A Supply Chain Consulting and Technology Company
Head of Infrastructure, Security
Location
Canada
Posted
2 days ago
Salary
0
Seniority
Lead
Job Description
Head of Infrastructure, Security
Longbow Advantage
• End-to-end ownership of our cloud infrastructure on GCP, architecture, reliability, cost, scalability, and operational excellence • The full cloud-native application environment; containerized and serverless workloads, cloud networking, and the large-scale, multi-tenant data layer (many terabytes of customer data on MongoDB Atlas), including the architecture, performance, and scaling decisions across all of it • Deployment, release, and maintenance processes, with a focus on uptime and minimizing customer-facing disruption, recognizing that a platform outage during an active warehouse shift is a customer event, not just a ticket • Leadership of our senior SRE, providing direction and architectural vision to move the platform forward • Our overall security program, policy, posture, tooling, and incident response, across both businesses • Achieving and maintaining SOC 2 Type II (and evaluating ISO 27001 as the customer base demands), including driving the program, evidence, and audit relationships • Customer-facing security: questionnaires, audits, and trust conversations with security-conscious enterprise buyers • Data protection obligations as a data processor, including PII handling and relevant privacy regimes (e.g. GDPR, CCPA) • Managing security vendor relationships (MDR/EDR, SIEM, endpoint protection, penetration testing) • Oversight of the internal IT function, corporate network, on-prem and cloud infrastructure, identity, endpoint management, help desk, and vendor relationships • Light-touch oversight of a small, hosted WMS environment on GCP, including its reliability and availability commitments • Mentorship and development of an established IT team, including an IT Manager and IT Administrators who handle the day-to-day
Job Requirements
- Significant experience owning production cloud infrastructure at scale, ideally on GCP, in a SaaS context
- Demonstrated ownership of a security program at a company handling sensitive customer data, including direct experience driving SOC 2 Type II (or equivalent) to completion
- Strong grasp of operating large, multi-tenant database environments — MongoDB experience is a significant advantage given our stack
- The credibility to lead technical conversations with enterprise customers' security teams
- Experience leading and developing technical staff, including senior individual contributors, and providing direction to an established IT team
- Sound judgment on the reliability/velocity/cost trade-offs that define infrastructure decisions at a growing company
Benefits
- Competitive Salary
- 4-weeks of paid vacation
- 6 paid sick days, 2 paid personal days per year
- Excellent health and dental benefits, eligible as of your first day!
- Group RRSP/401k Matching
- Work from Home
Related Guides
Related Categories
Related Job Pages
More Security Engineer Jobs
Regional Security Sales Leader – Commercial Tristate
CiscoWe securely connect everything to make anything possible.
• Craft and develop relationships with local Cisco Sales teams • Work with other leaders, sales specialists, technical architects, and executives • Develop and execute sales strategies and tactics • Responsible for accurate forecasting and regular deal reviews • Leading account executives in the development and expansion of opportunities
Information Security Engineer (Data Security)
ZscalerWe make it easy to secure your cloud transformation. Get fast, secure, and direct access to apps without appliances.
