Information Security Specialist protecting Remote’s information as part of the Security team. Leading compliance efforts for SOC 2 Type II, ISO 27001, and NIS2 programs.
About the role
- Systems and Data Security Manager at Mod Op overseeing IT security operations and compliance. Managing SOC 2 Type II compliance and cloud security across systems and environments.
Responsibilities
- Manage day-to-day operation of an established SOC 2 Type II control environment
- Own continuous evidence collection, documentation, and audit readiness
- Coordinate third-party assessments, including penetration testing, and track remediation through completion
- Maintain security policies, procedures, and control documentation as systems change
- Work directly with auditors, Development, and the compliance-focused IT team to support audits and close findings
- Create, assign, audit, and revoke IAM roles and service accounts across cloud platforms, ensuring least-privilege access.
- Conduct vendor risk assessments, including security reviews and documentation tracking
- Oversee infrastructure vulnerability scanning and enforce patch management SLAs across cloud and hosted environments
- Lead and document quarterly access reviews across systems and cloud platforms
- Implement and manage compliance automation platforms such as Vanta, Drata, or Secureframe
- Automate evidence collection, access reviews, and compliance reporting processes
- Build and maintain compliance dashboards to provide leadership visibility into control health and audit readiness
- Measure and report efficiency gains achieved through compliance and security automation
- Operate and maintain security controls for Microsoft Entra ID, AWS and Google Cloud Platform environments
- Manage identity, access, and privilege controls across cloud and enterprise systems, including GCP IAM roles, policies and service accounts
- Ensure secure configuration, hardening, and access reviews are performed regularly
- Manage Entra ID, AWS and GCP security logging, monitoring, and alerting
- Investigate and respond to security alerts and incidents
- Perform root cause analysis and implement corrective actions
- Investigate and remediate access-related incidents, including misconfigured roles or unauthorized permissions.
- Leverage AI-powered security tools for threat detection, anomaly identification, and alert triage
- Implement and maintain security controls within development and automated build and deployment processes
- Partner with Development on vulnerability management, code scanning, and application security
- Apply security controls and governance for AI systems, including data access, model usage, and risk management
- Monitor application usage and spend across agency-hosted environments for internal and client-facing applications
- Define acceptable usage thresholds and budget bands for applications and environments
- Implement alerts, automation, and reporting for usage or cost variances
- Investigate, resolve, and document usage and budget variances
- Own application budgets related to hosted environments and route issues or overages to appropriate stakeholders
- Support onboarding of new agencies and clients by evaluating applications, technologies, and usage requirements
- Assess security, compliance, and SOC 2 Type II impact to existing environments
- Estimate infrastructure usage and cost impact and align onboarding to established usage and budget bands
- Support client data ingestion, migration, and validation, ensuring security and data integrity
- Manage client offboarding activities, including sunsetting services and archiving or securely deleting data
- Partner with Development and the compliance-focused IT team to ensure onboarding and offboarding meet security, compliance, and operational standards
- Support account manager’s escalations related to security, access, or consent requirements.
- Serve as a hands-on security manager and subject matter expert
- Collaborate closely with Development and the compliance-focused IT team on security and audit activities
- Provide clear documentation and practical guidance to internal stakeholders
- Serve as the primary point of contact for access requests and permission-related troubleshooting.
Requirements
- 6 to 10 years of experience in information security, systems security, or cloud security
- 2 or more years in a manager-level or senior individual contributor security role
- Demonstrated experience operating SOC 2 Type II programs
- Strong hands-on expertise in Microsoft Entra ID, AWS & GCP security
- Experience with cloud security monitoring and incident response
- Practical experience with development security and secure software lifecycle practices
- Experience securing AI systems, data, or machine-learning-enabled applications
- Experience with GRC and compliance automation platforms (Vanta, Drata, Secureframe or similar)
- Scripting or infrastructure-as-code skills such as Python, PowerShell, or Terraform
- Demonstrated track record of reducing manual compliance workload through automation
- Familiarity with AI-powered security and threat detection tools
- Certifications
- Microsoft security certifications required or strongly preferred, including:
- Microsoft Certified: Security, Compliance, and Identity Fundamentals
- Microsoft Certified: Identity and Access Administrator Associate
- Microsoft Certified: Security Operations Analyst Associate
- Preferred Skills
- Experience coordinating and managing penetration tests and remediation efforts
- Familiarity with identity-based security models that emphasize least-privilege access and continuous verification
- Experience monitoring and investigating security events across cloud platforms and enterprise systems
- Hands-on use of built-in security and logging tools provided by cloud platforms such as AWS, GCP and Microsoft
- Strong documentation skills supporting audits, investigations, and operational security processes
Benefits
- Flexible, hybrid work arrangements.
- Annual company shutdown during the holiday season.
- Frequent studio-wide social events.
- Budget and time allotted for professional development.
- Commitment to wellbeing and work life balance.
- Competitive health and dental benefits package.
- Group RRSP Matching program
Job title
Job type
Experience level
Salary
Not specified
Degree requirement
No Education Requirement
Tech skills
Location requirements
Report this job
Found something wrong with the page? Please let us know by submitting a report below.
COMSEC and Security Specialist at Telesat coordinating security for COMSEC materials and Contract Security Programs. Collaborating with government agencies and leading security audits.
AWS Cloud Security Engineer strengthening cloud security posture at Fluent, Inc. Focused on implementing security controls and maintaining compliance across AWS.
Senior Advisor assisting in property management and building safety at Desjardins. Involves development projects, strategic initiatives, and stakeholder interaction in a hybrid work environment.
Security Engineer enhancing security in Java - based enterprise applications at TopQuadrant. Designing and implementing security solutions while maintaining compliance with data protection regulations.
Senior IT security advisor helping protect IT hardware, software, and data at Desjardins. Leading initiatives, advising clients, and developing policies for strategic projects.
Business strategy analyst developing plans and business intelligence for Desjardins. Analyzing business needs and solutions for various organizational initiatives with a hybrid work setup.
Security Consultant on TELUS's Cybersecurity Platforms Operations team. Providing hands - on support for critical security services and collaborating with industry - leading vendors.
Senior Cloud Cybersecurity Engineer responsible for cloud security engineering at Tanium. Collaborate to protect cloud infrastructure against threats in Azure, AWS, and Kubernetes.
Managing Consultant in Cybersecurity and NERC Compliance at Guidehouse. Leading client management and project workstreams within the electric utility sector in Canada.