Senior IT Security Advisor in CANADA

About VeraSafe:

VeraSafe is an innovative and successful U.S. headquartered international privacy and cybersecurity compliance consulting firm and law firm.

Watch / listen to learn more about VeraSafe: Check out our podcast!

Apple Podcast: https://apple.co/4b28hwE

YouTube: https://www.youtube.com/@PrivacyInPractice/videos

Spotify: https://bit.ly/4moSMU7

VeraSafe is proud to be certified as a Great Place to Work©, with 97% of our employees affirming that we are truly a great place to work. This means we foster trust, collaboration, and a positive work environment. We are committed to maintaining this standard of meaningful work, work-life balance, and a supportive community. Check out our great benefits, listed at the end of this job description.

About the Role:

VeraSafe’s mission: Provide the world’s best data protection advice, with a human touch. Right now, we are seeking an Senior IT Security Advisor to join our growing team and help us pursue this mission.

We are inundated with business from clients who love the way we advise on privacy compliance (hence the need for you!).

This is an excellent opportunity for anyone who wants to join a team working on the cutting edge of privacy, data protection, and cybersecurity, and is excited about assisting a wide range of clients with fractional CISO-type support, including IT security program design, implementation, and management.

Key Responsibilities

Practice Development:

• Oversee VeraSafe’s cybersecurity consulting program through the management of team members, client relationships, and projects/deliverables
• Expand on VeraSafe’s security consulting offerings, with an initial focus on Microsoft 365 hardening, configuration auditing, and risk assessment
• Further develop internal service delivery methodologies, documentation, templates, and quality control processes
• Collaborate with sales and marketing to position and refine service offerings

Client Engagement and Delivery:

• Lead and deliver consulting projects, including fractional-CISO-type engagements with a strong focus on securing Microsoft 365 environments
• Conduct detailed cybersecurity risk assessments, including analysis of current security controls, vulnerabilities, and threat landscape
• Provide oversight and strategic direction for incident response, including breach containment, investigation, and post-incident review
• Lead and execute security assessments, architecture reviews, IT security policy drafting and implementation, and remediation planning
• Communicate findings and recommendations to clients clearly and professionally either through written reports and executive briefings or execution of hands-on implementation
• Build trusted relationships with client stakeholders, including CISOs, IT directors, and compliance teams
• Collaborate with project managers and privacy-focused project teams to determine and meet client requirements and specific project needs. Analyze practical situations and develop solutions to specialized needs

Team Leadership:

• Train and mentor consultants and technical specialists on your team
• Manage project timelines and delivery quality across multiple concurrent engagements
• Eventually help grow and manage a team of IT security advisors

Thought Leadership and Cross-Functional Collaboration:

• Stay current on evolving security threats and technologies
• Represent our IT security practice internally and externally, including contributions to client alerts and conference talks
• Collaborate with VeraSafe’s Professional Services leadership to ensure tight integration between our IT security and privacy advisory services

Required Qualifications:

• At least six years of hands-on experience in IT security consulting, IT security engineering, or equivalent
• At least one relevant certification (e.g., CISA, CISSP, CISM, CRISC, CCSP, SC-100 Cybersecurity Architect)
• Deep technical expertise in Microsoft Defender XDR, CrowdStrike Falcon, SentinelOne, or other similar technologies
• Proficiency with IT security standards and frameworks (e.g., NIST CSF, ISO/IEC 27001, NIST 800-53, NIST 800-171, CIS Controls)
• Experience performing audit readiness assessments for frameworks and regulations such as HIPAA, ISO (e.g., 2700 series), NIST (e.g., CSF), GLBA, or others
• Technical background in scripting, automation, or security tooling (e.g., PowerShell, Sentinel, Defender for Endpoint)
• Experience developing and conducting tabletop exercises such as Business Continuity and Disaster Recovery scenarios
• Experience conducting enterprise-wide formal risk assessments
• Strong understanding of email security (DKIM, DMARC, SPF)
• Familiarity with security stacks to include SIEM/SOAR, IAM, EDR, CASB, etc.
• Strong understanding of cloud security posture assessments
• Strong understanding of enterprise security principles, zero trust architecture, and IT security risk management
• Experience leading teams and managing consulting engagements
• Willingness to learn new skills and receive direction and feedback from team members
• Willingness to pursue and maintain privacy certifications (e.g., CIPP/E, CIPM, CIPT)

Preferred Qualifications:

• Experience working directly with clients, in a service-oriented environment
• Experience building or growing a consulting practice or service line
• Experience in regulated industries (e.g., healthcare, finance, pharma)
• Familiarity with contract provisions that address data protection and security responsibilities
• Experience migrating or overseeing the migration of systems from on-premises or hybrid to cloud-federated systems
• Experience with development and implementation of incident response plans
• Professional involvement in the privacy and/or data security space (attendance at privacy conferences; membership or publication in the IAPP, ISACA, etc.)
• Privacy certification (or similar)

Key Competencies:

• Detail-oriented and highly organized with a strong work ethic
• Ability to thrive and perform in a fully remote and international environment
• Excellent written and verbal communication skills
• Highly skilled in time management to enable successful work with international teams in meeting deadlines
• Highly capable of independent work to fully deliver on all commitments
• Ability to work productively in a cross-functional, multi-disciplinary consulting team
• Experience building and maintaining relationships with colleagues and clients through polished, professional interactions and products regardless of the client’s experience with VeraSafe’s service line

VeraSafe Values:

In addition to technical knowledge, skills, and competencies for a specific position, VeraSafe seeks team members who are proficient in values critical to our organization. For managers, we are seeking individuals who demonstrate interest in and experience applying:

• Creativity and Innovation
• Feedback
• Mentorship
• People Development
• Business Acumen

VeraSafe’s Excellent Benefits Include:

• Work from almost anywhere with Wi-Fi
• Paid Time Off (PTO)
• Paid holidays
• Annual bonuses
• Membership in the International Association of Privacy Professionals (IAPP) and IAPP exam fee reimbursement (CIPP/E)
• Flexible working schedule in some roles
• Reimbursement for certain personal flight ticket
• Company laptop provided
• Optional IT Hardware Buyback Program

Note:

There is a 1-3 hour skills assessment associated with the recruitment for this position. We know this is a burden, but we think it’s worth it, and we appreciate you taking the time to complete it. We’ve found it enables us to find the best team members, regardless of their experience, where they went to school, or where they were trained. We want smart, kind, creative colleagues, plain and simple, and this assessment is a crucial part of our ability to hire this way.

Our HR Privacy Notice is available at the following link:

https://verasafe.com/legal/human-resources-privacy-policy/