Mod Op

Systems and Data Security Manager

Mod Op

full-time

Posted on:

Location Type: Hybrid

Location: TorontoCanada

Visit company website

Explore more

AI Apply
Apply

Tech Stack

AWSCloudGoogle Cloud PlatformPythonTerraform

About the role

  • - Manage day-to-day operation of an established SOC 2 Type II control environment
  • - Own continuous evidence collection, documentation, and audit readiness
  • - Coordinate third-party assessments, including penetration testing, and track remediation through completion
  • - Maintain security policies, procedures, and control documentation as systems change
  • - Work directly with auditors, Development, and the compliance-focused IT team to support audits and close findings
  • - Create, assign, audit, and revoke IAM roles and service accounts across cloud platforms, ensuring least-privilege access.
  • - Conduct vendor risk assessments, including security reviews and documentation tracking
  • - Oversee infrastructure vulnerability scanning and enforce patch management SLAs across cloud and hosted environments
  • - Lead and document quarterly access reviews across systems and cloud platforms
  • - Implement and manage compliance automation platforms such as Vanta, Drata, or Secureframe
  • - Automate evidence collection, access reviews, and compliance reporting processes
  • - Build and maintain compliance dashboards to provide leadership visibility into control health and audit readiness
  • - Measure and report efficiency gains achieved through compliance and security automation
  • - Operate and maintain security controls for Microsoft Entra ID, AWS and Google Cloud Platform environments
  • - Manage identity, access, and privilege controls across cloud and enterprise systems, including GCP IAM roles, policies and service accounts
  • - Ensure secure configuration, hardening, and access reviews are performed regularly
  • - Manage Entra ID, AWS and GCP security logging, monitoring, and alerting
  • - Investigate and respond to security alerts and incidents
  • - Perform root cause analysis and implement corrective actions
  • - Investigate and remediate access-related incidents, including misconfigured roles or unauthorized permissions.
  • - Leverage AI-powered security tools for threat detection, anomaly identification, and alert triage
  • - Implement and maintain security controls within development and automated build and deployment processes
  • - Partner with Development on vulnerability management, code scanning, and application security
  • - Apply security controls and governance for AI systems, including data access, model usage, and risk management
  • - Monitor application usage and spend across agency-hosted environments for internal and client-facing applications
  • - Define acceptable usage thresholds and budget bands for applications and environments
  • - Implement alerts, automation, and reporting for usage or cost variances
  • - Investigate, resolve, and document usage and budget variances
  • - Own application budgets related to hosted environments and route issues or overages to appropriate stakeholders
  • - Support onboarding of new agencies and clients by evaluating applications, technologies, and usage requirements
  • - Assess security, compliance, and SOC 2 Type II impact to existing environments
  • - Estimate infrastructure usage and cost impact and align onboarding to established usage and budget bands
  • - Support client data ingestion, migration, and validation, ensuring security and data integrity
  • - Manage client offboarding activities, including sunsetting services and archiving or securely deleting data
  • - Partner with Development and the compliance-focused IT team to ensure onboarding and offboarding meet security, compliance, and operational standards
  • - Support account manager’s escalations related to security, access, or consent requirements.
  • - Serve as a hands-on security manager and subject matter expert
  • - Collaborate closely with Development and the compliance-focused IT team on security and audit activities
  • - Provide clear documentation and practical guidance to internal stakeholders
  • - Serve as the primary point of contact for access requests and permission-related troubleshooting.

Requirements

  • - 6 to 10 years of experience in information security, systems security, or cloud security
  • - 2 or more years in a manager-level or senior individual contributor security role
  • - Demonstrated experience operating SOC 2 Type II programs
  • - Strong hands-on expertise in Microsoft Entra ID, AWS & GCP security
  • - Experience with cloud security monitoring and incident response
  • - Practical experience with development security and secure software lifecycle practices
  • - Experience securing AI systems, data, or machine-learning-enabled applications
  • - Experience with GRC and compliance automation platforms (Vanta, Drata, Secureframe or similar)
  • - Scripting or infrastructure-as-code skills such as Python, PowerShell, or Terraform
  • - Demonstrated track record of reducing manual compliance workload through automation
  • - Familiarity with AI-powered security and threat detection tools
  • Certifications
  • - Microsoft security certifications required or strongly preferred, including:
  • - Microsoft Certified: Security, Compliance, and Identity Fundamentals
  • - Microsoft Certified: Identity and Access Administrator Associate
  • - Microsoft Certified: Security Operations Analyst Associate
  • Preferred Skills
  • - Experience coordinating and managing penetration tests and remediation efforts
  • - Familiarity with identity-based security models that emphasize least-privilege access and continuous verification
  • - Experience monitoring and investigating security events across cloud platforms and enterprise systems
  • - Hands-on use of built-in security and logging tools provided by cloud platforms such as AWS, GCP and Microsoft
  • - Strong documentation skills supporting audits, investigations, and operational security processes
Benefits
  • - Flexible, hybrid work arrangements.
  • - Annual company shutdown during the holiday season.
  • - Frequent studio-wide social events.
  • - Budget and time allotted for professional development.
  • - Commitment to wellbeing and work life balance.
  • - Competitive health and dental benefits package.
  • - Group RRSP Matching program
Applicant Tracking System Keywords

Tip: use these terms in your resume and cover letter to boost ATS matches.

Hard Skills & Tools
SOC 2 Type IIcloud securityincident responsedevelopment securitysecure software lifecyclescriptinginfrastructure-as-codeautomationvulnerability managementroot cause analysis
Soft Skills
documentationcollaborationcommunicationleadershipproblem-solvinganalytical thinkingorganizational skillsstakeholder managementaudit readinessclient management
Certifications
Microsoft Certified: Security, Compliance, and Identity FundamentalsMicrosoft Certified: Identity and Access Administrator AssociateMicrosoft Certified: Security Operations Analyst Associate