Role Description At arrivia, we don’t just facilitate world-class travel; we are redefining the intersection of technology and exploration. As we accelerate our investment in AI and next-gen IT infrastructure, we are looking for a Full Stack AI Engineer - Security to help lead the charge in protecting our global platforms. This role sits at the intersection of machine learning, cybersecurity, and full-stack engineering. You won't just be monitoring dashboards; you’ll be architecting intelligent defenses that keep our members and data safe from evolving digital threats. As a core member of our IT Operations team, you will: - Design, build, and deploy AI-driven systems that detect and neutralize fraud, abuse, and intrusion. - Apply anomaly detection, graph analysis, and NLP to real-world security challenges. What You’ll Do - Design & Architect: Implement AI/ML models to proactively respond to security threats like identity risk, malware, and insider anomalies. - System Reliability: Build and maintain robust pipelines for data ingestion, feature engineering, and model deployment within production systems. - Adversarial Research: Stay current on adversarial ML techniques and adapt our defenses to stay ahead of emerging risks. - Collaborative Impact: Partner with DevSecOps and Platform teams to embed AI protections directly into our core workflows. - Automate Response: Enhance incident response by providing AI-based insights and automated remediation strategies. Qualifications - Solid foundation in Python and frameworks like PyTorch, TensorFlow, or scikit-learn. - Comfortable navigating large-scale data systems (SQL/NoSQL) and MLOps practices. - 3–5 years of experience in cybersecurity, fraud detection, or trust & safety. - Deep understanding of threat modeling and secure model design. - 1–2 years of hands-on experience in AI technologies, specifically building systems that operate under strict latency and reliability constraints. - Ability to effectively balance the trade-offs between rigorous security, system performance, and a positive user experience. - Enjoy staying up-to-date with new AI frameworks (such as ISO/IEC 42001 or OWASP) and exploring the latest in time-series anomaly detection. Why arrivia? We are a powerhouse of travel innovation, combining decades of experience with a focus on agility. At arrivia, we: - Stay Curious - Keep it Real - Win Together We offer a remote-friendly, inclusive environment where your work directly impacts how millions of people experience the world. If you are ready to apply your AI and security expertise to a global mission, we’d love to hear from you. Apply today and help us take charge of change.

Dayforce is a global human capital management (HCM) company headquartered in Toronto, Ontario, and Minneapolis, Minnesota, with operations across North America, Europe, Middle East, Africa (EMEA), and the Asia Pacific Japan (APJ) region. Our award-winning Cloud HCM platform offers a unified solution database and continuous calculation engine, driving efficiency, productivity and compliance for the global workforce. Our brand promise - Makes Work Life Better™ - Reflects our commitment to employees, customers, partners and communities globally. Location: Work is what you do, not where you go. For this role, we are open to remote work and can hire anywhere in the United States. Citizenship Requirement for US Candidates: - Must be a US citizen About the opportunity The Cybersecurity Program Manager is responsible for overseeing the third-party risk management (TPRM) program, ensuring that key stakeholders are effectively executing their risk assessment and mitigation responsibilities. This role involves coordinating with cross-functional teams to establish program standards, monitor compliance with TPRM policies, and provide oversight to ensure that third-party risks are managed in alignment with company policies and regulatory requirements. The ideal candidate has a strong background in program management, third-party risk, and experience working with diverse stakeholder groups in a governance or oversight role. What you'll get to do Program Development & Governance - Lead the design, implementation, and maintenance of the third-party risk management framework, aligning it with industry standards, regulatory requirements, and company policies. - Establish and update policies, procedures, and controls to ensure consistency and effectiveness across all TPRM activities. - Define, implement, and monitor key performance indicators (KPIs) and metrics to evaluate the effectiveness of the TPRM program, using data to drive continuous improvement. Program Oversight & Governance - Oversee the TPRM program framework, ensuring it aligns with company policies, industry standards, and regulatory requirements. - Develop and implement program standards, templates, and tools to support consistent risk assessment and mitigation across departments. - Monitor key performance indicators (KPIs) for the TPRM program, tracking the effectiveness of risk management activities and identifying areas for improvement. Stakeholder Coordination & Support - Act as the primary point of contact for TPRM program stakeholders, including representatives from Legal, Compliance, Procurement, IT Security, and Finance, to ensure effective execution of third-party risk activities. - Facilitate regular meetings and working groups with stakeholders to discuss program updates, address challenges, and ensure alignment on TPRM objectives. - Provide guidance and support to stakeholders on the use of TPRM tools, templates, and best practices to streamline risk management efforts. - Support internal and external audits by maintaining accurate documentation of TPRM activities, findings, and remediation plans. - Identify and assess emerging risks within the third-party ecosystem, adapting TPRM strategies as needed to address changes in the regulatory landscape. Monitoring & Reporting - Develop and maintain TPRM dashboards and reports that provide insights into program performance, including status updates, compliance levels, and risk assessment completion rates. - Create and present regular reports on TPRM program status to senior management, highlighting areas of progress, gaps, and recommendations for improvement. - Monitor stakeholder compliance with TPRM policies and timelines, ensuring timely completion of third-party risk assessments and required follow-ups. Policy Development & Continuous Improvement - Support the creation, maintenance, and periodic review of TPRM policies, ensuring they remain current with industry standards and regulatory expectations. - Identify and implement continuous improvement initiatives to enhance TPRM processes, increase program efficiency, and reduce risk exposure. - Collaborate with internal audit and compliance teams to support audits of the TPRM program and address any identified gaps or findings. Training & Awareness - Develop and deliver training sessions to educate stakeholders on TPRM policies, procedures, and best practices. - Create awareness materials and resources to ensure all relevant departments understand their roles and responsibilities within the TPRM program. - Maintain documentation of training sessions and attendance, ensuring records are up-to-date for audit and compliance purposes. Stakeholder Management & Influencing - Collaborate with key stakeholders across Legal, Compliance, IT Security, Procurement, and Finance to ensure alignment on third-party risk management objectives. - Act as a trusted advisor to stakeholders, providing expertise and insights on TPRM program requirements and best practices. - Influence stakeholders to adopt program improvements and ensure adherence to established risk management processes. Skills and experience we value - Bachelor’s degree in Business, Risk Management, Supply Chain, or a related field - Relevant certifications in risk management or third-party risk (e.g., Certified Third Party Risk Professional (CTPRP), Certified Information Systems Security Professional (CISSP), or Certified Risk Manager (CRM)) are a plus - 5+ years of experience in risk management, compliance, or program management, preferably with experience in third-party risk management - Strong program management skills, with a proven track record of overseeing large-scale programs and driving stakeholder engagement - Familiarity with third-party risk management frameworks, regulatory requirements, and industry best practices - Proficiency in risk management tools and reporting platforms, with strong analytical skills to track and report on program metrics What’s in it for you Dayforce is fueled by the diversity of our talented employees. We are an equal opportunity employer and consider and embrace ALL individuals and what makes them unique. We believe our employees should be happy and healthy, with peace of mind and a sense of fulfillment. We encourage individuals to apply based on their passions. Dayforce encourages personal and professional growth. We offer excellent time away from work programs, comprehensive wellness initiatives and recognition through competitive pay and benefits. With a commitment to community impact, including volunteer days and our charity, Dayforce Cares we provide opportunities for you to thrive both in your career and personal life. Our focus is not just on your job but on supporting you to be the best version of yourself. About the Salary Ranges Please note that the salary range mentioned in this job description should serve simply as a guide. The final compensation offered may vary based on a variety of factors, including bonuses and/or incentives, or a candidate’s experience, skills, budget and location. Our company is committed to providing a fair, equitable, and competitive package that reflects the value an individual brings to the organization. Fraudulent Recruiting Beware of fraudulent recruiting. Legitimate Dayforce contacts will use an @dayforce.com email address. We do not request money, checks, equipment orders, or sensitive personal data during the recruitment process. If you have been asked for any of the above, or believe you have been contacted by someone posing as a Dayforce employee, please refer to our fraudulent recruiting statement found here: https://www.dayforce.com/be-aware-of-recruiting-fraud Dayforce actively monitors all job applications to ensure authenticity. Submissions determined to be fraudulent or misleading will be declined from the recruitment process #LI-Remote

• Manage one or more information systems throughout the full six-step RMF lifecycle, including assessment, authorization, and continuous monitoring activities • Serve as an RMF Subject Matter Expert (SME), advising stakeholders on cybersecurity compliance, risk posture, and ATO readiness • Develop, review, and maintain RMF packages and associated documentation, including Security Plans, POA&Ms, Risk Assessment Reports, and security control policies • Assess system compliance against NIST SP 800-53 controls and DHA RMF requirements as part of self-assessment and annual reviews • Document and maintain evidence supporting control implementation and compliance • Lead and participate in A&A and stakeholder meetings to track system status, resolve issues, and drive RMF progress • Coordinate with engineers and system owners to develop architecture diagrams, system asset inventories, and security policies • Prepare and deliver status reports to DHA leadership on system authorization and compliance efforts

Dayforce is a global human capital management (HCM) company headquartered in Toronto, Ontario, and Minneapolis, Minnesota, with operations across North America, Europe, Middle East, Africa (EMEA), and the Asia Pacific Japan (APJ) region. Our award-winning Cloud HCM platform offers a unified solution database and continuous calculation engine, driving efficiency, productivity and compliance for the global workforce. Our brand promise - Makes Work Life Better™ - Reflects our commitment to employees, customers, partners and communities globally. Location: Work is what you do, not where you go. For this role, we are open to remote work and can hire anywhere in the United States. Citizenship Requirement for US Candidates: - Must be a US citizen About the opportunity The Cybersecurity Program Manager is responsible for overseeing the third-party risk management (TPRM) program, ensuring that key stakeholders are effectively executing their risk assessment and mitigation responsibilities. This role involves coordinating with cross-functional teams to establish program standards, monitor compliance with TPRM policies, and provide oversight to ensure that third-party risks are managed in alignment with company policies and regulatory requirements. The ideal candidate has a strong background in program management, third-party risk, and experience working with diverse stakeholder