Third Party Risk Manager Jobs in Alberta (NOW HIRING)

Doing business to business, person to person. Payworks is a leading workforce management solutions provider and multi-year winner of the Canada's Best Managed Companies program. We are proudly Canadian as well as committed to developing world-class products and providing a progressive workplace culture where Doing Right by People is our purpose.

With clients of all sizes and more than 600 employees, we currently have an exciting opportunity on our IT Security team for the right candidate. Because when it comes to great people, there's always room for one more.  

Reporting to the Senior Manager, Information Security, the Senior Information Security Analyst will be responsible for using an analytical thought process and sound judgment in executing daily analyst activities. Leveraging industry leading security technologies, this role is the first line of defense against information security threats. You will be responsible for identifying and immediately responding to such risks with a strong attention to detail and technical/investigative mindset. This will include the monitoring of Payworks IT infrastructure and associated alerts as well as responding to tickets and other requests from outside the Corporate Security Team.

• Monitor & respond - Provide second-level support to the Security Operations Centre (SOC) team. Respond to security-related incident tickets, events, and identified vulnerabilities in a timely manner to reduce organizational impact.
• Assess & mitigate risk - Identify and assess security risks to the organization and develop strategies to mitigate them. Stay current on emerging security trends, global events, AI and ML security developments, and apply this knowledge to enhance Payworks' security measures.
• Architect & control access - Ensure Payworks projects, assets, and infrastructure align with established security architectures and standards. Manage user access and permissions including role-based access control (RBAC), and regularly audit user accounts.
• Lead incident response - Develop and maintain incident response plans and coordinate investigations to mitigate security breaches. Oversee and participate in regular tabletop exercises with both the security department and other business departments.
• Deploy & manage security tools - Evaluate, deploy, and manage security technologies including firewalls, IDS/IPS, anti-malware, email security, web application firewalls, identity management, and EDR/XDR solutions.
• Audit & report - Conduct security audits to ensure compliance with SOC1, SOC2, ISO 27001, and NIST. Develop and update security policies and procedures. Prepare and present regular reports on the organization's security posture, incidents, and trends to management and stakeholders.
• Build security culture - Conduct and manage security awareness training for employees across the organization. Perform third-party risk assessments including managing and maintaining related tools and technology.  

• University or College degree in IT Security or a related field.
• 5+ years of experience in security operations roles, including security event triage, incident response, forensic analysis, and vulnerability management.
• Strong understanding of network communications, common protocols and services, and security implementation best practices.
• Solid grasp of security-by-design principles, security engineering and architecture.
• Excels at communicating complex security topics effectively to different audiences, including non-technical stakeholders.
• Strong analytical, organizational, and documentation skills.
• A team player who shares experience and technical knowledge with peers and across the organization.

  BONUS SKILL SET

• Experience with scripting tools or languages such as PowerShell or RegEx considered an asset.
• Cloud infrastructure and/or cloud security experience considered an asset.
• Knowledge of AI/ML security risks and governance frameworks, including experience assessing risks associated with AI system adoption such as data privacy concerns, model integrity threats, third-party AI dependencies, and compliance implications.
• Experience with any of the following vendors, tools or products considered an asset: LogRhythm, Tcpdump, Wireshark, Palo Alto Networks Firewalls, PaloAlto Cortex XDR, Cisco DUO, BeyondTrust, BitSight, OneTrust, Nessus, Synopsis WhiteHat DAST, Burp Suite, Rapid7, Proofpoint, Netscaler Web Application Firewalls.
• Certifications from SANS, ISC2, ISACA, Offensive Security, CompTIA, EC-Council, or CISCO considered an asset.