Systems and Data Security Manager

At Mod Op were reimagining the future of marketing by fusing creativity technology and intelligence to transform how work gets done and the value clients receive. Our AI & Innovation Team builds AI-enabled platforms and agentic systems that automate optimize and evolve the marketing processfrom creative development to media execution to performance analytics.

The Systems and Data Security Manager is a hands-on IT security position responsible foroperatingand maintaining the organizations security controls across systems cloud infrastructure data and development environments. Reporting to the Senior IT Director this role owns day-to-day security operations SOC 2 Type II compliance execution cloud and identity security and security monitoring.

This role alsoleadsthe implementation and automation of compliance and security processes to increase efficiency visibility and scalability across the organization.

The position works closely withDevelopmentand the compliance-focused IT team to ensure controls are effective documented and continuouslyvalidated.

Responsibilities

Security Governance & Compliance

• Manage day-to-day operation of an established SOC 2 Type II control environment

• Own continuous evidence collection documentation and audit readiness

• Coordinate third-party assessments including penetration testing and track remediation through completion

• Maintain security policies procedures and control documentation as systems change

• Work directly with auditors Development and the compliance-focused IT team to support audits and close findings

• Create assign audit and revoke IAM roles and service accounts across cloud platforms ensuring least-privilege access.

• Conduct vendor risk assessments including security reviews and documentation tracking

• Oversee infrastructure vulnerability scanning and enforce patch management SLAs across cloud and hosted environments

• Lead and document quarterly access reviews across systems and cloud platforms

• Implement and manage compliance automation platforms such as VantaDrata orSecureframe

• Automate evidence collection access reviews and compliance reporting processes

• Build andmaintaincompliance dashboards to provide leadership visibility into control health and audit readiness

• Measure and report efficiency gains achieved through compliance and security automation

Identity & Cloud Security

• Operate andmaintainsecurity controls for Microsoft Entra IDAWSandGoogle Cloud Platformenvironments

• Manage identity access and privilege controls across cloud and enterprise systems including GCP IAM rolespoliciesand service accounts

• Ensure secure configuration hardening and access reviews are performed regularly

Security Monitoring & Incident Response

• Manage Entra IDAWSandGCPsecurity logging monitoring and alerting

• Investigate and respond to security alerts and incidents

• Perform root cause analysis and implement corrective actions

• Investigate and remediate access-related incidents including misconfigured roles or unauthorized permissions.

• Leverage AI-powered security tools for threat detection anomaly identification and alert triage

• Investigate and respond to security alerts and incidents

• Perform root cause analysis and implement corrective actions

• Investigate and remediate access-related incidents including misconfigured roles or unauthorized permissions

Development & AI Security

• Implement andmaintainsecurity controls within development and automated build and deployment processes

• Partner with Development on vulnerability management code scanning and application security

• Apply security controls and governance for AI systems including data access model usage and risk management

Application Usage & Budget Management

• Monitor application usage and spend across agency-hosted environments for internal and client-facing applications

• Define acceptable usage thresholds and budget bands for applications and environments

• Implement alerts automation and reporting for usage or cost variances

• Investigate resolve and document usage and budget variances

• Own application budgets related to hosted environments and route issues or overages toappropriate stakeholders

Agency&Client Onboarding & Offboarding

• Support onboarding of new agencies and clients by evaluating applications technologies and usage requirements

• Assess security compliance and SOC 2 Type II impact to existing environments

• Estimate infrastructure usage and cost impactand align onboarding toestablishedusage and budget bands

• Support client data ingestion migration and validation ensuring security and data integrity

• Manage client offboarding activities including sunsetting services and archiving or securelydeletingdata

• Partner with Development and the compliance-focused IT team to ensure onboarding and offboarding meet security compliance and operational standards

• Support accountmanagersescalations related to security access or consent requirements.

Leadership & Collaboration

• Serve as a hands-on security manager and subject matter expert

• Collaborate closely with Development and the compliance-focused IT team on security and audit activities

• Provide clear documentation and practical guidance to internal stakeholders

• Serve as the primary point of contact for access requests and permission-related troubleshooting.

• 6 to 10 years of experience in information security systems security or cloud security

• 2 or more years in a manager-level or senior individual contributor security role

• Demonstrated experience operating SOC 2 Type II programs

• Strong hands-onexpertisein Microsoft Entra IDAWS& GCPsecurity

• Experience with cloud security monitoring and incident response

• Practical experience with development security and secure software lifecycle practices

• Experience securing AI systems data or machine-learning-enabled applications

• Experience with GRC and compliance automation platforms (VantaDrataSecureframeor similar)

• Scripting or infrastructure-as-code skills such as Python PowerShell or Terraform

• Demonstratedtrack recordof reducing manual compliance workload through automation

• Familiarity with AI-powered security and threat detection tools

Certifications

• Microsoft security certificationsrequiredor strongly preferred including:

• Microsoft Certified: Security Compliance and Identity Fundamentals

• Microsoft Certified: Identity and Access Administrator Associate

• Microsoft Certified: Security Operations Analyst Associate

Preferred Skills

• Experience coordinating and managing penetration tests and remediation efforts

• Familiarity with identity-based security models that emphasize least-privilege access and continuous verification

• Experience monitoring and investigating security events across cloud platforms and enterprise systems

• Hands-on use of built-in security and logging tools provided by cloud platforms such as AWS GCPand Microsoft

• Strong documentation skills supporting audits investigations and operational security processes

• Flexible hybrid work arrangements.
• Annual company shutdown during the holiday season.
• Frequent studio-wide social events.
• Budget and time allotted for professional development.
• Commitment to wellbeing and work life balance.
• Competitive health and dental benefits package.
• Group RRSP Matching program

When asked what they love about working at Mod Op we hear:

• I feel I can be myself at work and its fun! -MV
• The caliber of the clients/brands we work with knowing your work is seen by thousands of people in many cases across the world. -JC

• We actually create videogames! -AC
• We have an all-star team and its like playing in the pro-bowl every day! -MW
• Opportunities to always learn from and work with the best and the brightest. HW
• Mentors and opportunities for growth. -KB

Diversity and Inclusion:

Some of our best ideas emerge when different perspectives collide. Thats just one of the reasons were committed to building and retaining a team that reflects diverse backgrounds identities experiences and abilities. Through our core values were also fostering a culture where everyone feels heard included and comfortable being themselves.

Required Experience:

Manager