Security & Compliance Partner

About The Position

Requirements

• 3–5 years of experience in IT, cybersecurity, or a technical support role with significant exposure to security or incident response.
• Foundational understanding of security concepts (access controls, MFA, encryption, etc.) and incident response principles (detection, triage, containment, recovery).
• Familiarity with security monitoring tools such as SIEM, EDR, or log management platforms.
• Experience working in cloud-based environments and supporting remote workforces.
• Ability to act as a first responder and escalate appropriately, with comfort in making judgment calls in a startup environment.
• Strong attention to detail, urgency, and a genuine willingness to adapt and learn.
• Clear communication and documentation skills.
• Organizational discipline to manage multiple workstreams.

Nice To Haves

• Exposure to healthcare, privacy, or other regulated environments (HIPAA, PIPEDA).
• Familiarity with enterprise security tooling (MDM, EDR, IAM, etc.).
• Security, risk, or cloud certifications.
• Experience supporting an organization through significant growth or geographic expansion.

Responsibilities

• Owning security monitoring and incident detection across cloud infrastructure and SaaS tooling, including AI-powered tools.
• Leading incident response efforts, from initial containment and documentation to follow-up and lessons learned.
• Collaborating with Product, Design, and Engineering to identify security gaps, conduct vulnerability and risk assessments, and support compliance initiatives like penetration testing.
• Working with Marketing to ensure data collection, consent practices, and ad-tech responsibilities meet internal standards and regulatory obligations.
• Implementing and improving preventative security controls such as MFA, access management, logging, and endpoint protection across cloud infrastructure and third-party tools.
• Ensuring security defences keep pace with organizational growth across Canada and the US.
• Supporting audit and compliance activities (HIPAA, PIPEDA) in partnership with IT and Legal.
• Leading vendor and third-party security reviews.
• Developing and maintaining security policies, playbooks, and documentation.
• Leading security awareness initiatives focused on phishing, account compromise, and common attack vectors.

Benefits

• Stock options through our Equity Incentive Plan
• 20 vacation days
• Annual winter break closure
• Comprehensive medical, dental, and vision care from the first day of work (100% premium coverage, with coverage for dependents)
• 8 health/sick days
• Extended mental health coverage
• $20,000 of lifetime coverage for gender-affirming care and procedures (Canada)
• $500 learning fund for courses and professional development
• People Potential program for growth opportunities