About Zscaler Zscaler accelerates digital transformation to ensure our customers can be more agile, efficient, resilient, and secure. As an AI-forward enterprise, we are constantly pushing the envelope, leveraging the world’s largest security data lake to power our cloud-native Zero Trust Exchange platform. This innovation protects our customers from cyberattacks and data loss by securely connecting users, devices, and applications in any location. Here, impact in your role matters more than title and trust is built on results. We say, impact over activity. We seek innovators who actively use AI to amplify their impact and who thrive in an environment where we leverage intelligent systems to stay ahead of evolving threats. We believe in transparency and value constructive, honest debate—we’re focused on getting to the best ideas, faster. We build high-performing teams that can make an impact quickly and with high quality. To do this, we are building a culture of execution centered on customer obsession, collaboration, ownership, and accountability. We value high-impact, high-accountability with a sense of urgency where you’re enabled to do your best work and embrace your potential. If you’re driven by purpose, thrive on solving complex challenges, and want to be part of the team that’s helping to secure the AI age, we invite you to bring your talents to Zscaler and help shape the future of cybersecurity. Role We are looking for an Information Security Engineer (Data Security) to join our team. This is a Hybrid role (onsite three days a week in San Jose, CA or another Zscaler office; remote can be considered for exceptional candidates), reporting to the Director, Information Security Compliance in the Information Security Compliance department. The Information Security Engineer (Data Security) will be the technical owner of Zscaler's shift-left data security program, responsible for building and maintaining continuous visibility into how sensitive data moves across products, services, and third parties. You will anchor data classification governance, DSPM operations, and audit control evidence; serving as the connective tissue between Product Security, Engineering, Privacy, and Compliance. As AI workloads expand, you will become the critical data risk layer ensuring PII and sensitive data is governed across AI systems, fine-tuning workstreams, and third-party egress. What you’ll do (Role Expectations) - Own and evolve the end-to-end data security program architecture — including administration, configuration, and ongoing maintenance of data flow mapping and code-level scanning tools (e.g., Relyance.ai, BigID, Securiti.ai, OneTrust, or equivalent), data element mapping, and source code scanning pipelines and delivering continuous sensitive data visibility across Zscaler's product and service landscape - Build and maintain the authoritative PII and sensitive data inventory covering service data flows and third-party egress; define and enforce data classification standards that engineering teams adopt during design and development, partnering with Privacy and Legal on regulatory alignment - Lead POCs and technical evaluations for emerging data security capabilities — including DSPM controls, AI data governance tooling and privacy-enhancing technologies — translating findings into actionable build-vs-buy recommendations for leadership - Drive shift-left adoption across product engineering teams by embedding data security reviews into the SDLC, running enablement sessions, and serving as the subject matter expert for teams building features that handle sensitive or regulated data including AI and LLM workloads processing PII - Own data security control evidence for SOC 2, FedRAMP, and ISO audit cycles; maintain data flow documentation and third-party data sharing records that satisfy auditor requirements and support enterprise customer security reviews Who You Are (Success Profile) - You thrive in ambiguity and feel comfortable building the path as you walk it, viewing a dynamic environment as an opportunity to create meaningful impact. - You act like an owner with a strong bias for action and a deep care for outcomes, seamlessly navigating between high-level strategy and hands-on execution. - You are a natural problem-solver who is energized by tackling complex challenges and finding solutions that deliver the highest level of impact. - You are a dedicated learner with a true growth mindset, actively seeking feedback to continuously develop yourself and become a stronger teammate. - You are resilient and adaptable, remaining composed under pressure and viewing organizational changes or setbacks as temporary opportunities to guide the team forward. What We’re Looking for (Minimum Qualifications) - Foundational understanding of AI/ML technologies and experience leveraging, securing, or positioning AI-driven solutions to optimize outcomes within your functional domain - Demonstrated curiosity and active exploration of tools, with a proven history of integrating new technologies to enhance daily workflows and augment problem-solving - 5+ years in data security, privacy engineering, or a closely related discipline with hands-on experience owning a data security or data governance program, not just contributing to one - Production experience administering and operating data flow mapping or data discovery tooling (e.g., Relyance.ai, BigID, Securiti.ai, OneTrust, Varonis, or equivalent) — including configuration, data element mapping, and ongoing platform maintenance - Strong working knowledge of