Security Engineer (Remote First)

The IT team supports Zensurance and its team members with a full life-cycle of technology support (from on-boarding - to offboarding). The team also supports and works closely with every team across Zensurance in providing technical support, implementation of technologies, and guidance for programs and initiatives related to their department.

Reporting to the Associate Director, IT, you will be responsible for supporting our company-wide information security management program to ensure that information assets are adequately protected.

You will proactively work with Zensurance business units to implement practices that meet defined policies and standards for information security. The role also assists in a variety of IT-related risk management activities and includes the day-to-day support of various information security programs and initiatives.

As an individual contributor, you will collaborate closely with the Associate Director to coach and mentor colleagues across the organization. You'll play a key role in supporting the Technology Leadership Team with employee training and development initiatives, aiming to continuously improve the team's technical capabilities and delivery excellence.

Responsibilities

• Program support: Facilitate information security governance, policies, and standards.
• Lead awareness training and collaborate on risk assessment.
• Provide regular reporting and support security incidents.
• Security Liaison: Assist resource owners and IT staff with audit failures.
• Liaise between security and enterprise architectures.
• Manage security issues, incidents, and reporting metrics.
• IT/Engineering Support: Implement technical configurations and automate security workflows.
• Maintain application security mapping and consult on software selection.
• Consult on security integration in application evaluation and installation.
• Operational Support: Coordinate security management and vendor compliance.
• Manage incident response and maintain a security knowledge base.
• Oversee security testing procedures and remediation efforts.
• Perform other duties as assigned.

Requirements

• University degree or college diploma in a recognized technical, vocational or academic program (preferably in InfoSec or Cyber Security) or equivalent work experience.
• 3+ years working in Information Security, preferably in an agile and fast paced environment.
• Demonstrated proficiency in interpreting stakeholder expectations and translating them into comprehensive technical plans and requirements, followed by successful implementation of said plans in a technical capacity.
• Experience with identity management software and capabilities such as single sign on (SSO), just in time (JIT) provisioning, and system for cross domain identity (SCIM) in tools such as JumpCloud, Okta, Auth0, PingIdentity, etc.
• Experience with configuring and maintaining endpoint and email security platforms such as Crowdstrike, Mimecast, etc.
• Experience configuring and maintaining network security solutions such as Netskope, ZScaler, etc.
• Experience facilitating implementation and execution of policies and processes across an organization.
• Experience writing and adapting cyber security policies, auditing and performing security gap analyses.
• Experience with common information security management frameworks and compliance standards, such as the CIS Controls v8, NIST, ISO 27001, SOC 2, PIPEDA, PCI.
• Experience working with legal, audit and compliance staff.
• Experience in working with, documenting, and implementing Cloud security controls for AWS or similar Cloud providers.
• Proficiency with Google Workplace, Zoom, Slack and Microsoft Office (Excel and Word).

Nice to have

• Proficiency with Application Programming Interfaces (APIs), including utilizing various API functionalities to enhance security posture in various systems is considered an asset.
• Security certifications such as CISSP, CISA, CISM, GIAC, CBCP, MBCI, or similar are preferred.
• Experience with automation workflow tools such as Zapier is considered an asset.