Position Overview Job Title: Senior Information Security Officer (SISO) Location: Toronto, ON (Remote) Employment Type: Permanent Full‑Time Salary: $101,360 – $121,360 Language: English required; French is an asset Key Responsibilities Security Governance: develop, maintain, and socialize security policies, standards, procedures, and architecture guardrails aligned to business objectives. Risk Management: lead and/or support security risk assessments, control reviews, threat modeling, risk treatment plans, and executive‑ready reporting. Security Operations: design and continuously improve security monitoring, alerting, and response processes across Microsoft Azure cloud and on‑prem infrastructure (VMware ESX/NSX), as well as endpoint, identity, network, and SaaS environments. Detection Engineering: build and tune SIEM detections and analytics (queries, correlation rules, use cases), reduce false positives, and measure detection coverage (e.g., mapped to MITRE ATT&CK). Threat Hunting: conduct proactive hunts using logs/telemetry, develop hypotheses, document findings, and translate learnings into new detections and control improvements. Incident Handling: triage and investigate security alerts; lead incident response from containment through eradication and recovery; run post‑incident reviews and drive corrective actions. SIEM & Automation: operate and optimize SIEM/SOAR integrations, log onboarding, parsing/normalization, playbooks, and automations to improve MTTR and analyst efficiency. Vulnerability Management: manage scanning and remediation workflows, prioritize findings based on risk, track SLAs, and validate fixes. Security Assessments & Testing: perform technical security assessments, configuration reviews, and support or execute penetration testing; coordinate remediation with owners. Application Security: partner with developers or vendors on secure SDLC practices and standards (OWASP ASVS and OWASP Top 10), including code review support, dependency scanning, secrets management, CI/CD security, and developer enablement. Third‑Party & SaaS Security: assess vendors and integrations, review security controls, and monitor ongoing risk. Security Awareness: contribute to security training, guidance, and internal communications to strengthen the security culture. Documentation & Metrics: maintain runbooks and playbooks; define KPIs/KRIs (e.g., coverage, response times, patch SLAs) and report progress. Qualifications & Experience Bachelor’s degree in Computer Science, Information Security, or related field (or equivalent practical experience). 5+ years of progressive experience across multiple information security domains (governance/risk and hands‑on security operations). Hands‑on experience with SIEM platforms (Microsoft Sentinel) including log onboarding, detection development, tuning, and dashboarding. Demonstrated detection engineering and investigation skills: KQL proficiency, alert triage, and evidence‑based incident response. Experience performing threat hunting and translating hunts into detection use cases and playbooks. Incident response experience including scoping, containment, eradication, recovery, and post‑incident retrospectives. Strong understanding of core security controls across identity (SSO/MFA), endpoint security, networking, logging/telemetry, and hybrid security concepts spanning Microsoft Azure and on‑prem infrastructure (VMware ESX/NSX), including Entra ID/Azure AD, Azure networking, key management, cloud posture management, and segmentation/micro‑segmentation. Vulnerability management experience: scanning (infrastructure and apps), prioritization, remediation tracking, and verification. Experience with security assessments and/or penetration testing methodologies and reporting. Application security experience: secure SDLC, OWASP Top 10, API security, dependency and secrets scanning, and partnering with developers. Automation/scripting ability (e.g., Python, PowerShell, Bash) and experience integrating security tools via APIs/webhooks; SOAR/playbook experience preferred. Knowledge of security frameworks and standards (e.g., NIST CSF / 800‑53, ISO 27001, CIS Controls) and practical risk management. Relevant certifications are an asset (e.g., CISSP, CISM, GIAC, GCIH, GCIA, GCED, OSCP, AZ‑500, SC‑200/SC‑100). Excellent written and verbal communication skills; able to explain risk and technical findings to both technical and non‑technical audiences. Benefits 35‑hour work week schedule (possible flexible work options, e.g., 4‑day work week). Twelve paid sick days annually (including five personal days). Access to SOCAN fitness facility. Annual Performance Incentive bonus (dependent on personal and company performance). Defined contribution Pension Plan. Comprehensive health and dental benefits program. Inclusive and collaborative working environment. Commitment to Diversity, Equity, Inclusion, and Anti‑Racism SOCAN thrives with a variety of viewpoints, identities, and backgrounds, and we are committed to anti‑racism. Everyone is welcome to apply for our wide range of roles, regardless of gender identity, gender expression, ethnicity, race, age, culture, sexual orientation, religious belief, or physical ability. SOCAN remains dedicated to creating a more equitable, inclusive, and diverse workplace. Accessibility & Accommodation SOCAN is committed to providing an inclusive workplace environment that meets the accessibility needs of employees with disabilities. Equal Employment Opportunity Socan is an Equal Opportunity Employer. Hiring and other employment decisions at Socan are made without regard to race, colour, religion, sex, ancestry, national origin, ethnic origin, age, disability, citizenship, veteran status, sexual orientation, record of offences, marital status, family status, or any other characteristic protected by federal, provincial, or local law, regulation, or ordinance. We encourage applicants of all backgrounds to apply. #J-18808-Ljbffr