Job Description

Dayforce is a global human capital management (HCM) company headquartered in Toronto, Ontario, and Minneapolis, Minnesota, with operations across North America, Europe, Middle East, Africa (EMEA), and the Asia Pacific Japan (APJ) region. 

Our award-winning Cloud HCM platform offers a unified solution database and continuous calculation engine, driving efficiency, productivity and compliance for the global workforce.

Our brand promise - Makes Work Life Better™- Reflects our commitment to employees, customers, partners and communities globally.

Position Description

Focus on identifying and addressing quantifiable technical cybersecurity risk across the product & technology ecosystem.
Responsible for the design and implementation of a comprehensive risk elimination plan for global technology systems.
Establish a well-defined inventory of product and technology risks; as well as developing key performance indicators that demonstrate progress.
Lead an enterprise-wide program that aims to aggressively update legacy ecosystems.
Develop, implement, and oversee a comprehensive risk improvement program for Dayforce product and technology.
Apply advanced knowledge of the entire product and application ecosystems including Software Development Lifecycle (SDLC), programming languages such as JAVA, Python; data management tools and processes including Service Now, Database technologies including SQL, Oracle and DB2; underpinning server and network infrastructure including cloud exposure on AWS and Azure; and associated cybersecurity defenses including firewalls, IPS, WAF, SIEM, CASB .
Lead a globally dispersed team of 5-10 professionals.  
Manage Penetration testing, vulnerability identification program, and third-party risk analysis process.
Manage cross functional relationships across the enterprise (e.g., Product team executives, Legal, HR).
Lead remediation programs for Government customers (e.g., ConMon). Address critical processes to ensure new risks are not introduced as the program evolves.
Ensure the infrastructure build process continually meet CIS standards. Reduce product and technology risk in a quantifiable way.
Establish quarterly reporting metrics and maintain constant reporting cycles with executive leadership.
Act as the subject matter expert for the program and spokesperson on new developments or significant advancements.
Develop, implement, and lead cross-functional initiatives to address the product and technology risk in an expedited fashion.
Lead the organization through discovery and change in real-time on regular house cleaning conference bridges.
Establish a program to create and maintain the enterprise’s product and technology architecture designs.
This includes current state and future state architectures that will be used as the baselines for mitigating risk.
Perform independent audit and/or cybersecurity assessments to balance the risk of change with the risk of no change; and make judgement calls to direct teams to move forward with aggressive change when required.
Prioritize the need for stronger cybersecurity over system stability at times (e.g., resolving issues at the risk of outages). Implement product and technology solutions that underpin the requirements outlined in these programs. Work to support organizational compliance with applicable policies and standards including NIST CSF, NIST 800-53, FAIR Model, ISO, CIS, OWASP. Position permits telecommuting from anywhere in the U.S. 

Requirements:

Bachelor’s degree in Information Technology, Computer Science or related technical field of study and 7 years of experience in cybersecurity or related or Master's in Information Technology, Computer Science or related technical field of study with 5 years of industry experience in cybersecurity or related.
Must possess 7 years with a Bachelor’s degree and 5 years with a Master’s degree with each of the following:
performing cybersecurity audits and/or assessments
security technologies including firewalls, IPS, WAF, SEIM, CASB
Operating systems including Microsoft, Unix/Linux and Mac OS
Database technologies including SQL, Oracle and DB2
Security vulnerability management tools
Cloud knowledge and experience including Azure, AWS environments
DevSecOps pipelines – Jenkins, GIT
Software Development Lifecycle
Governance, Risk and Compliance (GRC) concepts, processes and tools including ServiceNow, MetricStream
Programming experience – JAVA, Python
Experience with Data analytics tools and concepts – PowerBI
Must possess 3 years of experience with a Bachelor’s degree or 2 years with a Master’s degree with the following:
leading large global teams
managing relationships with business partners (e.g., HR, Legal) and executives (e.g., CISO, CTO)