Security Analysis

1 month ago

Canada Shopify Full time
About the role

We're hiring for multiple roles across a range of teams in Security Analysis within Shopify's Trust organization. If any of the qualifications listed align with your skills and experience, we highly encourage you to apply

Within these teams you will collaborate with Engineers, Technical Program Managers, and cross-functional teams to help protect our merchants and our company while supporting Shopify's rapid pace of development. You will be an essential member of our group of security professionals and a key player in operating and refining security controls that support Shopify's programs, platforms, and products.

You'll be leveraging your expertise in technology and security, along with your knowledge of Shopify's products, applications and infrastructure, to understand and manage risk. You will be developing, performing, and improving technical controls that are foundational components of Shopify's security programs.

The roles that we're currently hiring are Technical Security Analysts among three teams: Identity and Access Management, Third Party Security, and Restricted Environment Assurance. To learn more about these teams and the kind of work that we do here, please continue reading.

Team descriptions and what you'll do:

Identity Access Management

This team ensures that employees are equipped with the right technology they need to securely do this work.

  • Analyze the impact of our current and future security controls within the identity and access management space
  • Automate and improve security workflows and tasks across the scope of our security programs
  • Provide operational security guidance to ensure programs are running effectively, efficiently and without gaps
  • Collaborate with cross functional teams and gather evidence for assessments, implementations, and use of new tools and workflows
  • Monitor Shopify's current technology stack and make recommendations to reduce security risk
  • Lead and contribute to projects that build out and harden security at Shopify
  • Utilize data and key metrics to understand Shopify's security program
  • Develop and share security best practices

Third Party Security

This team maintains the integrity and confidentiality of Shopify's systems and data by closely monitoring and assessing the security of our third party software, tools, and external user access to internal systems.

  • Building and operating the third party risk management program within the Trust organization.
  • Increasing automation and reducing toil in existing controls, and finding new ways to protect Shopify against emerging risks.
  • Assessing third parties such as tooling and external workers.
  • Working with cross-functional teams, including senior leadership, to evaluate and instantiate the third parties, and build controls that balance security with speed.
  • Regularly interact with individuals outside Shopify, such as tooling vendors and agency hires.

Restricted Environment Assurance

This team is responsible for maintaining SOX and PCI compliance for Shopify. It ensures the integrity and security of Shopify's systems and data by closely monitoring and assessing the in-scope systems, thereby maintaining compliance with Shopify's regulatory requirements.

  • Actively contributing to the management and execution of cyclical controls within the operational framework.
  • Collecting evidence and samples to support audit activities and ensure compliance with relevant standards.
  • Providing assistance for inquiries in the help channel, and escalating complex questions to appropriate team members when necessary.
  • Evaluating the PCI compliance status of partners to ensure they meet required security standards.
  • Supporting the development and implementation of new projects and initiatives, ensuring alignment with strategic goals.

Qualifications for the roles:

Identity Access Management

  • An understanding of information security fundamentals, privacy and compliance standards
  • Working with large corporate identity providers at scale
  • Effective communication skills, an ability to translate technology and leveraging data in storytelling
  • Writing SQL queries and building data dashboards
  • Ability to create and maintain trusted relationships across the organization
  • Recommending and writing access policies
  • Monitoring controls and security safeguards for frameworks
  • Passion for documenting strategy and approach
  • Demonstrated impact in performing assessments
  • Bonus experience
    • Experience with Google, Okta, Jamf, Slack, Freshworks, macOS, GitHub
    • Experience in technical program management
    • Ability to read and understand code
    • Basic knowledge of python or ruby

Third Party Security

  • An understanding of information security fundamentals, privacy and compliance standards.
  • An understanding of cloud technologies, containerized environments and infrastructure as code.
  • Experience building or maintaining controls and security safeguards for frameworks.
  • Ability to create and maintain trusted relationships.
  • Excellent communication skills, including technical breakdowns.
  • Demonstrated impact in performing assessments.
  • Bonus experience
    • Experience with Google, Okta, Jamf, Slack, Freshworks, macOS, GitHub
    • Familiarity with security and risk management frameworks (e.g. NIST, CVSS)
    • Experience in technical program management
    • Experience using automation to simplify security and IT practices.
    • Experience working with compliance teams or auditors and familiarity with compliance programs such as SOC, PCI, or SOX.

