Enterprise Security SpecialistLocation: Stouffville, ON • Department: R&D • Reports to: Chief Technology Officer (CTO) • Salary: $120,000 - $135,000 • Openings: 1 ResponsibilitiesLead the development, implementation, and continuous improvement of the enterprise information security program. Develop and maintain security policies, standards, procedures, and controls aligned with business objectives. Establish security metrics and reporting to support executive visibility and informed decision-making. Act as a trusted security advisor to the CTO and senior leadership. Lead enterprise risk assessments, security reviews, and control evaluations. Align security practices with recognized frameworks such as ISO27001, NIST, and other relevant standards. Support compliance with Canadian regulatory and privacy requirements, including PIPEDA, OSFI guidance, and applicable provincial legislation. Lead and support security audits and certifications (SOC2, PCIDSS, ISO27001, and customer security reviews). Serve as primary point of contact for auditors, regulators, and enterprise clients. Coordinate audit readiness activities, including evidence collection, policy updates, control testing, and remediation tracking. Translate audit findings into practical, risk‑based improvements. Lead third‑party security risk assessments and vendor security reviews. Support security questionnaires, contract reviews, and customer due‑diligence requests. Promote a security‑conscious culture through collaboration, education, and practical guidance. Support security awareness initiatives and training across the organization. Provide regular reporting on security posture, risks, audit readiness, and remediation progress. Escalate significant security risks and incidents appropriately and support incident response activities. Qualifications5–7+ years of experience in information security, cybersecurity, or technology risk. Experience leading security programs or initiatives in fintech, financial services, SaaS, or other regulated environments. Hands‑on experience supporting SOC2, PCIDSS, ISO27001, or similar audits and certifications. Strong understanding of enterprise security controls, risk management, and governance. Familiarity with cloud environments (AWS, Azure, or GCP). Ability to communicate security concepts clearly to technical and non‑technical audiences. Knowledge of Canadian regulatory and privacy requirements. Deep understanding of SDLC, DevSecOps, CI/CD pipelines, cloud technologies, and regulatory frameworks. Bonus: Exposure to DevSecOps or secure SDLC practices. Bonus: Experience with vulnerability management or application security tooling. Bonus: Experience supporting client security assessments or enterprise customer due‑diligence. Bonus: Security certifications such as CISSP, CISM, or ISO27001 Lead Implementer/Auditor. BenefitsHybrid, remote, or in‑office flexible working arrangements. Comprehensive benefits package from day one: health coverage, paid time off, and volunteer days. Competitive salary, annual bonus program, and participation in an employee stock option plan. Continuous learning opportunities, a robust learning management system, and a tuition reimbursement program. Tools and technology provided (laptop, headset, monitors) to set you up for success. A supportive environment that values growth, success, and contributions to customers. Equal Opportunity EmployerPortfolio+ Inc. is an equal‑opportunity employer. We recruit, hire, train, promote and provide all other privileges of employment to qualified individuals without regard to age, race, color, creed, national origin, gender, gender identity, gender expression, sexual orientation, disability, marital status, veteran status, citizenship status, ethnicity, familial status, or religion. We provide accommodations for applicants with disabilities in accordance with the Accessibility for Ontarians with Disabilities Act, 2005.#J-18808-Ljbffr