Cloud Security & Risk Engineer

Canso Investment Counsel Careers

Job Location:

Richmond Hill - Canada

Monthly Salary: Not Disclosed

Posted on: 2 days ago

Vacancies: 1 Vacancy

Job Summary

About Canso Investment Counsel: Canso Investment Counsel Ltd. is a leading independent investment management firm providing portfolio management services to Canadian institutional clients. Founded in 1997 Canso is dedicated to delivering superior long-term investment results through a disciplined and research-driven approach. Our team of experienced investment professionals is committed to maintaining the highest standards of compliance and ethical conduct in all aspects of our operations. We have a happy family-friendly and flexible work environment. We value honesty and integrity and our clients come first.

Position Summary:

We are seeking a Cloud Security & Risk Engineer to act as a handson individual contributor responsible for the design implementation and daytoday operation of security controls across our cloud platforms applications and enterprise data environments.

This role is securityled by design. You will work closely with engineering data and IT teams to ensure that security is embedded throughout the software development lifecycle and cloud infrastructure while aligning with the risk compliance and resilience expectations of an institutional financial services firm. This role aligns with all five functions of the NIST Cybersecurity Framework contributing to risk identification preventative control design continuous detection effective incident response and ongoing security resilience improvement in a regulated financial services environment.

You will not manage people but you will own technical security outcomes exercise independent judgment and be expected to challenge designs raise risks and drive practical remediation.

Cloud & Data Security:

Design implement and maintain cloud security controls across AWS and Azure environments
Embed security controls into CI/CD pipelines ensuring secure build test and deployment practices
Review application and infrastructure code to identify security vulnerabilities and recommend remediation
Implement and enforce secure configuration standards using infrastructureascode (Terraform)
Manage encryption key management and secrets handling across cloud and data platforms

Data & Platform Security

Design and enforce security controls for enterprise data platforms including Snowflake
Ensure strong encryption practices for data at rest and in transit
Partner with data and engineering teams to protect sensitive financial and client data across its lifecycle

Monitoring Detection & Response

Operate and tune cloudnative security and detection tools (e.g. Defender Orca Elastic)
Investigate security alerts assess impact and support containment and remediation activities
Contribute to incident response rootcause analysis and postincident improvements
Continuously improve detection coverage and signal quality

Risk Governance & Stakeholder Collaboration

Partner with internal stakeholders and external security vendors to identify control gaps and risks
Provide clear actionable security input on key initiatives and projects
Apply sound risk judgment to balance security controls with business requirements
Communicate security findings and recommendations clearly to technical and nontechnical audiences
Maintain and contribute to security policies standards and technical control documentation to ensure alignment with cloud architectures regulatory expectations and evolving threat models

Qualifications & Experience

Education:

Bachelors degree in Computer Science Information Systems Cybersecurity or a related field (or equivalent experience).

Experience:

Minimum 7 years in DevOps security engineering or related roles.
Proven track record of leading security-focused projects such as MFA rollouts VPN deployments or policy implementations.
Proven experience in a DevOps cybersecurity or related role with a strong background in application security

Technical Expertise:

Deep knowledge of cloud security (AWS Azure) and enterprise data platforms (Snowflake).
Proficiency in Python
Experience with automation tools (Terraform) and container technologies (Docker)
Strong programming skills for reviewing and addressing code vulnerabilities.
Networking protocols and architecture
Solid understanding of network security.
Vulnerability management and encryption techniques
Proficiency with SIEM IDS/IP firewalls and endpoint security tools

Preferred Certifications:

Required or Strongly Preferred:

CISSP (Certified Information Systems Security Professional) required or actively pursued
CCSP (Certified Cloud Security Professional)
CISM (Certified Information Security Manager)

Highly Valued for Financial Services:

CRISC (Certified in Risk and Information Systems Control)
CISA (Certified Information Systems Auditor)
CSA CCSK (Certificate of Cloud Security Knowledge)

Cloud & Identity Security:

Microsoft SC-Series certifications (SC-100 SC-200 SC-300)
AWS Certified Security Specialty
Microsoft certifications related to security and identity (e.g. MS-500)

Key Competencies

Independent Ownership: Drives security outcomes with minimal supervision
Strong: Judgment: Assesses risk and prioritizes practical effective controls
Collaboration: Works effectively with engineering data and business teams
Communication: Clearly explains security concepts and tradeoffs
Adaptability: Handles evolving priorities in a regulated fastmoving environment

Canso Investment Counsel is proud to be an Equal Opportunity and Affirmative Action Employer.

We are committed to providing accommodations for people with disabilities in all aspects of the recruitment and selection process. If you require accommodation or special assistance please send an email with your request to Your information will be treated as confidential.

We sincerely thank all applicants for their interest however only those in consideration forthe opportunity will be contacted.

Required Experience: