Senior Information Security Analyst

Doing business to business, person to person. Payworks is a leading workforce management solutions provider and multi-year winner of the Canada’s Best Managed Companies program. We are proudly Canadian as well as committed to developing world-class products and providing a progressive workplace culture where Doing Right by People is our purpose.

Reporting to the Senior Manager, Information Security, the Senior Information Security Analyst will be responsible for using an analytical thought process and sound judgment in executing daily analyst activities. Leveraging industry leading security technologies, this role is the first line of defense against information security threats. You will be responsible for identifying and immediately responding to such risks with a strong attention to detail and technical/investigative mindset.

This will include the monitoring of Payworks IT infrastructure and associated alerts as well as responding to tickets and other requests from outside the Corporate Security Team.

• Comprehensive employer paid benefits, including a Health Spending Account, for you and your family and excellent pension plan with employer contributions.
• Plenty of professional development opportunities.
• Community-minded culture – Receive two paid days per year to volunteer and lots of opportunity to “Pay it Forward”.
• Time and flexibility to meet your needs – Hybrid work model with flexible work options, plus 3 weeks vacation to start, flex time and parental leave benefits.
• Cool perks – Annual Lifestyle Spending Account, fun office environment and events, and more!

• Monitor & respond — Provide second-level support to the Security Operations Centre (SOC) team. Respond to security-related incident tickets, events, and identified vulnerabilities in a timely manner to reduce organizational impact.
• Assess & mitigate risk — Identify and assess security risks to the organization and develop strategies to mitigate them. Stay current on emerging security trends, global events, AI and ML security developments, and apply this knowledge to enhance Payworks’ security measures.
• Architect & control access — Ensure Payworks projects, assets, and infrastructure align with established security architectures and standards. Manage user access and permissions including role-based access control (RBAC), and regularly audit user accounts.
• Lead incident response — Develop and maintain incident response plans and coordinate investigations to mitigate security breaches. Oversee and participate in regular tabletop exercises with both the security department and other business departments.
• Deploy & manage security tools — Evaluate, deploy, and manage security technologies including firewalls, IDS/IPS, anti-malware, email security, web application firewalls, identity management, and EDR/XDR solutions.
• Audit & report — Conduct security audits to ensure compliance with SOC1, SOC2, ISO 27001, and NIST. Develop and update security policies and procedures. Prepare and present regular reports on the organization’s security posture, incidents, and trends to management and stakeholders.
• Build security culture — Conduct and manage security awareness training for employees across the organization. Perform third-party risk assessments including managing and maintaining related tools and technology.

• University or College degree in IT Security or a related field.
• 5+ years of experience in security operations roles, including security event triage, incident response, forensic analysis, and vulnerability management.
• Strong understanding of network communications, common protocols and services, and security implementation best practices.
• Solid grasp of security-by-design principles, security engineering and architecture.
• Excels at communicating complex security topics effectively to different audiences, including non-technical stakeholders.
• Strong analytical, organizational, and documentation skills.
• A team player who shares experience and technical knowledge with peers and across the organization.