Senior Cybersecurity Advisor providing support to threat and vulnerability analysts at Exposant 3 in a hybrid work model. Collaborating on incident responses and vulnerability management in a dynamic team.
About the role
- Systems and Data Security Manager at Mod Op overseeing IT security operations and compliance. Managing SOC 2 Type II compliance and cloud security across systems and environments.
Responsibilities
- Manage day-to-day operation of an established SOC 2 Type II control environment
- Own continuous evidence collection, documentation, and audit readiness
- Coordinate third-party assessments, including penetration testing, and track remediation through completion
- Maintain security policies, procedures, and control documentation as systems change
- Work directly with auditors, Development, and the compliance-focused IT team to support audits and close findings
- Create, assign, audit, and revoke IAM roles and service accounts across cloud platforms, ensuring least-privilege access.
- Conduct vendor risk assessments, including security reviews and documentation tracking
- Oversee infrastructure vulnerability scanning and enforce patch management SLAs across cloud and hosted environments
- Lead and document quarterly access reviews across systems and cloud platforms
- Implement and manage compliance automation platforms such as Vanta, Drata, or Secureframe
- Automate evidence collection, access reviews, and compliance reporting processes
- Build and maintain compliance dashboards to provide leadership visibility into control health and audit readiness
- Measure and report efficiency gains achieved through compliance and security automation
- Operate and maintain security controls for Microsoft Entra ID, AWS and Google Cloud Platform environments
- Manage identity, access, and privilege controls across cloud and enterprise systems, including GCP IAM roles, policies and service accounts
- Ensure secure configuration, hardening, and access reviews are performed regularly
- Manage Entra ID, AWS and GCP security logging, monitoring, and alerting
- Investigate and respond to security alerts and incidents
- Perform root cause analysis and implement corrective actions
- Investigate and remediate access-related incidents, including misconfigured roles or unauthorized permissions.
- Leverage AI-powered security tools for threat detection, anomaly identification, and alert triage
- Implement and maintain security controls within development and automated build and deployment processes
- Partner with Development on vulnerability management, code scanning, and application security
- Apply security controls and governance for AI systems, including data access, model usage, and risk management
- Monitor application usage and spend across agency-hosted environments for internal and client-facing applications
- Define acceptable usage thresholds and budget bands for applications and environments
- Implement alerts, automation, and reporting for usage or cost variances
- Investigate, resolve, and document usage and budget variances
- Own application budgets related to hosted environments and route issues or overages to appropriate stakeholders
- Support onboarding of new agencies and clients by evaluating applications, technologies, and usage requirements
- Assess security, compliance, and SOC 2 Type II impact to existing environments
- Estimate infrastructure usage and cost impact and align onboarding to established usage and budget bands
- Support client data ingestion, migration, and validation, ensuring security and data integrity
- Manage client offboarding activities, including sunsetting services and archiving or securely deleting data
- Partner with Development and the compliance-focused IT team to ensure onboarding and offboarding meet security, compliance, and operational standards
- Support account manager’s escalations related to security, access, or consent requirements.
- Serve as a hands-on security manager and subject matter expert
- Collaborate closely with Development and the compliance-focused IT team on security and audit activities
- Provide clear documentation and practical guidance to internal stakeholders
- Serve as the primary point of contact for access requests and permission-related troubleshooting.
Requirements
- 6 to 10 years of experience in information security, systems security, or cloud security
- 2 or more years in a manager-level or senior individual contributor security role
- Demonstrated experience operating SOC 2 Type II programs
- Strong hands-on expertise in Microsoft Entra ID, AWS & GCP security
- Experience with cloud security monitoring and incident response
- Practical experience with development security and secure software lifecycle practices
- Experience securing AI systems, data, or machine-learning-enabled applications
- Experience with GRC and compliance automation platforms (Vanta, Drata, Secureframe or similar)
- Scripting or infrastructure-as-code skills such as Python, PowerShell, or Terraform
- Demonstrated track record of reducing manual compliance workload through automation
- Familiarity with AI-powered security and threat detection tools
- Certifications
- Microsoft security certifications required or strongly preferred, including:
- Microsoft Certified: Security, Compliance, and Identity Fundamentals
- Microsoft Certified: Identity and Access Administrator Associate
- Microsoft Certified: Security Operations Analyst Associate
- Preferred Skills
- Experience coordinating and managing penetration tests and remediation efforts
- Familiarity with identity-based security models that emphasize least-privilege access and continuous verification
- Experience monitoring and investigating security events across cloud platforms and enterprise systems
- Hands-on use of built-in security and logging tools provided by cloud platforms such as AWS, GCP and Microsoft
- Strong documentation skills supporting audits, investigations, and operational security processes
Benefits
- Flexible, hybrid work arrangements.
- Annual company shutdown during the holiday season.
- Frequent studio-wide social events.
- Budget and time allotted for professional development.
- Commitment to wellbeing and work life balance.
- Competitive health and dental benefits package.
- Group RRSP Matching program
Job title
Job type
Experience level
Salary
Not specified
Degree requirement
No Education Requirement
Tech skills
Location requirements
Report this job
Found something wrong with the page? Please let us know by submitting a report below.
Financial Security Advisor at RBC Insurance connecting clients with comprehensive insurance solutions. Building client relationships and leveraging RBC’s brand to grow the market.
Senior IAM Systems Support Analyst responsible for deploying and improving IAM services at RBC. Supporting MFA systems and ensuring platform reliability while collaborating with various teams.
Senior Manager overseeing IAM initiatives and strategic roadmap execution at RBC. Partnering with stakeholders to enhance organizational capabilities in Identity and Access Management.
Senior Security Consultant specializing in penetration testing at TEHORA. Defining security strategies and conducting risk analyses and audits.
Senior Internal Controller in information security defining security strategies and conducting risk analysis. Participating in audits and controls for a multidisciplinary firm in Canada.
Product Manager responsible for managing Microsoft Security Services portfolio at Softchoice. Engaging with customers, Microsoft and stakeholders to drive market success and growth.
LP
Network Security Engineer
LinkedIn Recruiter Post
Network Security Engineer managing operations, implementing security architecture, and providing L3 support. Expertise in Checkpoint, Zscaler, Cloudflare, Aruba Clearpass, and email security required.
Program Manager leading AI and data security initiatives at Canadian Tire Corporation. Maintaining compliance and aligning security strategies with business objectives.
Senior Information Security Governance Advisor at TEHORA defining security strategies and conducting risk analyses. Participating in audits and controls while supporting organizational and technological changes.