Senior CorpSec Analyst
Job Summary
Clio is the global leader in legal AI technology empowering legal professionals and law firms of every size to work smarter faster and more securely.
We are transforming the legal experience for all by bettering the lives of legal professionals while increasing access to justice.
Summary:
About the Team
CorpSec is transitioning and growing at Clio into a focused mission-driven function within the organization. Security systems and practices are already in place this role will be responsible for adopting and unifying the systems communication and oversight of security systems from across IT Systems Application Security and Compliance. Build upon the existing trust within the organization define a unified approach configure formalize the program in accordance to Compliance requirements. This role is available to candidates across Canada excluding Quebec. If you are local to one of our hubs (Burnaby Calgary or Toronto) you will be expected to be in office minimum twice per week on one of our Anchor Days.
Your team will work closely with the IT Systems Application Security People Compliance and IT Services teams to ensure appropriate security coverage in detection response and establishing non-adversarial techniques.
About the Role
This role is established for the purpose of driving the cybersecurity definitions and posture across our fleet and systems leading investigations owning incident response end-to-end and improving the operational quality of how we detect and respond to threats. You will protect Clio from internal and external threats accidental and intentional.
As Senior CorpSec Analyst you are both a senior operator and a project lead. You own detection and response work end-to-end lead high-severity incidents and raise the quality and velocity of how the team operates. You stay hands-on with the tools that matter DLP EDR phishing SIEM SSO and you turn ambiguous patterns into runbooks automations and durable improvements.
The successful candidate is a force-multiplier. They recognize the importance of resolving incidents and closing tickets they are also the person within the team that makes the teams an processes around them better. You coach junior analysts lead high-severity investigations and partner with adjacent teams to close gaps that no single team owns. Familiarity and proficiency with AI tooling is expected; you will help define how we use it in detection and response responsibly. Where there may be a built up pain tolerance to inefficiencies or legacy processes you learn to understand them and propose updates or rewrites when the base objective is no longer being met.
What Youll Do
Build & Run Technical & Operational
The role has senior technical expectations including raising the operational bar of the team.
Lead investigations and incident response for medium- and high-severity security events phishing campaigns insider risk compromised accounts data-loss concerns owning the response from triage through resolution and post-incident review.
Own detection engineering across the corporate security stack tune DLP EDR phishing templates remediations and SSO/IdP signals; build correlation rules; reduce false-positive rates without sacrificing coverage.
Drive root-cause analysis after incidents and near-misses then translate findings into durable runbook control and tooling changes.
Build and maintain automations and integrations that move work left auto-remediation playbooks signal enrichment evidence collection pipelines.
Define document and evolve internal incident response playbooks for insider threat compromised device and data-loss scenarios.
Partner with the Manager CorpSec on tooling decisions evaluate configure and operate platforms across EDR DLP phishing SIEM and SOAR.
Tune and evolve security tooling for AI detection address risks of unauthorized data movement agentic workflows and the lethal trifecta.
Drive correlation and visibility capability across Clios security stack so detection and investigation stay timely as the company continues to grow.
Lead & Improve Team & Cross-Functional
Act as incident commander on high-severity events coordinate response across respective teams as needed; communicate clearly to stakeholders during and after.
Raise the operational bar of the team coach junior analysts review their investigations share patterns and gotchas and write documentation scripts and/or automations for others to learn from.
Identify operational health problems before they become incidents propose prioritize and execute the work to close gaps.
Drive cross-team initiatives that no single team owns DLP policy refinement MDM coverage audit log centralization AI tooling guardrails.
Support security compliance requirements for SOC 2 ISO 27001 GovRAMP and PCI-DSS own and design technical evidence pipelines not just one-off collection.
Maintain Clion trust by communicating transparently and proportionately we design to protect not to surveil.
What You Bring
58 years of hands-on experience in security operations detection engineering or incident response.
Deep hands-on experience with at least three of: EDR DLP Phishing platforms SIEM or Google Workspace security controls youve configured tuned and operated them in production.
Demonstrated experience leading security incidents end-to-end youve been the incident commander not just a contributor.
Track record of root-cause investigation you fix the problem not the symptom and translate the fix into a durable control or automation.
Strong written communication your runbooks post-incident reviews and decisions are easy to follow for engineers outside CorpSec.
Demonstrated ability to coach or mentor more junior analysts you raise the bar of those around you not just your own.
Comfort with ambiguity you can take an open-ended problem (our DLP signal-to-noise is bad) and produce a concrete prioritized plan.
A healthy curiosity to look for the why and fix the problem rather than the symptom.
Experience using observing and securing AI systems platforms and agents.
Growth mindset when it comes to process improvement and new technologies especially AI.
Preferred
Experience designing or operating SIEM or detection-as-code pipelines.
Experience contributing to security compliance programs including SOC 2 ISO 27001 GovRAMP or FedRAMP.
Scripting fluency (Python Bash PowerShell) for automating investigation evidence collection and remediation.
Industry certifications such as CISSP CISM GCIH GCIA or CompTIA Security.
Comfortable jumping onto due-diligence calls if Compliance requires assistance with customer Risk Interviews.
What Makes You a Great Fit
Youre a force multiplier when youre on a project the whole team gets better.
You lead with calm under pressure when an incident lands people feel the response tighten not panic.
You document decisions for the engineer who comes after you your runbooks outlive the on-call rotation that wrote them.
Youre principled about the visibility-trust tension you treat security communication as a trust-building exercise.
Youre energized by improving systems not just operating them you leave every tool runbook and process measurably better than you found it.
#LI-Remote
This is a new role.What you will find here:
Compensation is one of the main components of Clios Total Rewards Program. We have developed a series of programs and processes to ensure we are creating fair and competitive pay practices that form the foundation of our human and high-performing culture.
Some highlights of our Total Rewards program include:
Competitive equitable salary with top-tier health benefits dental and vision insurance
Hybrid work environment with expectation for local Clions (Vancouver Calgary Toronto Dublin London New York City and Sydney) to be in office min. twice per week.
Flexible time off policy with an encouraged 20 days off per year.
$2000 annual counseling benefit
RRSP matching and RESP contribution
Clioversary recognition program with special acknowledgement at 3 5 7 and 10 years
*Our salary bands are designed to reflect the range of skills and experience needed for the position and to allow room for growth at Clio. For experienced individuals we typically hire at or around the midpoint of the band. The top portion of the salary band is reserved for employees who demonstrate sustained high performance and impact at Clio. Those who are new to the role may join below the midpoint and develop their skills over time. The final offer amount for this role will be dependent on geographical region applicable experience and skillset of the candidate.
Diversity Inclusion Belonging and Equity (DIBE) & Accessibility
Our team shows up as their authentic selves and are united by our mission. We are dedicated todiversity equity and inclusion. We pride ourselves in building and fostering an environment where our teams feel included valued and enabled to do the best work of their careers wherever they choose to log in from. We believe that different perspectives skills backgrounds and experiences result in higher-performing teams and better innovation. We are committed to equal employment and we encourage candidates from all backgrounds to apply.
Clio provides accessibility accommodations during the recruitment process. Should you require any accommodation please let us know and we will work with you to meet your needs.
Disclaimer: We only communicate with candidates through official @ email addresses.
Required Experience:
Senior IC
About Company
Run your law firm with Clio, the #1 choice of legal professionals for managing clients, cases, billing, and more. Try it for free today—no credit card required.