Security and Compliance Lead

Emterra Group

$90K — $120K *
Information Technology
5 - 7 years of experience
Job Overview by Ladders

Qualifications

  • 5+ years in information security or cybersecurity roles
  • 3+ years of hands-on experience with Microsoft Azure and Microsoft 365 security tools
  • Deep expertise with Microsoft security products like Sentinel and Entra ID
  • Working knowledge of Azure networking and cloud governance
  • Experience with compliance frameworks like SOC 2 or ISO 27001
  • Strong understanding of identity and access management principles
  • Excellent communication skills with the ability to present risk to non-technical audiences

Responsibilities

  • Design and maintain security architecture across cloud and on-premises infrastructure
  • Manage SIEM, Endpoint, Identity, and Cloud App security
  • Lead vulnerability management and incident response activities
  • Configure Conditional Access and Zero Trust network access
  • Oversee Azure Security Center recommendations
  • Develop and maintain information security policies and procedures
  • Conduct risk assessments and manage the organizational risk register

Benefits

  • Hybrid work flexibility
  • Collaborative and mission-driven team environment
  • Opportunity to shape a modern security program
  • Comprehensive health benefits
  • Tuition reimbursement and professional development support
  • Employee Assistance Program paid by the company
  • Impact on environmental solutions as part of a green organization
Full Job Description
Job Summary

Emterra Group is seeking a Security and Compliance Lead to own and advance our cybersecurity posture and regulatory compliance program across our Microsoft 365 and Azure cloud environments. This is a hands-on leadership role responsible for designing, implementing, and maintaining security controls while ensuring alignment with applicable frameworks and standards.

Position Description

Security Operations & Architecture
  • Design and maintain security architecture across Microsoft Azure, Microsoft 365, and on-premises infrastructure
  • Manage and optimize (Endpoint, Identity, Cloud Apps, Office 365), SIEM, and Entra ID (Azure AD)
  • Lead vulnerability management, threat detection, and incident response activities
  • Configure and maintain Conditional Access policies, Zero Trust network access, and Privileged Identity Management (PIM)
  • Oversee Azure Security Center / Defender for Cloud recommendations and remediation


Compliance & Governance
  • Develop and maintain the organization's information security policies, standards, and procedures
  • Lead compliance efforts across applicable frameworks (NIST, PIPEDA, or industry-specific regulations)
  • Manage Microsoft Purview for data classification, DLP policies, information protection labels, and eDiscovery
  • Conduct and coordinate internal audits, risk assessments, and third-party security reviews
  • Maintain compliance posture within the Microsoft 365 Compliance Center and Secure Score benchmarks


Identity & Access Management
  • Administer and mature Entra ID (Azure AD) including RBAC, MFA, SSO, and lifecycle management
  • Manage privileged access through PIM and Just-in-Time (JIT) provisioning
  • Oversee identity governance and access reviews


Risk Management
  • Conduct regular risk assessments and maintain the organizational risk register
  • Develop and test the Business Continuity Plan (BCP) and Disaster Recovery (DR) procedures
  • Evaluate and manage vendor and third-party security risk


Training & Awareness
  • Design and deliver security awareness training programs across the organization
  • Act as internal subject matter expert and advisor on security matters for all departments
  • Report security metrics and compliance status to IT leadership and stakeholders


Skills & Qualifications

Required Qualifications
  • 5+ years of progressive experience in information security or cybersecurity roles
  • 3+ years of hands-on experience with Microsoft Azure and Microsoft 365 security tooling
  • Deep expertise with Microsoft security products: Sentinel, Purview, Entra ID,
  • Working knowledge of Azure networking, Azure Policy, and cloud governance frameworks
  • Experience with at least one compliance framework (SOC 2, ISO 27001, NIST CSF, CIS Controls)
  • Strong understanding of identity and access management principles
  • Excellent written and verbal communication skills; ability to present risk clearly to non-technical stakeholders


Preferred Qualifications
  • Relevant certifications: MS-500 (Microsoft Security Administrator), SC-200 (Microsoft Security Operations Analyst), SC-300 (Identity and Access Administrator), AZ-500 (Azure Security Engineer), CISSP, CISM, or CompTIA Security+
  • Experience in a regulated or multi-site operations environment
  • Familiarity with PIPEDA and Canadian privacy legislation
  • Experience with Microsoft Copilot for Security


What We Offer
  • Competitive salary and benefits package
  • Hybrid work flexibility
  • Collaborative and mission-driven team environment
  • Opportunity to shape and build a modern security program from the ground up


Reasons to Apply, Stay and Grow with Emterra Group
  • Opportunity to be part of one of Canada's Greenest Employers!
  • Competitive wages!
  • Comprehensive health benefits (health, dental, and more depending on what you choose)!
  • Employee Assistance Program, paid for by the company!
  • Tuition reimbursement program and professional development support!
  • Be part of an entrepreneurial organization that wants to continue to learn and grow!
  • Ability to have an impact and make change!


Are you ready to jumpstart your career by joining one of Canada's Greenest Employers and become part of the environmental solution? If so, apply now! We appreciate all applicants who apply however only those who are qualified, will be contacted.

Similar Jobs

More Jobs at Emterra Group

More Information Technology Jobs

Find similar Security and Compliance Lead jobs: