Security Lead Canada Wide

Toronto - Canada

Monthly Salary: Not Disclosed

Posted on: 14 hours ago

Vacancies: 1 Vacancy

Department:

Engineering

Job Summary

Say hello to Newton! Were changing how Canadians trade crypto. Our goal To make financial freedom something everyone can achieve. We give our customers the tools and knowledge they need to navigate the crypto world.

At Newton youll work with a remote team spread across Canada but youll never feel distant. Ready to be part of something meaningful Join a team thats all about pushing boundaries and getting things done.

Some of our values:

Customer first mindset - Commitment to integrity and transparency to our users!

A dynamic team fueled by collaboration uniting our strengths to overcome any obstacles. Together we build success. We persevere adapt and come back stronger turning obstacles into opportunities.

We strive for continuous improvement and embrace creativity and encourage experimentation. We push the boundaries of whats possible and continuously explore new ideas technologies and solutions.

Role Overview

Were hiring a Security Lead to own and drive our security function end-to-end combining strategic direction with hands-on technical authority. You will review challenge and strengthen our systems act as the security authority within engineering define guardrails and drive remediation when risks arise. Operating independently youll build the structure and standards needed as we scale. Your mission is to own the company wide security strategy and architecture ensure CIRO and SOC 2 alignment and embed strong security practices across infrastructure applications and internal systems while enabling engineering velocity.

Responsibilities will include:

1. Security Strategy & Risk Ownership

Define and maintain the companys security roadmap

Maintain and actively manage a living risk register

Translate regulatory requirements into practical engineering controls

Prioritize remediation based on business and regulatory risk

Act as the internal security authority within engineering

2. Security Architecture & Infrastructure Review

Review infrastructure designs from a security perspective

Challenge architectural decisions that introduce risk

Define security guardrails for cloud infrastructure

Improve and harden existing IAM

Strengthen centralized logging and monitoring

Improve secrets management practices

Review Pulumi-based infrastructure changes with a security lens

Define security requirements for new services and infrastructure components

3. Application Security Ownership

Own the companys application security posture

Define secure development standards

Introduce lightweight threat modeling practices

Oversee SAST/DAST and dependency scanning tooling

Ensure security is embedded throughout the SDLC

Partner with engineering teams to remediate vulnerabilities

4. Security Incident Response & Monitoring

Define and maintain the incident response framework

Establish clear escalation and communication processes

Ensure appropriate logging and monitoring coverage

Lead and coordinate security investigations when required

Track remediation actions following incidents

Continuously improve controls based on lessons learned

5. Penetration Testing & External Assessments

Own and coordinate external penetration tests

Scope engagements appropriately

Ensure remediation plans are defined and executed

Track findings to closure

Strengthen internal controls based on test results

6. Regulatory Alignment (CIRO SOC 2)

Lead security readiness for CIRO requirements

Drive SOC 2 preparation and evidence collection

Maintain defensible documentation and policies

Ensure implemented controls withstand audit scrutiny

Partner with Engineering Directors to close compliance gaps

7. Third-Party & Vendor Risk Management

Define and manage third-party risk assessment processes

Evaluate the security posture of critical vendors

Assess the security impact of new tools before adoption

Define mitigation controls prior to integration

Maintain vendor risk documentation aligned with regulatory expectations

8. Endpoint & Internal Controls

Strengthen security controls on developer machines

Define secure onboarding and off boarding processes

Improve privileged access controls

Ensure internal security practices align with regulatory expectations

Who you are:

Understand IAM and least privilege principles

Understand logging monitoring and alerting architecture

Be comfortable reviewing infrastructure-as-code (Pulumi)

Reason confidently about security architecture across infrastructure and application layers

Be willing to deepen your technical capabilities where needed

Have hands-on experience with SOC 2 or comparable audit processes

Have experience in a regulated environment (fintech financial services or similar) ideally CIRO-regulated

Have a strong understanding of risk management frameworks

Influence and challenge cloud architecture decisions when needed

Experience with AI tooling governance or AI-related security considerations is a strong plus

At Newton we celebrate our inclusive work environment and welcome members of all backgrounds and perspectives to apply. We are committed to providing reasonable accommodations and will work with you to meet your needs. If you are a person with a disability and require assistance during the application process please dont hesitate to reach out!

We may use artificial intelligence (AI) tools to support parts of the hiring process such as reviewing applications analyzing resumes or assessing responses. These tools assist our recruitment team but do not replace human judgment. Final hiring decisions are ultimately made by humans. If you would like more information about how your data is processed please contact us.