Role Description We are looking for a Security Operations Engineer to help monitor, detect, and respond to cybersecurity threats across our environment. - Monitor security alerts and investigate incidents - Manage and improve SIEM, EDR, and security tools - Perform threat hunting and incident response - Analyze logs and suspicious activities - Collaborate with IT and engineering teams on remediation - Improve security detections, automation, and playbooks Qualifications - 6+ years of experience in Security Operations / SOC - Experience with SIEM and endpoint security tools - Knowledge of cloud security (AWS/Azure/GCP) - Understanding of networking and security fundamentals - Scripting experience (Python/Bash/PowerShell) — advantage - Strong analytical and problem-solving skills - Nice to have: Security certifications, SOAR experience, cloud-native security knowledge. Company Description

ABOUT US tms unites technology, marketing, and sourcing to drive transformational change for the world's leading brands. With more than 1,400 employees across 28 countries., we offer an impressive range of solutions - from inspiration and innovation to category management and delivery. Operating as a creative agency, a strategic consultancy, a sourcing business, and a technology provider, we engage with over 110 million customers every single day for our clients, including McDonald's, T-Mobile, O2, Starbucks, and adidas. Most importantly, we're a place where you can achieve great things, and be recognized as the best. WHAT MATTERS THE MOST Breakthrough, business-driving ideas come from extraordinary people with the freedom to be their most authentic selves at work. Authenticity and diversity are critical elements of our business. They can only be realized when we create access and equity for all. We foster a culture of inclusion and belonging and aspire to be ever-evolving. tms is a place where brilliant people are better together. If you want your ideas to be heard and to contribute to a culture of inclusion and authenticity, bring us your voice! Visit us at tmsw.com. WHY WE THINK YOU WILL LOVE THIS ROLE tms is a marketing and design firm managing valuable intellectual property, client data, and proprietary creative content, making security a critical concern. Safeguarding these assets not only prevents data breaches that can harm a company's reputation but also reinforces trust with clients and customers. The dynamic nature of this role, which involves working with various digital tools, platforms, and client data, offers engaging challenges and opportunities for collaboration. Moreover, the intersection of technical expertise with creative projects provides a unique and holistic work experience that is both stimulating and fulfilling. WHAT YOU WILL BRING TO THE ORGANIZATION The Data Security Engineer will play a pivotal role in creating secure environments that enable creative teams to innovate confidently, knowing their work is protected. The Data Security Engineer will develop and influence DLP strategies, provide direction, assess risks, and serve as subject matter expert on security controls for sensitive data types, responsible for developing, implementing, and maintaining data protection technical controls. Will serve as the key point of contact for data security and privacy matters, ensuring compliance with relevant laws and standards such as GDPR, HIPAA, or other applicable regulations. - Advises and influences across the operating company to improve the management of sensitive data types. - Reviews applicable federal and state directives or regulations; then designs and provides guidance on the deployment of processes and solutions necessary to achieve and maintain alignment or compliance. - Develop and implement solutions to ensure privacy policies are correctly implemented. The implementations should advance compliance with legal forms of data use as well as support business use of data. Work to align advanced technologies and Privacy by Design principles from the first stages of development and ensure that the data use meets established regulatory compliance needs. - Collaborate with data product development teams creating new uses of data that employ privacy features. - Interacting with internal privacy program managers, product development teams, legal, compliance, governance and data protection teams. - Guide the development of new privacy products and features. - Identify areas of improvement in local practices relative to managing data privacy. - Develop and enforce data protection policies, standards, and procedures. - Monitor data access and usage to prevent unauthorized activities. - Collaborate with IT, legal, and operational teams to implement security measures. - Support response efforts related to data breaches or information security incidents. - Provide training and awareness programs for staff on data protection best practices. - Maintain up-to-date knowledge of data protection laws and industry standards. - Prepare reports and documentation for compliance audits and regulatory authorities. SKILLS AND EXPERIENCE WE WOULD LIKE YOU TO HAVE - Bachelor's degree in Information Technology, Cybersecurity, or related field. - Proven experience in data protection, information security, or privacy roles. - Strong understanding of data protection regulations (GDPR, CCPA, etc.). - Knowledge of cybersecurity frameworks and best practices. - Excellent analytical, problem-solving, and communication skills. - Ability to work collaboratively across departments and with external stakeholders. - Certifications such as CIPP, CIPM, CISSP, or CISM are a plus. Starting salary between $100,000-$110,000 CAD TOTAL REWARDS Our total rewards philosophy integrates programs for compensation, benefits, recognition, learning and development, corporate culture, corporate citizenship and work-life balance. While individual program components may differ by country, some things remain constant: - Our commitment to rewarding results - Opportunities to work with talented and driven individuals at every level of our company who respect each other, treat each other fairly and hold one another accountable for our customers'-and our company's-success There's more ... Generous medical, dental, vision and other great benefits Paid parental and medical leave programs 401(k) with a company match component and profit sharing 15 days of paid time off plus company holidays Hybrid work model Tuition reimbursement and student loan repayment assistance Inclusive employee resource groups EQUAL OPPORTUNITY EMPLOYER We are an equal opportunity employer, and we value diversity at our company. We do not discriminate on the basis of race, religion, color, national origin, sex, gender, gender expression, sexual orientation, age, marital status, veteran status, or disability status. We will ensure that individuals with disabilities are provided reasonable accommodation to participate in the job application or interview process, to perform essential job functions, and to receive other benefits and privileges of employment. Please contact us to request accommodation. RECRUITING AGENCIES tms does not accept agency resumes submitted by third-party vendors unless a valid agreement has been signed and the tms Talent Acquisition Team has granted authorization for submissions for a specified position. Please do not submit or forward resumes to our site, tms employees, or any other company location. tms is not responsible for any fees related to unsolicited resumes.

• Partner directly with engineering, SRE, and platform teams to build security into every phase of the software development lifecycle from design through production. • Own threat modeling and secure design reviews for new features, lead vulnerability analysis and secure code reviews across our microservices and mobile applications, and help mature our AI-first security toolings. • Run and improve ShopBack's vulnerability management program, prioritizing findings using EPSS, CISA KEV, and business context, and driving time-to-remediation through automation and partnership with engineering teams. • Support incident response for product security incidents including blast radius analysis, root cause analysis, variant hunting, and post-incident hardening. • Partner with compliance on evidence and controls for multiple audits bridging engineering reality with audit requirements.

• Perform day-to-day operations of in-place security solutions. • Implement and maintain firewall access control lists. • Implement and maintain Identity Access Management and auditing. • Troubleshoot security-related support tickets. • Implement and maintain video surveillance systems. • Implement and maintain Building Access Control systems. • Resolve security breaches detected by those systems. • Participate in the implementation of new security solutions. • Participate in the creation and/or maintenance of policies, standards, baselines, guidelines, and procedures. • Conduct vulnerability audits and assessments. • Actively work towards upholding enterprise’s security goals as established by its stated policies, procedures, and guidelines.