• Careers
  • Jobs
  • Vendor Risk Analyst - Security Governance, Risk & Compliance
Engineering

Vendor Risk Analyst - Security Governance, Risk & Compliance

Sydney – Full-time

We’re constantly working towards making Canva the best place to work, for everyone. We believe deeply that bringing together diversity of thoughts, perspectives and expression is key for building the best product for our equally diverse community all around the world. We celebrate uniqueness and whatever makes you, you and encourage everyone who wants to help us transform the way the world designs, to join us on this journey. We value all different types of experiences. If you don’t think you quite meet all of the qualifications, we’d still love to hear from you.  

About Us

At Canva, our mission is to democratise design and empower creativity for anyone and everyone, on every platform. Inspired by a team of talented thinkers, an amazing culture and a remarkable growth trajectory – we’re out to change the world, one design at a time. 

Since launch in August 2013, we have grown exponentially, amassing over 60 million monthly active users across 190 different countries who have created more than 6 Billion designs. We are one of the world’s fastest-growing technology companies and we have only achieved about 1% of what we want to do.

About the Vendor Risk Analyst

At Canva, we utilise a substantial catalogue of third-party products and services to support both our product and our operations. As a Vendor Risk Analyst, we will be looking to you to ensure that we work with our vendors in a manner that maintains the security of the information assets of Canva and its customers, while supporting the rapid growth of our operations. Working within Canva’s wider risk & compliance and security ecosystems, the right candidate will have the opportunity to grow their career as a risk professional in one of the most exciting technology companies in Australia.

The successful candidate will have the option of being based out of our Sydney office, or being fully remote within Australia.

About the Security Group

The Security Group is responsible for protecting Canva systems and data from information security threats. Our teams work together, and with other groups, to deliver preventive and detective controls and processes that reduce security risk. The group runs programs across Identity and Access Management, Application Security, Governance, Risk and Compliance, and Threat Detection and Response domains.  

Key Responsibilities

  • Working with staff from all around Canva to evaluate risk relating to new and existing vendors.
  • Liaising with Canva’s vendors to evaluate security postures.
  • Escalating identified risks to various stakeholders.
  • Identifying and implementing measures to improve our vendor risk management processes.
  • Collating data for management reporting

Required Experience

  • Familiarity with operational risk management and information security concepts.
  • Experience liaising with internal and external, technical and non-technical stakeholders.
  • Experience prioritising and progressing multiple simultaneous pieces of work.
  • Strong verbal and written communication skills.
  • A high level of attention to detail.
  • A continuous improvement mindset.

Beneficial experience (not required, but helpful)

  • Experience with Atlassian Jira, Confluence.
  • Familiarity with industry IT risk management and security certifications and standards (ISO 27001, SOC 2, PCI DSS).

Benefits & Total Rewards

  • Competitive salary, plus stock options via our ESOP plan
  • Flexible daily working hours, we value work-life balance
  • Breakfast and lunch prepared by our wonderful Vibe team
  • Onsite-Gym and Yoga Membership
  • End-of-Trip Facilities: Bicycle parking and showers
  • Vibe and Thrive Allowance to support health and wellness
  • Generous parental (including secondary) leave policy
  • Pet-friendly offices
  • Internal Coaching and Employee Support Programs
  • Sponsored social clubs, team events, and celebrations

Sorry, we will not accept CVs from recruitment agencies. Please apply directly to be eligible.

We make hiring decisions based on your experience, skills and passion. If you’re keen to apply and need reasonable adjustments or would like to note which pronouns you use at any point in the application or interview process, please let us know.