data classification frameworks, PII taxonomy, and sensitive data handling requirements across at least one major regulatory regime (GDPR, CCPA, HIPAA, or equivalent) - Demonstrated ability to drive cross-functional adoption — experience partnering with engineering teams to embed data security practices into the SDLC, including running enablement sessions or defining data handling standards that developers actually follow What Will Make You Stand Out (Preferred Qualifications) - Hands-on experience governing data flows in AI and LLM workloads — including PII exposure risk in RAG pipelines, training data classification, or sensitive data controls for fine-tuning workstreams — with the ability to define a data governance model for agentic and AI-driven product features - Experience operating a DSPM program end-to-end — including policy design, tuning, incident triage, and metrics reporting — across cloud-native or SaaS environments at scale #LI-KM9 #LI-Hybrid Zscaler’s salary ranges are benchmarked and are determined by role and level. The range displayed on each job posting reflects the minimum and maximum target for new hire salaries for the position across all US locations and could be higher or lower based on a multitude of factors, including job-related skills, experience, and relevant education or training. The base salary range listed for this full-time position excludes commission/ bonus/ equity (if applicable) + benefits. Base Pay Range $137,200—$196,000 USD At Zscaler, we are committed to building a team that reflects the communities we serve and the customers we work with. We foster an inclusive environment that values all backgrounds and perspectives, emphasizing collaboration and belonging. Join us in our mission to make doing business seamless and secure. Our Benefits program is one of the most important ways we support our employees. Zscaler proudly offers comprehensive and inclusive benefits to meet the diverse needs of our employees and their families throughout their life stages, including: - Various health plans - Time off plans for vacation and sick time - Parental leave options - Retirement options - Education reimbursement - In-office perks, and more! Learn more about Zscaler's hybrid working model and benefits here. By applying for this role, you adhere to applicable laws, regulations, and Zscaler policies, including those related to security and privacy standards and guidelines. Zscaler is committed to providing equal employment opportunities to all individuals. We strive to create a workplace where employees are treated with respect and have the chance to succeed. All qualified applicants will be considered for employment without regard to race, color, religion, sex (including pregnancy or related medical conditions), age, national origin, sexual orientation, gender identity or expression, genetic information, disability status, protected veteran status, or any other characteristic protected by federal, state, or local laws. See more information by clicking on the Know Your Rights: Workplace Discrimination is Illegal link. Pay Transparency Zscaler complies with all applicable federal, state, and local pay transparency rules. Zscaler is committed to providing reasonable support (called accommodations or adjustments) in our recruiting processes for candidates who are differently abled, have long term conditions, mental health conditions or sincerely held religious beliefs, or who are neurodivergent or require pregnancy-related support.
Principal Cybersecurity Regulatory Advisor
Switzerland Global EnterpriseWe support Swiss SMEs in their international business and help innovative foreign companies to establish in Switzerland.
• Act as the primary expert on cybersecurity regulations, including the EU Cyber Resilience Act (EU CRA), NERC CIP, SOCI and others • Translate regulatory obligations into practical requirements for commercial product design, manufacturing, and support services • Lead regulatory gap analyses and provide remediation guidance for product teams and compliance stakeholders • Prepare advisory briefs for executive stakeholders regarding regulatory proposals, industry trends, and enforcement actions • Provide subject matter expertise for high-stakes customer-facing regulatory discussions • Maintain a centralized regulatory knowledge base and contribute to the development of AI-assisted regulatory analysis tools
Principal Product Cyber Security Architect
Switzerland Global EnterpriseWe support Swiss SMEs in their international business and help innovative foreign companies to establish in Switzerland.
• Guide product teams in designing secure architectures, including zones, conduits, trust boundaries, authentication, authorization, data protection, and remote access • Develop reusable security patterns, reference architectures, and design standards • Review product architecture changes and provide actionable security recommendations • Conduct threat modeling and risk assessments aligned to IEC 62443-3-2 • Produce threat model outputs, including data flows, threat analysis, risk ratings, and recommendations • Use AI-assisted tools to accelerate threat modeling and analysis • Create deployment security guidance for secure installation, configuration, hardening, and operation • Support SDL execution by defining security requirements, performing design reviews, and evaluating security gates • Help prepare security evidence, test documentation, and compliance artifacts • Contribute reusable templates, artifacts, and lessons learned to improve team efficiency



