• Set up and drive the overall information security strategy. • Own the ISMS standards and their adoption, ensuring compliance with company and external requirements including SOC 2 and ISO 27001. • Organise and manage ISMS-related scheduled activities and drive continuous improvement of the ISMS. • Contribute to security architecture and design decisions. • Oversee security tooling such as EDR, SIEM, MFA, password managers, device management, and access review processes. • Act as the primary escalation point, during and outside business hours, for all major security-related incidents and events. • Coordinate and manage corrective actions and responses to security incidents. • Own security documentation, including policies, standards, exceptions, risk registers, and control evidence. • Oversee the internal risk-assessment and audit programme, supporting internal and external audits, remediating findings, and tracking control improvements to closure. • Support vendor and supplier risk management, including due diligence, sub-processor oversight, and security assessments. • Own the access control process, validate and audit access across divisions and functions. • Provide management reporting on risk posture, incidents, audit status, metrics, service trends, and improvement plans. • Work with engineering, DevOps, HR, and customer facing teams to embed controls into everyday processes. • Drive ongoing security governance improvements. • Address data privacy and data protection concerns, and manage responses to customer data privacy requests. • Act as Data Protection Officer (DPO) for the organisation if and as required. • Help enforce security policies, building adoption, embedding them in the company culture, and introducing regular checks on departmental compliance. • Own and deliver security awareness training and campaigns to strengthen the security culture. • Complete security-related sections of RFPs and customer questionnaires, build and maintain a security knowledge base, and provide assurance of the integrity, confidentiality, and availability of information owned, controlled, and processed by the organisation. • Attend meetings with customers and prospects to provide insights into how HICX implements security across the organization. • Manage a small team of IT support admins providing internal IT support to HICX employees and contractors. • Act as the escalation point for complex IT issues, incidents, and problems requiring cross-team coordination. • Ensure IT support activities align with security controls, access management, and acceptable use requirements. • Oversee onboarding, offboarding, account lifecycle management, and device provisioning/deprovisioning. • Own and maintain standard operating procedures and the operations platform. • Help balance usability, cost, and security when selecting or renewing SaaS and IT tools. • Carry out other reasonable duties as required by the Company.

• Lead Cloud & AI Security Strategy: Own and execute the strategic vision, roadmap, and operating model for Ascension's Cloud Security and AI Security programs under the Senior Director, driving secure adoption of cloud and AI technologies through risk-based priorities, measurable outcomes, and alignment with enterprise objectives. • Build and Develop High-Performing Teams: Lead, coach, and inspire Cloud Security and AI Security teams while establishing scalable operating models, conducting capacity and workforce planning, optimizing team processes, and fostering a culture of accountability, collaboration, adaptability, and continuous learning. • Drive Security Technology Strategy & Program Transformation: Develop and manage the Cloud Security & AI Security technology roadmap, including capability planning, technology evaluation, vendor selection, and oversight of implementations such as CNAPP, AI security controls, and automation capabilities. • Advance Secure Cloud & AI Enablement: Partner across technology, architecture, engineering, governance, legal, and business teams to establish security standards, risk management practices, and control requirements that enable innovation while protecting Ascension's cloud environments and AI solutions. • Measure, Communicate, and Advance Security Outcomes: Establish program metrics, key performance indicators, executive reporting, and strategic points of view to communicate risk, security posture, priorities, and program value. Develop and deliver presentations to senior management to support decision-making and drive alignment across the enterprise.

• Act as a subject matter expert in enterprise security architecture, risk management, and compliance frameworks. • Perform security risk reviews across applications, infrastructure, and enterprise systems, identifying vulnerabilities and recommending mitigation strategies. • Support AI adoption initiatives within security risk assessment processes. • Translate business, regulatory, and clinical security requirements into technical security control specifications. • Design, implement, and evaluate security architecture frameworks and controls across enterprise platforms. • Lead and support security architecture solutioning during pre-implementation and system design phases. • Conduct application and infrastructure vulnerability assessments, including identification of gaps and remediation recommendations. • Develop and maintain security metrics, reporting dashboards, and performance indicators for ongoing risk monitoring. • Ensure alignment of security architecture with enterprise standards and regulatory requirements. • Collaborate with enterprise architecture teams to ensure alignment between business objectives, technical architecture, and security controls. • Partner with security engineering teams to implement secure configurations and enforce security policies. • Design and validate identity and access management (IAM) controls. • Evaluate and strengthen network security architecture.

Role Description In the Senior Security Support Analyst role, your mandate is to assist our policyholders in understanding how to use Coalition’s provided security tools in order to improve their risk posture and reduce the likelihood of a cyber attack and subsequent claim. Our Security Support Center provides world-class support to Coalition's 100,000+ policyholder base. - Help policyholders navigate our security products, tailoring messaging to their technical proficiency. - Explain how to address critical security findings and why addressing those findings reduces risk. - Work closely with product and engineering teams to codify security best practices into underwriting algorithms, rating models, and risk management apps. - Lead team initiatives, handle complex cases and projects, and act as a subject-matter expert (SME). - Demonstrate high throughput in handling case workload alongside your team. Responsibilities - Risk Assessment & Customer Advisory - Independently review and analyze the security posture of insureds and prospective insureds. - Evaluate customer security programs, technologies, controls, and business environments. - Advise technical and non-technical stakeholders on security architecture and cloud security. - Assess and quantify security risk to enable underwriting and project leadership decisions. - Technical Support - Provide technical support for Coalition’s security products via ticketing system and scheduled calls. - Become a Subject Matter Expert on security products and guide users on leveraging product capabilities. - Security Leadership - Participate in the Claims Feedback Loop (CFL) process to identify missing domains and recommend improvements. - Participate in Zero Day Alert Outreach activities to notify policyholders about emerging threats. - Assess and interpret scanning and security finding data for organizations of all sizes. - Identify deficiencies in external scanning data and recommend improvements. - Process, Product, Communication, Leadership, and Culture - Create, maintain, and enhance team documentation, runbooks, and knowledge bases. - Lead team initiatives and projects related to toolset enhancement and process changes. - Represent Coalition as an expert to policyholder security leaders. - Mentor peers and contribute to team and department goals. Qualifications - 4+ years of hands-on security analysis, security engineering, incident response, or related experience. - Demonstrated understanding of the lifecycle of network threats and attack vectors. - Proven ability to assess and quantify security risk for complex organizations. - Experience advising technical stakeholders and tailoring recommendations. - Experience with security support tooling (e.g., vulnerability scanners, SIEM). - Strong interpersonal communication skills, both verbal and written. - Self-motivated and comfortable working in a fast-paced environment. - Bachelor’s degree in Computer Science, Information Security, Engineering, or related field. Bonus Points - Experience with offensive and assessment tools such as Nmap, Nessus, and Metasploit. - Experience securing cloud-based platforms (AWS, Azure, GCP). - Programming or scripting experience (e.g., Python, Go, Bash). - Experience with SCADA / industrial control systems (ICS) networks. - Prior experience in cyber insurance or security consulting for insurers. Compensation As a remote-first organization, our compensation reflects the cost of labor across several Canadian geographic markets. - In Alberta, British Columbia & Ontario: $118,600/year up to $150,000/year. - For all other locations: $106,700/year up to $133,425/year. Perks - 100% medical, dental, and vision coverage. - Flexible PTO. - Annual home office stipend and WeWork access. - Mental & physical health wellness programs. - Competitive compensation and opportunity for advancement.