Security Risk and Vulnerability Analyst Job Details | Purolator

As Canada’s leading integrated freight, package, and logistics provider, we’ve been helping promises get where they need to be for more than 60 years. How does the magic happen? The journey starts with you. The places we go, the elements we brave, the promises we deliver - it’s all possible because of our people. So, whether you’re looking to build new skills, make an impact in your community, or inspire your team, we go there for you.

The Security Analyst will be part of the evolution of the analyst community and will be expected to have enterprise understanding and impact assessment rather than only line of business specific. This critical role oversees the end-to-end vulnerability management lifecycle and ensures compliance with security policies and industry best practices. This role will ensure direct communication with clients, managers, and leadership, on stages of projects alongside keeping the audience informed. As part of our dynamic team you will collaborate across departments to embed security into IT operations and development while maintaining the integrity of our systems and data.

Vulnerability Management:

• Perform regular vulnerability scans and assessments using tools like Qualys and Nessus.
• Analyze vulnerabilities to determine business impact and prioritize remediation efforts.
• Partner with IT, DevOps, and application teams to remediate vulnerabilities through patch management and configuration updates.

Risk Governance:

• Conduct risk assessments and threat modeling for IT systems and applications.
• Develop and maintain vulnerability management policies, procedures, and documentation.

Monitoring and Reporting:

• Create detailed dashboards and reports to track vulnerability status and communicate risks to stakeholders.
• Provide actionable recommendations to improve security posture.
• Stay informed about emerging threats, vulnerabilities, and mitigation techniques.

Collaboration and Training:

• Work with development teams to integrate security into the Software Development Lifecycle (SDLC).
• Promote secure DevSecOps practices and conduct security awareness training for technical teams.

Testing and Certification:

• Coordinate penetration tests with internal teams and third-party vendors.
• Manage findings from penetration tests, ensuring vulnerabilities are remediated effectively.

Tool and Process Optimization:

• Manage vulnerability management tools and recommend new technologies, including AI-driven solutions.
• Leverage platforms like ServiceNow GRC to enhance tracking and remediation workflows.

• Requires a bachelor's degree in commerce, computer science, management engineering, or data science specialty.
• Relevant certifications (e.g., CISSP, CEH, CompTIA Security+) are highly desirable.

• 3-5 years of experience in the field or a related area.
• Specialized courses or certificates from the Big Data/Data management program.
• Familiarity with frameworks like NIST, OWASP Top 10, and ISO 27001.
• Understanding of network security technologies (e.g., firewalls, VPNs, EDR).
• Strong analytical and problem-solving abilities in dynamic environments.
• Excellent communication skills for engaging technical and non-technical stakeholders.
• Exceptional organizational skills to manage competing priorities and meet deadlines.
• Proficiency with GRC tools (e.g., ServiceNow GRC) and vulnerability management platforms.
• A certificate in Quality/Business Analysis is an asset.
• Lean Six Sigma knowledge and experience is an asset.
• Has hands-on experience with data preparation, statistical analysis, diagnostics, data analysis, and insights generation.
• Experience with PowerBI reporting.
• Experience working with OKTA.
• Ability to demonstrate collaboration, and a sense of analyst community among their peers and help contribute to the culture of the organization.
• Excellent written/ verbal communication.

POSTING DETAILS
Location: 530 - Corporate
Working Conditions: Office Environment

Reports to: Technology Manager Security Risk and Compliance
---

Purolator is an equal opportunity employer committed to diversity and inclusion. We consider all qualified applicants for employment without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, age, disability, Aboriginal/Indigenous status or any other factors considered discriminatory. If you require an accommodation during the recruitment process, we will work with you to meet your needs.

We recognize that our employees and their families are key stakeholders. We will only be successful as a business if we provide our employees with a safe and healthy workplace and we have the right people in the right roles with the support they need to succeed. We hire for attitude and train for skills. To learn more about us and our values, go to www.purolator.com.

At Purolator, every day is an opportunity for our employees to connect with one another and with our customers to help make a positive impact in the communities where we live, work and play.