remoote.app

Work from anywhere. Start here.

Remoote.app

Work from anywhere. Start here.

Free resume builderCompaniesLog in
Home
Jobs
Head of Security

Head of Security

R
ReachFintech, Payments, E-commerce
Canada. Calgary, Alberta, CanadaFull-TimeExecutive
Salary not disclosed
Apply NowOpens the employer's application page

Job Details

Experience
8+ years in information security, with 3+ years leading a security program or a major security function.
Required Skills
AWSGCPJiraAzureConfluence

Requirements

  • 8+ years in information security
  • 3+ years leading a security program or a major security function
  • Direct experience owning SOC 2 Type II audits end-to-end
  • PCI DSS experience strongly preferred
  • Proven, hands-on ownership of vulnerability management programs at scale
  • Experience managing an MSSP/MDR relationship for SIEM and 24/7 SOC
  • Strong application and cloud security fundamentals
  • Hands-on experience in AWS, GCP, or Azure
  • Ability to partner credibly with engineering
  • Experience leading incident response end-to-end, including cross-functional coordination and working with external parties
  • Experience writing and operationalizing security policies against recognized frameworks (NIST CSF, ISO 27001, CIS Controls)
  • Excellent written and verbal communication
  • Comfortable as a player-coach in a lean environment, with a strong sense of ownership and bias for action
  • Experience in fintech, payments, or ecommerce (ideally cross-border or merchant-of-record) (Asset)
  • Prior experience standing up or scaling a security program at a growth-stage company (Asset)
  • Familiarity with GRC/continuous compliance platforms (e.g., Vanta, Drata, Secureframe) (Asset)
  • AWS experience (our primary cloud) and Atlassian suite (Jira, Confluence) for workflow and documentation (Asset)
  • Formal people-management experience (Asset)
  • Relevant certifications (e.g., CISSP, CISM, CCSP) (Asset)

Responsibilities

  • Own and lead information security at Reach, setting strategy and managing the program end-to-end.
  • Own the vulnerability lifecycle end-to-end, including intake, triage, prioritization, risk acceptance, ticketing to dev teams, and remediation within SLA.
  • Manage external pen tests and targeted assessments and report regularly on status, SLA performance, and trends.
  • Manage MSSP partner for 24/7 SIEM and SOC monitoring, ensuring telemetry, detections, and playbooks match the threat model.
  • Serve as incident commander for real events and run regular tabletops and post-incident reviews.
  • Define and maintain Reach’s security policies and control framework; design, implement, and measure control effectiveness; maintain a risk register.
  • Own SOC 2 Type II and PCI DSS end-to-end with continuous control monitoring and evidence collection, serving as primary contact for external auditors.
  • Partner with engineering on secure SDLC, threat modeling, SAST/DAST/SCA coverage, and cloud security posture (IAM, configuration, workload protection).
  • Own IAM policy, periodic access reviews, privileged access, and joiner/mover/leaver processes.
  • Run Reach’s vendor risk program (due diligence, questionnaires, DPAs, ongoing monitoring) and own responses to customer and prospect security reviews.
  • Run phishing simulations, ongoing and role-targeted training, and regular company-wide security sessions.
  • Provide regular security posture updates with meaningful metrics to leadership.
  • Act as a mentor for direct reports; own the security budget and tool stack.
View Full Description & ApplyYou'll be redirected to the employer's site
View details
Apply Now