The Information Systems Security Manager will be responsible for protecting RideCo's data and IT infrastructure by designing, implementing, maintaining, and enforcing security policies and protocols. Key responsibilities include monitoring systems, performing risk assessments, ensuring regulatory compliance (NIST, SOC2, GDPR, HIPAA), and leading incident response efforts to mitigate threats.
Your day-to-day responsibilities will include:Strategic Security Management: - Developing and enforcing comprehensive security policies and procedures, ensuring they align with business objectives and legal compliance.
- Own and maintain the organizational security roadmap using NIST SP 800-53 and NIST CSF 2.0, ensuring all security controls map directly to business risk and operational resilience.
- Lead the strategy and annual audit for SOC2 type 2 certification and compliance (including all Trust Services Criteria - Security, Availability, Confidentiality, Processing Integrity, Privacy), and RideCo's Privacy Program.
Risk Mitigation & Assessment:- Conducting regular threat assessments, vulnerability scanning, and audits to identify weaknesses and implement countermeasures
- Develop and enforce governance policies for the secure adoption of AI
Security Operations:- Monitoring network traffic, firewalls, endpoints, and data systems for suspicious activity
Procedural Governance:- Conduct reviews and provide feedback on contracts, RFPs, security questionnaires, and ensure existing program components are regularly reviewed and functioning according to their criteria
- Establish and maintain agency-based security and privacy procedures to ensure consistent security hygiene across all departments and platforms.
Incident Response: - Leading efforts to identify, contain, and remediate security breaches or attempts.
Employee Training and Awareness:- Overseeing security awareness programs to train staff on cybersecurity best practices.
- Implement specialized training to protect employees against evolving AI-generated threats, including deepfake audio/video scams and sophisticated phishing.
Technical Oversight:- Overseeing the deployment of security technologies, including encryption tools, antivirus software, and access controls
Vendor Risk Management:- Assessing the security protocols of third-party vendors.
Your Playground / What You'll Learn:At RideCo you'll get a chance to play, learn and build with the following tools and technologies, and as part of a team that is the world's foremost innovator in on-demand transit software.
- Operating Systems: Windows 11, Linux (Debian/Ubuntu), Mac, Android, iOS
- Infrastructure: AWS, Terraform, Redis, PostgreSQL, Celery, RabbitMQ, OpenVPN, Fortinet
- Health/Monitoring: AWS CloudWatch, Prometheus, Grafana, Elasticsearch, Logstash, Kibana, SumoLogic, Nexpose, SentinelOne
- Development Processes: Agile, continuous integration, Jenkins, zero-downtime software updates
Qualifications & Experience:- Education: Bachelor's degree in Cybersecurity, IT or related field
- Experience: 5+ years of related experience
- Certifications: Certified Information Systems Security Professional (CISSP)
- Technical Knowledge: Proficient understanding of network infrastructure, firewalls and compliance frameworks
- Leadership: Experience in coordinating with IT teams
Compensation and Benefits:- Base Salary: $120k - 150k + performance-based bonus + stock options
- Work-Life Balance & Additional Perks: Flex-time work schedules, vacation time, bi-weekly catered lunches, social events, casual dress code
- Benefits Plan: Medical, dental, prescription, life/health spending accounts and more
- Professional Growth: Continuous education, certification maintenance, and attending conferences are important to keeping the role current and relevant
- Work Environment: Located in KW's most desirable work space in the heart of Uptown Waterloo
- Commuter Program: Complimentary rides to and from work in Waterloo Region
Why is this role open? Existing Vacancy
RideCo is committed to a fair and transparent recruitment process. We do not use artificial intelligence (AI) or automated decision-making tools to screen, evaluate, or select candidates. All applications are reviewed and assessed by our hiring team.
