Enterprise Risk Analyst

 

 

It’s not a package. It’s a promise®.

 

As Canada’s leading integrated freight, package, and logistics provider, we’ve been helping promises get where they need to be for more than 60 years. How does the magic happen? The journey starts with you. The places we go, the elements we brave, the promises we deliver – it’s all possible because of our people. So, whether you’re looking to build new skills, make an impact in your community, or inspire your team, we go there for you.

 

 

Description

 

The Enterprise Risk Analyst is responsible for identifying, assessing, and helping application teams mitigate security vulnerabilities within the organization's IT environment. This role involves managing internal compliance with security policies and assessments, implementing industry best practices, coordinating penetration tests with third party vendors, and the remediation process for vulnerabilities.

 

The successful candidate will collaborate with cross-functional teams to integrate security measures into IT operations and development processes, ensuring findings are addressed promptly and effectively to maintain the security and integrity of the company's systems and data. Success in this role will be dependent upon a mix of technical knowledge as well as interpersonal skills.

Responsibilities

 

Risk Assessment and Governance:

• Perform risk assessments and threat modeling for IT systems and applications.
• Assist in the development and management of IT Security policies, procedures, and documentation
• Lead risk assessments on third party technologies and identify areas of concern.

 

Certification and Penetration Testing:

• Facilitate penetration tests by coordinating with relevant teams and third-party vendors.
• Assess penetration test findings, prioritize vulnerabilities, and manage them through remediation to closure.

 

Monitoring and Reporting:

• Create detailed vulnerability management reports and dashboards to communicate risks and remediation progress to stakeholders.
• Monitor and track the status of vulnerability remediation efforts.
• Provide recommendations for improving security posture and reducing risk.
• Stay up to date with the latest security threats, vulnerabilities, and mitigation techniques.

 

Collaboration and Training:

• Partner with product teams to integrate security into the Software Development Lifecycle (SDLC) and promote secure DevSecOps coding practices.
• Understand cloud environments to make recommendations on best practices and identify areas for improvement.
• Conduct security awareness training for technical teams to improve secure coding and system hardening practices.

 

Tool and Process Optimization:

• Manage and optimize vulnerability management tools and technologies, such as ServiceNow GRC, to enhance effectiveness and efficiency.
• Research and recommend new tools or methodologies, including the utilization of AI, to improve the organization’s vulnerability management process.

Education

 

Academic:

• Bachelor’s degree in Computer Science, Information Security, equivalent education or work-related experience.

 

Certifications (Preferred):

• Relevant certifications such as CISSP, CEH, or CompTIA Security+ or equivalent are a plus.

Experience

 

• 3-5 years of experience in IT security, with a focus on vulnerability management, risk assessment, risk remediation, and collaboration with cross-functional teams to mitigate risks effectively.
• Leading the implementation of controls for industry best practices and regulatory standards, such as PCI DSS, SOC 2, and leading audit readiness.
• IAM technologies (e.g., AWS IAM, Okta, Azure AD) and entitlements management.

 

Technical Knowledge:

• Hands-on experience with GRC tools (e.g. ServiceNow GRC) including a strong understanding of common security vulnerabilities, their business impact and mitigation techniques.
• Familiarity with security frameworks and standards (e.g. NIST, ISO 27001, OWASP Top 10) and their practical application.
• Exposure to network security technologies (e.g. firewalls, VPNs, endpoint detection and response (EDR)) and their role in comprehensive vulnerability management.
• Understanding IAM technologies (e.g., AWS IAM, Okta, Azure AD), role-based access controls, segregation of duties, and entitlement management.
• Knowledge of vulnerability management processes.

 

Skills:

• Advanced analytical and problem-solving abilities, with a demonstrated ability to prioritize and address vulnerabilities in dynamic environments.
• Strong interpersonal and communication skills for interacting with both technical and non-technical stakeholders effectively.
• Strong organizational skills to manage multiple projects, meet deadlines, and manage competing priorities.
• Ability to articulate technical findings in a business context to enable informed decision-making at all organizational levels.
• Skilled at delivering clear, concise presentations to executives, focusing on key insights without getting lost in unnecessary detail.
• Demonstrates strong collaboration skills while also excelling in independent work.

Nice to Have

 

• Knowledge of SDLC processes and tools such as SonarCloud or Snyk,
• Experience creating and running a security awareness program.
• Ability to generate reports and work with Power BI.

 

 

POSTING DETAILS
Location:                    530 - Corporate  
Working Conditions: Office Environment 

Reports to:   Technology Manager Security Risk and Compliance 
---

Purolator is an equal opportunity employer committed to diversity and inclusion. We consider all qualified applicants for employment without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, age, disability, Aboriginal/Indigenous status or any other factors considered discriminatory. If you require an accommodation during the recruitment process, we will work with you to meet your needs.

We recognize that our employees and their families are key stakeholders. We will only be successful as a business if we provide our employees with a safe and healthy workplace and we have the right people in the right roles with the support they need to succeed. We hire for attitude and train for skills.  To learn more about us and our values, go to www.purolator.com.

At Purolator, every day is an opportunity for our employees to connect with one another and with our customers to help make a positive impact in the communities where we live, work and play.