Internal Security Lead

About The Position

Requirements

• Post-secondary education with training in cybersecurity, information security, computer science, information technology, or a related field.
• Minimum five (5) years of experience in cybersecurity, including experience in governance, risk management, compliance, incident response, security operations, or security architecture.
• Strong knowledge of IT governance, risk management, and controls testing.
• Hands-on experience coordinating or leading incident responses.
• Critical thinking and problem solving skills.
• Excellent documentation, communication, and organization skills.
• Ability to prepare and present reports and dashboards for diverse audiences.

Nice To Haves

• Familiarity with Mac computers, G Suite (Docs, Sheets, Slides, etc.) is an asset.
• Experience facilitating tabletop exercises, risk workshops, or security assessments is considered an asset.
• Experience working in a non-profit or not-for-profit environment is an asset.
• CISSP, CISM, CRISC, Security+, GSEC, or equivalent are considered an asset.

Responsibilities

• Develop and maintain security policies, standards, procedures, and control frameworks.
• Establish and maintain Cybera's organizational risk register and associated risk treatment plans.
• Develop, present, and maintain risk dashboards, metrics, heatmaps, and executive posture reporting to support informed decision-making.
• Align internal security practices with recognized frameworks such as NIST Cybersecurity Framework (CSF), CIS Controls, and ISO 27001.
• Coordinate and support audits, assessments, due diligence reviews, Privacy Impact Assessments (PIAs), HECVATs, and other security assurance activities.
• Coordinate periodic security control validation and testing activities to ensure controls remain effective.
• Conduct vendor and third-party security assessments and reviews.
• Chair or coordinate Cybera's internal security governance activities, including periodic risk reviews.
• Serve as a trusted advisor to leadership and operational teams, balancing security requirements with business and operational objectives.
• Lead internal security incident response activities and coordinate cross-functional response efforts.
• Develop and maintain incident response procedures, playbooks, and escalation processes.
• Lead tabletop exercises, incident simulations, and post-incident reviews to improve organizational preparedness.
• Maintain visibility into Cybera's internal and cloud-based assets and oversee attack surface management practices.
• Coordinate vulnerability management activities and remediation tracking.
• Establish vulnerability remediation priorities, monitor patch compliance, and manage exception processes.
• Work closely with the rSOC to ensure appropriate visibility, monitoring, and detection coverage across Cybera's internal environment.
• Define and maintain joiner, mover, and leaver processes.
• Establish and enforce access control standards based on least privilege and role-based access principles.
• Oversee privileged access management practices.
• Ensure strong authentication controls, including multi-factor authentication (MFA) and conditional access, are implemented and maintained.
• Conduct periodic access reviews and privilege audits.
• Define baseline security standards for endpoints, cloud environments, infrastructure, and core business systems.
• Review projects, architectures, and technology implementations to ensure alignment with security requirements.
• Partner with the Technical Operations team to implement and maintain security controls.
• Define logging, monitoring, and telemetry requirements for internal systems.
• Provide security guidance and recommendations for new technologies, services, and business initiatives.
• Communicate security risks, priorities, and recommendations to leadership in a clear and actionable manner.
• Develop and maintain an organizational security awareness and education program.
• Provide guidance and training to staff on security best practices and emerging risks.
• Promote a culture of security awareness and shared responsibility across the organization.

Benefits

• Health & Vision benefits from day 1
• Long & Short term disability benefits from day 1
• Flexible Health Spending Account (after successful probation)
• Annual professional development funds
• Regular Lunch & Learns covering department updates to EDI topics
• RRSP program (after successful probation)
• Healthy snacks in the office – and sometimes unhealthy snacks
• 10 days per year to use for sick time or mental health breaks
• The opportunity to invest in yourself and your career