SaaS-related jobs
- Open Malware-related jobs
- Open Security assessment-related jobs
- Open PowerShell-related jobs
- Open SQL-related jobs