Security Analyst Customer & Audit Compliance Job Details | Purolator

Working in Purolator’s Security and Compliance team, the Customer and Audit Compliance Analyst is accountable to operate and help mature our cybersecurity - vendor risk management (CS-VRM) program as well as be responsible for ensuring compliance to security guidelines and auditing requirements. You will work with a wide array of vendors and internal teams to manage vendor cybersecurity risk. You will facilitate multiple penetration testing across the teams. As well as participate and lead external and internal audits of the IT Controls.

The work we do at Purolator impacts every Canadian. To work with us, you must be eligible to obtain a Reliability Security Clearance.

• Understand and assess inherent and residual risk associated with vendors providing services to Purolator.
• Understand and bring security awareness to the product teams on applicable standards/policies.
• Manage CS-VRM service provider(s) performance.
• Assist project teams with risk assessments and facilitating penetration testing. Help project teams identify vulnerabilities and work with them to remediate.
• Identify and implement improvements to mature the CS-VRM program.
• Make recommendations to enhance the CS-VRM governance model (e.g. policies, processes, KPIs) as well as existing tolls and solutions to keep up with industry standards.
• Report to management on various risk levels.
• Work cooperatively with all stakeholders, internal and external.

• Experience with cyber security, controls testing, and presenting.
• Familiarity with service organization audit standards (e.g., SOC 2, PCI) and reports.
• Ability to understand and interpret penetration test reports.
• Auditing or compliance experience with cloud services would be an asset.

• Undergraduate degree in computer science, business or equivalent.
• CISSP, CISA certifications and accreditations are all recommended.

• 1 to 3 years in an information security role.
• 1 to 3 years managing or interacting with vendors (service providers).
• Exceptional interpersonal skills and proven to flourish working in a fast-paced environment.
• Ability to work effectively in a cross-disciplinary team, across multiple projects and multiple locations.
• Sharp analytic and problem-solving capabilities that go beyond strict technical expertise.
• Broad IT knowledge and strong level of familiarity with information security industry best practices.
• Previous CS-VRM/Penetration testing experience preferred.