The Internal Security Lead works closely with Cybera's Security team to define, implement, and maintain our internal security program. In this role, you will take direct responsibility for governance, risk management, compliance, identity and access management, internal incident response, security standards, and security awareness initiatives.

Reporting to the Director of Cybersecurity Operations, you will serve as Cybera's primary internal security subject matter expert. You will work collaboratively across all departments to ensure our security controls align with business objectives, operational requirements, and organizational risk tolerance. Ultimately, you will play a key role in strengthening Cybera's security posture, ensuring the organization actively demonstrates credible and effective security practices to its members, partners, and stakeholders.

What You'll Do

Governance, Risk & Compliance

• Develop and maintain security policies, standards, procedures, and control frameworks.
• Establish and maintain Cybera's organizational risk register and associated risk treatment plans.
• Develop, present, and maintain risk dashboards, metrics, heatmaps, and executive posture reporting to support informed decision-making.
• Align internal security practices with recognized frameworks such as NIST Cybersecurity Framework (CSF), CIS Controls, and ISO 27001.
• Coordinate and support audits, assessments, due diligence reviews, Privacy Impact Assessments (PIAs), HECVATs, and other security assurance activities.
• Coordinate periodic security control validation and testing activities to ensure controls remain effective.
• Conduct vendor and third-party security assessments and reviews.
• Chair or coordinate Cybera's internal security governance activities, including periodic risk reviews.
• Serve as a trusted advisor to leadership and operational teams, balancing security requirements with business and operational objectives.

Internal Security Operations

• Lead internal security incident response activities and coordinate cross-functional response efforts.
• Develop and maintain incident response procedures, playbooks, and escalation processes.
• Lead tabletop exercises, incident simulations, and post-incident reviews to improve organizational preparedness.
• Maintain visibility into Cybera's internal and cloud-based assets and oversee attack surface management practices.
• Coordinate vulnerability management activities and remediation tracking.
• Establish vulnerability remediation priorities, monitor patch compliance, and manage exception processes.
• Work closely with the rSOC to ensure appropriate visibility, monitoring, and detection coverage across Cybera's internal environment.

Identity & Access Management

• Define and maintain joiner, mover, and leaver processes.
• Establish and enforce access control standards based on least privilege and role-based access principles.
• Oversee privileged access management practices.
• Ensure strong authentication controls, including multi-factor authentication (MFA) and conditional access, are implemented and maintained.
• Conduct periodic access reviews and privilege audits.

Security Architecture & Standards

• Define baseline security standards for endpoints, cloud environments, infrastructure, and core business systems.
• Review projects, architectures, and technology implementations to ensure alignment with security requirements.
• Partner with the Technical Operations team to implement and maintain security controls.
• Define logging, monitoring, and telemetry requirements for internal systems.
• Provide security guidance and recommendations for new technologies, services, and business initiatives.

Security Awareness & Culture

• Communicate security risks, priorities, and recommendations to leadership in a clear and actionable manner.
• Develop and maintain an organizational security awareness and education program.
• Provide guidance and training to staff on security best practices and emerging risks.
• Promote a culture of security awareness and shared responsibility across the organization.

What You Bring

• Post-secondary education with training in cybersecurity, information security, computer science, information technology, or a related field.
• Minimum five (5) years of experience in cybersecurity, including experience in governance, risk management, compliance, incident response, security operations, or security architecture.
• Strong knowledge of IT governance, risk management, and controls testing.
• Hands-on experience coordinating or leading incident responses.
• Critical thinking and problem solving skills.
• Excellent documentation, communication, and organization skills.
• Ability to prepare and present reports and dashboards for diverse audiences.
• Familiarity with Mac computers, G Suite (Docs, Sheets, Slides, etc.) is an asset.
• Experience facilitating tabletop exercises, risk workshops, or security assessments is considered an asset.
• Experience working in a non-profit or not-for-profit environment is an asset.

Certifications (Preferred)

• CISSP, CISM, CRISC, Security+, GSEC, or equivalent are considered an asset.

Compensation and Location:

This position is based in our Calgary office. Salary will be commensurate with experience. No relocation costs will be awarded.

Benefits of working at Cybera:

This is your opportunity to work for a flexible, tech-forward not-for-profit that is helping Canada become a more equitable place to work, learn, and play! We offer:

• A hybrid working environment, with flexible hours.
• Highly supportive and inclusive work culture.
• 35 hour work weeks, except in July and August where we work 32 hour work weeks and have every Friday off.

Benefits:

• Health & Vision benefits from day 1
• Long & Short term disability benefits from day 1
• Flexible Health Spending Account (after successful probation)
• Annual professional development funds
• Regular Lunch & Learns covering department updates to EDI topics
• RRSP program (after successful probation)
• Healthy snacks in the office - and sometimes unhealthy snacks
• 10 days per year to use for sick time or mental health breaks
• The opportunity to invest in yourself and your career

How to Apply:

This posting will remain open until a suitable candidate is found. Your application should include a resume and a short response (in your own words) to three application questions listed below. Your answers should demonstrate how your skillset matches the position requirements (of course we don't expect you to have them all!) While we appreciate all applications, only candidates selected for an interview will be contacted. No phone calls or recruiter assistance at this time, please.

Number of hires for this role: 1