Senior Defensive Security Advisor at Desjardins identifying and mitigating threats across systems and networks. Leading complex initiatives and collaborating with stakeholders for effective security posture.
About the role
- Lead oversight efforts for Third Party Technology and Security practices across the enterprise
- Establish and maintain a comprehensive oversight framework for third-party relationships and vendor risk management activities
- Partner across teams and key stakeholders to drive security risk and governance initiatives and lead complex projects/programs
- Identify and address complex security risks; recommend best practices and new approaches aligned with business priorities
- Provide independent second-line oversight across the third-party lifecycle: planning, due diligence, contracting, onboarding, monitoring, change management, and exit
- Review and challenge technology/security due diligence activities, vendor risk tiering/criticality, concentration and fourth‑party/chain risk determinations
- Validate KRIs/KPIs and continuous-monitoring approaches; synthesize monthly/quarterly trends and themes
- Lead targeted deep-dive and thematic reviews of high-risk or material vendors; document risk statements, opinions, and recommendations
- Validate issue remediation and risk acceptances; escalate where residual risk exceeds appetite and track closure to completion
- Prepare committee-ready reporting and dashboards; brief senior technology, security, and risk leaders on posture and emerging risks
- Contribute to annual risk and maturity assessments, and policy/standard maintenance for third-party technology and security
- Provide consultative guidance to first-line stakeholders while preserving independence and mentor team members
Requirements
- 5+ years relevant experience and a Bachelor’s degree OR Any equivalent combination of education and experience
- Minimum: 7+ years in technology risk, cybersecurity, or IT audit
- 4+ years directly focused on third‑party/vendor risk
- Degree in a relevant discipline (cybersecurity, business, engineering, risk management, or computer science)
- Advanced knowledge of third-party risk assessment frameworks, including Shared Assessments SIG, ISO 27001/27002, SOC 2 Type II
- Demonstrated experience with vendor technology and security due diligence, criticality segmentation, and exit‑strategy planning
- Experience with continuous attack-surface monitoring tools, vendor security rating platforms, and automated evidence collection for third-party attestation tracking
- Knowledge of supply chain attacks, fourth‑party/chain risk, AI/ML vendor risks, vendor cybersecurity threats and vulnerabilities
- Familiarity with industry control frameworks (NIST Cybersecurity Framework, ISO 27000 series) and global data privacy/security regulations
- Strong analytical, consultative, investigative, adjudicative, and influencing skills
- Exceptional verbal and written communication and analysis skills, including developing high-quality written analysis, strategy, or standards documents
- Unquestionable professional and ethical integrity
- Ability to learn quickly, prioritize work, and manage complex deliverables under deadlines
Benefits
- Annual performance bonus (or other incentive compensation, as applicable)
- Equity
- Medical, dental, and vision benefits
- Health and life insurance
- Employee share options
- Flexible work environment
- Balanced hybrid work model: 3 days in the office, 2 days at your choice of either the PayPal office or your home workspace
- Benefits to support financial, physical, and mental health
Job title
Job type
Experience level
Salary
Degree requirement
Tech skills
Location requirements
Life and health insurance financial security advisor serving clients by providing advice and maintaining business relationships. Focused on sales of insurance products and services based on client needs.
CE
Care New EnglandDirector, Security
Director of Security overseeing all safety and security operations for Women & Infants Hospital. Responsible for deterring crime, protecting premises, and managing transport services.
Responsable Pôle Sécurité Médiation Fraude managing security operations for public transport services in Metz. Ensuring safety and compliance while optimizing fraud prevention strategies.
RB
Cyber Security Engineer at Regions focusing on cloud and infrastructure security. Designs and implements cybersecurity solutions while providing technical support and guidance.
CA
Capital.comIAM Security Engineer
IAM Security Engineer focusing on identity and access management automation in a dynamic digital assets company. Contributing to scaling IAM infrastructure through automated solutions and secure user lifecycle management.
FC
Ford Motor CompanySecurity Systems Data Integration Specialist
Data Analyst joining Ford's team to focus on security technologies and data integration. Responsible for improving data operations across global infrastructure and complex requests.
FC
Ford Motor CompanyMobile App Product Manager, Vehicle Security
Digital Product Manager at Ford creating connected vehicle experiences through integrated hardware and software solutions. Collaborating with teams to enhance customer experience through new digital products.
Cybersecurity Engineer implementing Zero Trust Reference Architecture solutions at Mythics. Deploying and maintaining Forescout platform within secure environments.
WA
WattpadSecurity Governance Manager
Security Governance Manager at WEBTOON responsible for IT and Security governance framework. Collaborating with Legal, Product, and Engineering teams in Los Angeles headquarters.