groups in a governance or oversight role. What you'll get to do Program Development & Governance - Lead the design, implementation, and maintenance of the third-party risk management framework, aligning it with industry standards, regulatory requirements, and company policies. - Establish and update policies, procedures, and controls to ensure consistency and effectiveness across all TPRM activities. - Define, implement, and monitor key performance indicators (KPIs) and metrics to evaluate the effectiveness of the TPRM program, using data to drive continuous improvement. Program Oversight & Governance - Oversee the TPRM program framework, ensuring it aligns with company policies, industry standards, and regulatory requirements. - Develop and implement program standards, templates, and tools to support consistent risk assessment and mitigation across departments. - Monitor key performance indicators (KPIs) for the TPRM program, tracking the effectiveness of risk management activities and identifying areas for improvement. Stakeholder Coordination & Support - Act as the primary point of contact for TPRM program stakeholders, including representatives from Legal, Compliance, Procurement, IT Security, and Finance, to ensure effective execution of third-party risk activities. - Facilitate regular meetings and working groups with stakeholders to discuss program updates, address challenges, and ensure alignment on TPRM objectives. - Provide guidance and support to stakeholders on the use of TPRM tools, templates, and best practices to streamline risk management efforts. - Support internal and external audits by maintaining accurate documentation of TPRM activities, findings, and remediation plans. - Identify and assess emerging risks within the third-party ecosystem, adapting TPRM strategies as needed to address changes in the regulatory landscape. Monitoring & Reporting - Develop and maintain TPRM dashboards and reports that provide insights into program performance, including status updates, compliance levels, and risk assessment completion rates. - Create and present regular reports on TPRM program status to senior management, highlighting areas of progress, gaps, and recommendations for improvement. - Monitor stakeholder compliance with TPRM policies and timelines, ensuring timely completion of third-party risk assessments and required follow-ups. Policy Development & Continuous Improvement - Support the creation, maintenance, and periodic review of TPRM policies, ensuring they remain current with industry standards and regulatory expectations. - Identify and implement continuous improvement initiatives to enhance TPRM processes, increase program efficiency, and reduce risk exposure. - Collaborate with internal audit and compliance teams to support audits of the TPRM program and address any identified gaps or findings. Training & Awareness - Develop and deliver training sessions to educate stakeholders on TPRM policies, procedures, and best practices. - Create awareness materials and resources to ensure all relevant departments understand their roles and responsibilities within the TPRM program. - Maintain documentation of training sessions and attendance, ensuring records are up-to-date for audit and compliance purposes. Stakeholder Management & Influencing - Collaborate with key stakeholders across Legal, Compliance, IT Security, Procurement, and Finance to ensure alignment on third-party risk management objectives. - Act as a trusted advisor to stakeholders, providing expertise and insights on TPRM program requirements and best practices. - Influence stakeholders to adopt program improvements and ensure adherence to established risk management processes. Skills and experience we value - Bachelor’s degree in Business, Risk Management, Supply Chain, or a related field - Relevant certifications in risk management or third-party risk (e.g., Certified Third Party Risk Professional (CTPRP), Certified Information Systems Security Professional (CISSP), or Certified Risk Manager (CRM)) are a plus - 5+ years of experience in risk management, compliance, or program management, preferably with experience in third-party risk management - Strong program management skills, with a proven track record of overseeing large-scale programs and driving stakeholder engagement - Familiarity with third-party risk management frameworks, regulatory requirements, and industry best practices - Proficiency in risk management tools and reporting platforms, with strong analytical skills to track and report on program metrics What’s in it for you Dayforce is fueled by the diversity of our talented employees. We are an equal opportunity employer and consider and embrace ALL individuals and what makes them unique. We believe our employees should be happy and healthy, with peace of mind and a sense of fulfillment. We encourage individuals to apply based on their passions. Dayforce encourages personal and professional growth. We offer excellent time away from work programs, comprehensive wellness initiatives and recognition through competitive pay and benefits. With a commitment to community impact, including volunteer days and our charity, Dayforce Cares we provide opportunities for you to thrive both in your career and personal life. Our focus is not just on your job but on supporting you to be the best version of yourself. About the Salary Ranges Please note that the salary range mentioned in this job description should serve simply as a guide. The final compensation offered may vary based on a variety of factors, including bonuses and/or incentives, or a candidate’s experience, skills, budget and location. Our company is committed to providing a fair, equitable, and competitive package that reflects the value an individual brings to the organization. Fraudulent Recruiting Beware of fraudulent recruiting. Legitimate Dayforce contacts will use an @dayforce.com email address. We do not request money, checks, equipment orders, or sensitive personal data during the recruitment process. If you have been asked for any of the above, or believe you have been contacted by someone posing as a Dayforce employee, please refer to our fraudulent recruiting statement found here: https://www.dayforce.com/be-aware-of-recruiting-fraud Dayforce actively monitors all job applications to ensure authenticity. Submissions determined to be fraudulent or misleading will be declined from the recruitment process #LI-Remote