Information Security Engineer

Role Overview

• Own end-to-end SOC 2 Type 2 execution
• Design, refine, and validate security controls
• Prepare audit evidence and remediation plans
• Author and maintain security policies and standards
• Maintain the risk register and treatment plans
• Manage vendor risk workflows
• Implement Azure security guardrails
• Enforce IAM, RBAC, MFA and conditional access
• Maintain the risk register and treatment plans
• Secure CI/CD pipelines and secrets
• Implement centralized logging and alerting
• Maintain Incident Response playbooks and lead response efforts
• Perform root cause analysis
• Manage tabletop exercises using real-world examples for team training
• Automate compliance evidence collection
• Ensure controls are sustainable year over year

Requirements

• 3+ years in security and/or compliance engineering
• SOC 2 Type 2 hands-on experience
• Experience implementing international security and privacy compliance controls (e.g., GDPR, OSFI, and similar regulatory frameworks)
• Strong understanding of security architecture and risk management for data-centric organizations, including large-scale data storage, processing, access controls, and data lifecycle governance
• Azure cloud security experience
• Strong written and technical communication skills
• Proactive, collaborative team player who thrives in a fast paced, small company environment
• Experience with Drata is preferred

Tech Stack

• Azure
• Cloud

Benefits

• 100% company-paid health, vision, and dental insurance
• 401(k) with company match
• Robust PTO policy
• A collaborative and inclusive work culture
• Opportunities for professional growth and development
• The chance to make a significant impact on a growing company