Cybersecurity Administrator

Title: Cybersecurity Administrator

Location: Remote - Canada or USA

Reports to: Cybersecurity Governance Manager

Vacancy: New

The Role:

The Cybersecurity Administrator serves as the primary deputy to the Cybersecurity Governance Manager, providing essential operational support across the organization's security governance and compliance activities. This is an excellent entry-level opportunity for a motivated individual looking to build a broad foundation in enterprise information security, compliance, and risk management.

The successful candidate will assist in executing and coordinating day-to-day security program activities, with direct ownership of key workstreams including vendor risk management, audit coordination, security questionnaire responses, and vulnerability tracking.

The Impact You Will Have in This Role:

This role offers broad exposure across the full spectrum of enterprise information security operations. You will work directly with the Cybersecurity Governance Manager and gain hands-on experience in:

• Enterprise security governance.

• Global compliance frameworks (SOC 2, TISAX, ISO 27001).

• Risk management methodology and practical application.

• Cross-functional stakeholder collaboration across Engineering, Legal, Finance, and Operations.

• Audit management and external auditor relations.

• Career development toward roles such as Security Analyst, GRC Analyst, Security Compliance and Risk Manager.

What You'll Be Doing in This Role:

• Manage inbound security questionnaires/RFIs and coordinate inputs across IT, Legal, Engineering, and other stakeholders.

• Maintain and continuously improve a centralized library of standardized, policy-aligned security responses.

• Track questionnaire/RFI status, deadlines, and follow-ups to ensure accurate, on-time delivery.

• Support the end-to-end third-party vendor risk lifecycle, including onboarding, periodic reviews, and offboarding.

• Conduct vendor security risk assessments using established frameworks and questionnaires (e.g., SIG, CAIQ, custom templates).

• Maintain the vendor risk register, including risk ratings, evidence requests, remediation actions, and review schedules; escalate high-risk findings.

• Coordinate audit readiness activities (e.g., SOC 2 Type II, TISAX, internal audits), including continuous evidence collection and audit calendars.

• Serve as a point of contact during audit fieldwork by scheduling walkthroughs, gathering artifacts, and tracking auditor requests.

• Track audit findings and management responses and follow remediation commitments through closure; help update control narratives, policies, and procedures.

• Monitor and track vulnerabilities (scans, penetration tests, threat intel), maintain the vulnerability register, drive follow-ups, and produce status reporting.

Qualifications of this Role:

• Bachelor's degree in Information Security, Computer Science, Information Systems, or a related field - or equivalent practical experience.

• 1-2 years of experience in information security, IT compliance, risk management, or a related discipline.

• Familiarity with common compliance frameworks and standards such as SOC 2, ISO 27001, TISAX, NIST, or similar

• Strong organizational skills with the ability to manage multiple workstreams, deadlines, and stakeholders simultaneously.

• Excellent written and verbal communication skills - able to translate technical concepts for non-technical audiences.

• Detail-oriented with a structured, process-driven approach to work.

• Proficiency in standard productivity tools (Microsoft 365, Google Workspace) and experience with spreadsheets and tracking tools

• Entry-level security certification or active pursuit thereof: CompTIA Security+, CC (ISC), or equivalent.

• Understanding of cloud security concepts (AWS, Azure, or GCP environments).

• Understanding / Experience supporting external audits or regulatory examinations.

The Hiring Manager says:

Corporate Information Security is a critical team responsible for protecting the organization and establishing security policies and processes. I'm looking for a candidate who is proactive and self-directed, taking ownership of tasks and following through without constant prompting. They are collaborative, working effectively across teams and building positive relationships with internal and external stakeholders. They are intellectually curious and eager to learn security concepts, emerging threats, and evolving regulatory requirements. They are analytical, able to assess vendor risk findings, vulnerability data, and audit evidence with reasonable judgment. They are discreet and trustworthy, handling sensitive security and business information with appropriate confidentiality, and adaptable, comfortable managing competing priorities in a dynamic, fast-paced environment.

This position has a starting salary range of$55K - $65K CAD/USD per year. This is the range we reasonably and in good faith expect to pay for the role at the time of posting. An employee's pay within the range is determined by a number of factors, including relevant skills, education, qualifications, experience, performance, business or organizational needs, and geographic location.

Our Values
We POWER Our Customer's Success

We are Innovative, Collaborative and Grounded and in Data

We Make Things Easy

We Get It Done

We Start with Trust & Prove it Everyday

JD Power is committed to employing a diverse workforce. Qualified applicants will receive consideration without regard to race, color, religion, sex, national origin, age, sexual orientation, gender identity, gender expression, veteran status, or disability.

Should you require accommodationsduring the recruitment and selection process, please reach out to tarecruitment@jdpa.com.

JD Power does not disclose your personal data to unauthorized third parties. However, as a global corporation consisting of multiple affiliated companies in various countries, JD Power has international sites and JD Power uses resources located throughout the world. JD Power may from time to time also use third parties to act on JD Power's behalf. You agree to the fact that to the extent necessary your personal data may be transferred and/or disclosed to any company within JD Power group of companies as well as to third parties acting on JD Power's behalf, including also transfers to servers and databases outside the country where you provided JD Power with your personal data. Such transfers may include for example transfers and/or disclosures outside the European Economic Area and in the United States of America. If you are a California or United Kingdom resident, additional disclosures about the information we collect and how we use that information can be found by clicking here.

To all recruitment agencies: JD Power does not accept unsolicited agency resumes and we are not responsible for any fees related to unsolicited resumes.