Restricted Environment Assurance

  • An understanding of information security fundamentals, privacy and compliance standards.
  • An understanding of cloud technologies, containerized environments and infrastructure as code.
  • Experience building or maintaining controls and security safeguards for frameworks.
  • Ability to create and maintain trusted relationships.
  • Excellent communication skills, including technical breakdowns.
  • Demonstrated impact in performing assessments.
  • Bonus experience
    • Experience working with compliance teams or auditors and familiarity with compliance programs such as SOC, PCI, or SOX.
    • Experience with Google, Okta, Jamf, Slack, Freshworks, macOS, GitHub and cloud infrastructure.
    • Experience using automation to simplify security and IT practices.

We know that applying for a new role takes a lot of work and we truly value your time. This posting will close on May 31st, 2024 at 11:00 PM EDT. We look forward to reviewing your application

  • Senior Security Data Scientist

    2 weeks ago

    Canada LZ Security & Service GmbH Full time

    Elastic is seeking a Senior Security Data Scientist to join their AI-driven Security Solutions team focusing on developing ML models to secure users against emerging threats. The role involves contributing to ML solutions, performing data analysis, and collaborating with various team members to maintain and improve ML models. Essential skills include...

  • Information Security Associate

    3 weeks ago

    Canada Wawanesa Insurance Full time

    **Date**:Apr 18, 2024 **Location**: Hybrid - Canada, CA **Company**:Wawanesa Insurance **Job ID**: 7974 **Working Business Language**: This role is considered a head-office role and will be required to communicate with internal stakeholders across Canada where the primary business language utilized is English_._ **Salary**: At Wawanesa, salary is only...

  • Engineer, Analysis/Systems Engineering

    2 weeks ago

    Canada Macdonald, Dettwiler And Associates Corporation Full time

    Serving the global from our Canadian headquarters and international offices, MDA is a key player in space missions and cutting-edge technology, leading in satellite systems and geo-intelligence innovations with a rich history of accomplishments over the past five decades.Are you ready to take your career to new heights in the ever-evolving space sector?...

  • Sr. IT Security Analyst

    1 month ago

    Canada Tundra Full time

    Senior IT Security Analyst – Security Governance and Risk Working within our Cybersecurity team, you will analyze security frameworks, assess risks, and implement measures to maintain regulatory compliance and mitigate potential threats of application and operations technology systems. As Senior Security Analyst you will: • Join a diverse team of...

  • Sr. IT Security Analyst

    1 month ago

    Canada Tundra Full time

    Senior IT Security Analyst – Security Governance and Risk Working within our Cybersecurity team, you will analyze security frameworks, assess risks, and implement measures to maintain regulatory compliance and mitigate potential threats of application and operations technology systems. As Senior Security Analyst you will: • Join a diverse team of...

  • Sr. IT Security Analyst

    1 month ago

    Canada Tundra Full time

    Senior IT Security Analyst – Security Governance and Risk Working within our Cybersecurity team, you will analyze security frameworks, assess risks, and implement measures to maintain regulatory compliance and mitigate potential threats of application and operations technology systems. As Senior Security Analyst you will: • Join a diverse team of...

  • Senior Security Analyst

    2 weeks ago

    Canada Cyderes Full time

    Cyderes (Cyber Defense and Response) is a pure-play, full life-cycle cybersecurity services provider with award-winning managed security services, identity and access management, and professional services designed to manage the cybersecurity risks of enterprise clients. We specialize in multi-technology, complex environments with the in speed and agility...

  • Sr. IT Security Analyst

    2 weeks ago

    Canada Tundra Full time

    Senior IT Security Analyst – Security Governance and Risk Working within our Cybersecurity team, you will analyze security frameworks, assess risks, and implement measures to maintain regulatory compliance and mitigate potential threats of application and operations technology systems.As Senior Security Analyst you will: Join a diverse team of experienced...

  • Security Technician

    2 months ago

    Canada Fresche Solutions Full time

    As a Security Technician under the Senior Director of IT Solutions, you'll support cybersecurity efforts and monitor security tools safeguarding our assets and users. Your role involves risk management, incident response, and maintaining security systems. You'll analyze threats, assist in patching, and provide technical support to...

