Security Engineer

• Serve as the primary point of contact for developers, partners, and third-party vendors integrating with Canto’s platform
• Lead implementation of security controls across infrastructure and applications, including access control, change management, and incident response
• Lead business continuity and disaster recovery exercises across all products
• Review feature changes across key product modules to ensure safe and reliable user experiences
• Lead full-cycle cyber and privacy assessments including Threat Risk Assessments (TRA), Cybersecurity Risk Assessments, Privacy Impact Assessments (PIA), and GRC evaluations
• Develop tailored remediation plans to address risks and vulnerabilities leveraging public-sector aligned frameworks and privacy standards
• Improve security risk management program by documenting gaps within product areas and reducing risk
• Design and maintain privacy-by-design frameworks ensuring compliance with GDPR, CCPA, HIPAA, and emerging AI-related regulations
• Oversee data lifecycle management including collection, retention, deletion, and cross-border transfers
• Conduct gap analyses and maintain a privacy risk register integrated with security assessments
• Develop and maintain documentation for policies, procedures, and audit readiness (SOC 2, ISO 27001, ISO 27018)
• Partner with legal and compliance teams to translate regulatory obligations into actionable engineering tasks
• Lead vendor risk assessments and third-party compliance reviews
• Evaluate AI systems for privacy and security risks including model testing cadence, data mapping, and monitoring gaps

Security and Privacy Analyst

Senior Associate – Cloud Security, Cyber Security, Technology Consulting

Senior Manager, Cybersecurity Threat & Vulnerability Management

Senior Associate - AI Security, Cyber Consulting, Advisory

Senior Manager – Cyber Security, Consulting, Advisory

Cloud Security Engineer