• Ensure the security posture of mission-critical information systems supporting DoD programs • Ensure compliance with RMF, NIST, and Air Force cybersecurity requirements • Drive secure system design, authorization, and continuous monitoring efforts • Support implementation and enforcement of cybersecurity policies and controls • Create/maintain and review/approve other teammates’ information security related documentation • Implement, maintain, and monitor security controls • Advise developers on integrating security requirements • Achieve and maintain Authorization to Operate classified information systems • Coordinate with sponsor and corporate security organization • Oversee Continuous Monitoring program • Maintain operational security posture for information systems • Provide security related training and guidance to program management and staff • Provide responsible oversight and management of multiple RMF packages in appropriate compliance systems • Conduct RMF process on various items including Hardware, Software as a Service (SaaS), Infrastructure as a Service (IaaS), and Platform as a Service (PaaS) Systems

• Lead complex projects related to safety and security. • Participate in problem resolution and provide expert guidance. • Develop methods and procedures for new safety initiatives. • Monitor and evaluate the effectiveness of safety and security measures. • Collaborate with teams to implement global process improvements.

• Owning security monitoring and incident detection across our cloud infrastructure and SaaS tooling, including AI-powered tools • Leading the response when something goes wrong—from initial containment and documentation through to follow-up and lessons learned • Working closely with Product, Design, and Engineering to proactively spot security gaps, supporting vulnerability and risk assessments, and contributing to compliance initiatives such as penetration testing • Collaborating with Marketing to ensure our data collection, consent practices, and ad-tech responsibilities meet our internal standards and regulatory obligations • Implementing and continuously improving preventative security controls—MFA, access management, logging, and endpoint protection—across our cloud infrastructure and third-party tools • Ensuring our defences keep pace with our growth across Canada and the US • Supporting audit and compliance activities across the business (HIPAA, PIPEDA) in partnership with IT and Legal • Leading vendor and third-party security reviews that protect us from risk at every layer • Developing and maintaining the policies, playbooks, and documentation that will anchor our security program for years to come • Leading security awareness efforts that make security a lived part of our culture—with a focus on phishing, account compromise, and common attack vectors

Lead the execution of a comprehensive cybersecurity compliance program, ensuring alignment with regulatory frameworks, translating requirements into internal controls, and monitoring control effectiveness across various environments to support audits...