About Canso Investment Counsel: Canso Investment Counsel Ltd. is a leading independent investment management firm providing portfolio management services to Canadian institutional clients. Founded in 1997, Canso is dedicated to delivering superior long‑term investment results through a disciplined and research‑driven approach. Our team of experienced investment professionals is committed to maintaining the highest standards of compliance and ethical conduct in all aspects of our operations. We have a happy, family‑friendly, and flexible work environment. We value honesty and integrity, and our clients come first. Position Summary: We are seeking a Cloud Security & Risk Engineer to act as a hands‑on individual contributor responsible for the design, implementation, and day‑to‑day operation of security controls across our cloud platforms, applications, and enterprise data environments. This role is security‑led by design . You will work closely with engineering, data, and IT teams to ensure that security is embedded throughout the software development lifecycle and cloud infrastructure, while aligning with the risk, compliance, and resilience expectations of an institutional financial services firm. This role aligns with all five functions of the NIST Cybersecurity Framework, contributing to risk identification, preventative control design, continuous detection, effective incident response, and ongoing security resilience improvement in a regulated financial services environment. You will not manage people, but you will own technical security outcomes , exercise independent judgment, and be expected to challenge designs, raise risks, and drive practical remediation. Cloud & Data Security Design, implement, and maintain cloud security controls across AWS and Azure environments Embed security controls into CI/CD pipelines, ensuring secure build, test, and deployment practices Review application and infrastructure code to identify security vulnerabilities and recommend remediation Implement and enforce secure configuration standards using infrastructure‑as‑code (Terraform) Manage encryption, key management, and secrets handling across cloud and data platforms Data & Platform Security Design and enforce security controls for enterprise data platforms, including Snowflake Ensure strong encryption practices for data at rest and in transit Partner with data and engineering teams to protect sensitive financial and client data across its lifecycle Monitoring, Detection & Response Operate and tune cloud‑native security and detection tools (e.g., Defender, Orca, Elastic) Investigate security alerts, assess impact, and support containment and remediation activities Contribute to incident response, root‑cause analysis, and post‑incident improvements Continuously improve detection coverage and signal quality Risk, Governance & Stakeholder Collaboration Partner with internal stakeholders and external security vendors to identify control gaps and risks Provide clear, actionable security input on key initiatives and projects Apply sound risk judgment to balance security controls with business requirements Communicate security findings and recommendations clearly to technical and non‑technical audiences Maintain and contribute to security policies, standards, and technical control documentation to ensure alignment with cloud architectures, regulatory expectations, and evolving threat models Qualifications & Experience Education Bachelor’s degree in Computer Science, Information Systems, Cybersecurity, or a related field (or equivalent experience). Experience Minimum 7+ years in DevOps, security engineering, or related roles. Proven track record of leading security‑focused projects, such as MFA rollouts, VPN deployments, or policy implementations. Proven experience in a DevOps, cybersecurity, or related role, with a strong background in application security. Technical Expertise Deep knowledge of cloud security (AWS, Azure) and enterprise data platforms (Snowflake). Proficiency in Python. Experience with automation tools (Terraform) and container technologies (Docker). Strong programming skills for reviewing and addressing code vulnerabilities. Networking protocols and architecture. Solid understanding of network security. Vulnerability management and encryption techniques. Proficiency with SIEM, IDS/IP, firewalls, and endpoint security tools. Preferred Certifications Required or Strongly Preferred: CISSP (Certified Information Systems Security Professional) – required or actively pursued CCSP (Certified Cloud Security Professional) CISM (Certified Information Security Manager) Highly Valued for Financial Services CRISC (Certified in Risk and Information Systems Control) CISA (Certified Information Systems Auditor) CSA CCSK (Certificate of Cloud Security Knowledge) Cloud & Identity Security Microsoft SC-Series certifications (SC-100, SC-200, SC-300) AWS Certified Security – Specialty Microsoft certifications related to security and identity (e.g., MS-500) Key Competencies Independent Ownership: Drives security outcomes with minimal supervision Strong: Judgment: Assesses risk and prioritizes practical, effective controls Collaboration: Works effectively with engineering, data, and business teams Communication: Clearly explains security concepts and trade‑offs Adaptability: Handles evolving priorities in a regulated, fast‑moving environment Canso Investment Counsel is proud to be an Equal Opportunity and affirmative action employer. We are committed to providing accommodations for people with disabilities in all aspects of the recruitment and selection process. If you require accommodation or special assistance, please send an email with your request to Your information will be treated as confidential. #J-18808-Ljbffr