Company Description

IFS is a billion-dollar revenue company with 7000+ employees on all continents. Our leading AI technology is the backbone of our award-winning enterprise software solutions, enabling our customers to be their best when it really matters–at the Moment of Service™. Our commitment to internal AI adoption has allowed us to stay at the forefront of technological advancements, ensuring our colleagues can unlock their creativity and productivity, and our solutions are always cutting-edge.

At IFS, we’re flexible, we’re innovative, and we’re focused not only on how we can engage with our customers but on how we can make a real change and have a worldwide impact. We help solve some of society’s greatest challenges, fostering a better future through our agility, collaboration, and trust.

We celebrate diversity and understand our responsibility to reflect the diverse world we work in. We are committed to promoting an inclusive workforce that fully represents the many different cultures, backgrounds, and viewpoints of our customers, our partners, and our communities. As a truly international company serving people from around the globe, we realize that our success is tantamount to the respect we have for those different points of view.

By joining our team, you will have the opportunity to be part of a global, diverse environment; you will be joining a winning team with a commitment to sustainability; and a company where we get things done so that you can make a positive impact on the world.

We’re looking for innovative and original thinkers to work in an environment where you can #MakeYourMoment so that we can help others make theirs. With the power of our AI-driven solutions, we empower our team to change the status quo and make a real difference.

If you want to change the status quo, we’ll help you make your moment. Join Team Purple. Join IFS.

Job Description

Position Summary

The Senior Security Analyst – Information Security Governance plays a critical role in advancing and operating IFS’s Information Security Governance program. This role serves as a senior individual contributor and subject matter expert responsible for security frameworks, audits, trust programs, third‑party risk, cybersecurity risk management, and governance platforms.

This position partners closely with GRC, Security, R&D, Engineering, IT, Legal, Procurement, and Sales to ensure that security controls are defensible, auditable, scalable, and aligned with business objectives. The role is central to external assurance, customer trust, executive reporting, and enterprise risk transparency.

Key Responsibilities

Business Enablement & Trust Support

• Represent Information Security during RFPs, RFIs, customer security questionnaires, and due diligence activities.
• Provide ongoing Information Security support during customer audits, assessments, and evaluations.
• Maintain and continuously improve customer-facing trust artefacts, including Trust Centers, security documentation, and compliance attestations.

Compliance & Audit Management

• Act as a key Information Security stakeholder for SOC 2 and ISO/IEC 27001 assessments and ongoing renewals.
• Own the security evidence lifecycle, including documentation, testing artefacts, remediation tracking, and auditor engagement.
• Coordinate with internal stakeholders to ensure timely closure of audit findings and corrective actions.

Information Security Management System (ISMS)

• Lead Information Security governance activities related to policies, standards, control frameworks, and procedures.
• Produce, maintain, and evolve ISMS documentation to ensure alignment with regulatory, contractual, and business requirements.
• Support continuous improvement of the security governance program.

Trust, Risk, and Compliance Programs & Platforms

• Design, implement, integrate, and operate Trust Management, Compliance Automation, and Third‑Party Cyber Risk Management platforms.
• Maintain control mappings across regulatory frameworks, customer requirements, and internal security standards.
• Integrate governance platforms with enterprise systems (identity, cloud, endpoint, ticketing, GRC tools).
• Ensure platform data quality, scoring rationale, and audit defensibility for executives, customers, and regulators.

Third‑Party Risk Management (TPRM)

• Lead third‑party security posture assessments, including vendor onboarding, tiering, reassessments, and continuous monitoring.
• Partner with Procurement, Legal, and business owners to ensure vendor risks are understood, documented, and managed throughout the lifecycle.
• Support vendor remediation tracking and risk acceptance processes.

Cybersecurity Risk Management

• Lead the design and operation of the Cybersecurity Risk Management program, including:
  • Risk identification and analysis
  • Program and posture assessments
  • Exception handling and risk acceptance
  • Maintenance of the cybersecurity risk register
• Produce clear, executive-ready risk reporting and recommendations aligned to enterprise risk tolerance.

Metrics, Reporting & Executive Visibility

• Define, track, and report Information Security KPIs and KRIs.
• Support organizational reporting on security posture, trends, and program maturity.
• Provide clear, business-aligned insights suitable for senior leadership and board-level audiences.

Qualifications

Required Experience

• 5+ years of experience in Information Security Governance, GRC, Risk Management, Audit, or Compliance.
• Strong working knowledge of SOC 2, ISO/IEC 27001, and security control frameworks (e.g., NIST CSF, CIS Controls).
• Hands-on experience supporting third-party risk management and vendor security assessments.
• Experience operating or administering GRC, compliance automation, or trust platforms.
• Proven ability to communicate security and risk concepts clearly to technical and non-technical stakeholders.

Preferred Experience

• Experience with data protection, DLP, or AI security governance.
• Familiarity with cloud platforms such as Microsoft Azure and Amazon AWS from a governance, control, or risk perspective.
• Experience supporting customer-facing security engagements in SaaS or enterprise software environments.

Education & Certifications

• Bachelor’s degree in cybersecurity, information assurance, computer science, or related field (or equivalent experience).
• Certifications such as CISSP, CISM, CISA, CRISC, or equivalent are highly valued.
• Cloud or provider certifications (Azure, AWS) are considered an asset.

Additional Information

What We’re Offering

• Salary Range: $90,000 CAD - $110,000 CAD
• Variable Company Bonus Plan
• Permanent, Full-time
• Flexible paid time off, including sick and holiday
• Medical, dental, & vision insurance
• RRSP Company contribution
• Life insurance and disability benefits
• Tuition assistance
• Community involvement and volunteering events

We embrace flexibility and hybrid work opportunities to support diverse needs and lifestyles, while also valuing inclusive workplace experiences. By fostering a sense of community, we drive innovation, strengthen connections, and nurture belonging. Our commitment ensures you can work in a way that suits you best, while also engaging with colleagues to share ideas and build meaningful relationships.