  • Security Analyst II

    2 weeks ago

    Canada Cyderes Full time

    Cyderes (Cyber Defense and Response) is a pure-play, full life-cycle cybersecurity services provider with award-winning managed security services, identity and access management, and professional services designed to manage the cybersecurity risks of enterprise clients. We specialize in multi-technology, complex environments with the in speed and agility...

  • Business Analysis Job In CANADA

    2 weeks ago

    Canada timesjobs Full time

    Urgently hiring for Business Analysis Job In CANADASalary 35 to 95 Lacs pa (negotiable)Benefits- Meal, Medical, Accommodation, transportation by EmployerPartner with stakeholders across business units (ex: sales, finance, security, compliance) to develop analyses and documentation in a collaborative way, communicating effectively and efficiently with...

  • Business Analysis Job In CANADA

    1 month ago

    Canada timesjobs Full time

    Urgently hiring for Business Analysis Job In CANADASalary 35 to 95 Lacs pa (negotiable)Benefits- Meal, Medical, Accommodation, transportation by EmployerPartner with stakeholders across business units (ex: sales, finance, security, compliance) to develop analyses and documentation in a collaborative way, communicating effectively and efficiently with...

  • Business Analysis Job In CANADA

    1 month ago

    Canada timesjobs Full time

    Urgently hiring for Business Analysis Job In CANADASalary 35 to 95 Lacs pa (negotiable)Benefits- Meal, Medical, Accommodation, transportation by Employer Partner with stakeholders across business units (ex: sales, finance, security, compliance) to develop analyses and documentation in a collaborative way, communicating effectively and efficiently with...

  • Security Engineer

    2 weeks ago

    Canada CaseWare Full time

    About the Job: Caseware is the leading global software provider for CPAs, auditors, risk, and governance professionals, and has been a key player in the audit and accounting software industry for over 30 years. They are looking for an experienced Security Engineer to join their team and enhance their cybersecurity posture through automation strategies. If...

  • Security Consultant with Security Clearance

    2 weeks ago

    Canada General Dynamics Mission Systems, Inc. Full time

    At General Dynamics Mission Systems–Canada, our focus extends beyond engineering technology solutions—we are dedicated to cultivating careers. Our mission is to establish a workplace that thrives on diversity, where your beliefs, cultural background, experiences, and ideas are valued and contribute to our collective strength. Join a community where your...

  • Director, Finance, Planning and Analysis

    2 weeks ago

    Canada S&P Global, Inc. Full time

    13 The Role: Director, Global Infrastructure/Project Finance North America - S&P Global Ratings The team is dedicated to project financings, focusing on a wide range of infrastructure assets including toll roads, managed lanes, airports, social accommodation and contracted single-asset power. You will work closely with a number of highly experienced...

  • Information Security Analyst

    4 weeks ago

    Canada StackAdapt Full time

    StackAdapt is a self-serve advertising platform that specializes in multi-channel solutions including native, display, video, connected TV, audio, in-game, and digital out-of-home ads. We empower hundreds of digitally-focused companies to deliver outcomes and exceptional campaign performance everyday. StackAdapt was founded with a vision to be more than an...

  • SAP Security/grc

    3 weeks ago

    Canada Atlantis IT group Full time

    **JOB: SAP Security/GRC Consultant** **Location: Montreal, QC - Remote** Have worked on SAP S/4 HANA GRC for Implementation / Support Requirement Gathering Should have a good command over Roles and Authorization Management, Design and creation of Roles for an implementation Project. Experienced in Portal Security Management and other NetWeaver component...

  • Senior Software Engineer

    7 hours ago

    , , Canada Abnormal Security Corporation Full time

    At Abnormal Security, we are on a thrilling mission to safeguard the world's largest enterprises against a vast range of relentless email and collaboration application cyber security attacks. Our relentless pursuit involves crafting an exceptional suite of products that empowers customers to seamlessly visualize, expertly control, and fearlessly combat...

  • Security Operations Specialist

    1 month ago

    Canada Optable Technologies Inc. Full time

    **Location**: Montreal **Type**: Full-Time Optable - A World-Leading Privacy-Safe Advertising Technology Company **Key Responsibilities**: - Security Monitoring and Incident Response: - Monitor computer networks for security issues. - Investigate security breaches and other cybersecurity incidents. - Document security breaches and assess the damage they...