82 System Security jobs in Canada

**The Opportunity:**
WSP is currently seeking a **System Security Specialist** to add to our Rail and Transit team. You will work from a dedicated project site in the Toronto area. The System Security Officer is responsible for providing emergency and security expertise and assurance related to construction projects.
**Why choose WSP?**
+ We value and are committed to upholding a culture of **inclusion** and **belonging**
+ Our **Flexible** Work Policy - we recognize the importance of balance in our lives and encourage you to prioritize the balance in yours. We will support you on and off the job so you can be fully present in both your work and home lives.
+ A **Canadian** success story - we're **proud** to wear the red and white of this beautiful country and show the world what Canada has to offer.
+ **Enhance** the world around you - from the environment to the highways, to the buildings and the terrain, WSP is the fabric of Canada.
+ **Outstanding** career opportunities - we're growing and pushing ourselves every day to be greater than yesterday - we're open to **your** ideas and trying **new** things.
+ A phenomenal **collaborative** culture and a workforce filled with genuinely **good** **people** who are doing humbly important work. Come find out for yourself what it's like to be a part of our journey.
We offer attractive pay, flexible work options, a great corporate culture, comprehensive and employee-focused benefits including virtual healthcare and a wellness platform as well as great savings programs, and a clear vision for the future.
# **WeAreWSP**
**What you can expect to do here:**
+ Development of security programs and specifications for large scale, multi-department, matrix organizations involved in capital projects delivery
+ Advise on security planning and design issues during the planning and design stages of facilities
+ Support System Security Assurance case development throughout the project lifecycle.
+ Reviews Contractor's Project Security Plans, Safe Work Methods and inspecting construction sites
+ Contribute to site readiness documentation including security risk registers, incident tracking processes, and Security Design Criteria compliance reviews
+ Conduct systematic reviews/inspections to assess security needs with an emphasis on loss prevention/control at construction sites
+ Delivery of training presentations and seminars
+ Determines specifications and makes recommendations on security technology and system security program improvement (e.g. CCTV, access control systems, lighting, fencing, barriers, gates, etc.)
+ Oversee the implementation and commissioning of security systems, including:
+ CCTV, Access Control, Fencing, Gates, Lighting, Barriers, Panic Alarms, and Emergency Power
+ Prepares security survey reports for management, including security risks, deficiencies, considerations that need attention and documenting findings and recommending appropriate loss prevention/control initiatives and equipment
+ Support the Testing & Commissioning teams with assessments of physical readiness, procedural controls, and failover capabilities for secure operations
+ Ensures the system security is compliant with the latest legislated requirements, industry standards, and corporate requirements
**What you'll bring to WSP:**
+ Strong interpersonal skills - poses a calm and composed demeanor, especially in high-pressure or unexpected situations
+ 5+ years' experience in the security field, ideally in military police, police force or in large organization(s) with well-established security departments.
+ Certified Protection Professional Certification (CPPC) is Required
+ General knowledge of safety and Fire/Life Safety legislation and principles, techniques and measures is required.
+ Must be able to analyze and interpret conceptual and finished architectural and engineering drawings.
+ Must have a thorough knowledge of Crime Prevention Through Environmental Design principles.
+ Familiarity with ISO Security standards
+ Thorough understanding of Occupational Health and Safety Act and Construction Regulations with emphasis on creating strong safety culture on-site and accident prevention techniques
**Additional qualifications**
+ Familiarity with emergency planning and response.
+ Awareness of:
+ Methodologies associated with Threat, Risk & Vulnerability Assessments (TRVAs)
+ Visitor and contractor clearance requirements
+ Contract and site specific security plans
+ Site security inspections
+ Modern security systems
+ Capability to establish strong relationships with client group and offer practical solutions.
+ The following safety profession accreditations are an asset:
+ Canadian Registered Safety Professional (CRSP)
+ Physical Security Professional (PSP)
+ Knowledge of government legislation and industry standards, including CSA, ULC, Criminal Codes and the Trespass to Property Act (Ontario) or similar in other jurisdictions.
+ Experience with transit construction projects - (e.g. railway, subway, light rail, buses) is considered an asset.
+ Experience with transit agency (e.g. TTC, Metrolinx) is an asset.
+ Effective interpersonal, oral, and written communication skills.
+ Strong organizational, administrative, analytical, and problem-solving abilities.
**Preferred experience**
+ Familiarity with integration of security and emergency protocols into progressive design-build projects
+ Familiarity with Metrolinx Design Standards and Design Manuals is an asset
+ Ability to manage interface with multiple contractors, operators, and agencies
+ Familiarity with industry codes and provincial regulations (CSA, ULC, OHSA, Trespass to Property Act, etc.)
+ Exposure to design review gates, TPA milestone strategies, or commissioning readiness frameworks is an asset
**WSP** est l'une des plus importantes firmes de services professionnels à travers le monde. Notre mission est d'assurer la pérennité de nos villes et nos environnements.
Notre équipe compte plus de 65 000 membres dans le monde. Au Canada uniquement, nous sommes plus de 12 000 personnes impliquées dans tous les domaines; de l'assainissement de l'environnement à la planification urbaine, de l'ingénierie de bâtiments emblématiques à la réalisation de réseaux de transport durables. Nous trouvons de nouvelles façons d'extraire des ressources essentielles et développons des sources d'énergie renouvelables pour l'avenir.
Chez **WSP** :
+ Nous accordons une grande valeur à nos employés et à notre réputation.
+ Nous œuvrons localement, mais avec une envergure internationale.
+ Nous sommes axés sur l'avenir et remettons en question le statu quo.
+ Nous favorisons la collaboration dans tout ce que nous faisons.
+ Nous soutenons une culture d'autonomie et de responsabilisation.
Veuillez noter:
La santé et la sécurité sont des valeurs absolument essentielles pour WSP. Étant donné l'importance de se garder en sécurité, vous devez vous conformer à notre politique de santé, sécurité et environnement (SSE) en tout temps, ainsi qu'aux politiques SSE du client lorsque cela s'applique.
Les offres d'emploi pour des postes impliquant des travaux sur le terrain et assujettis en matière de sécurité sont conditionnelles à ce que les candidats soient en mesure d'effectuer des tâches physiques clés du travail tel que décrit dans l'offre d'emploi et lors de l'entrevue. Cela peut inclure la capacité de travailler dans une variété de conditions environnementales, telles que les régions éloignées ou isolées, travailler seul, et dans des cas de mauvais temps (dans des limites sûres et raisonnables).
L'usage du genre masculin inclut le féminin et n'a été utilisé que pour alléger le texte
WSP accueille et encourage les personnes à mobilité réduite. Les accommodements sont disponibles sur demande pour les candidats qui participent à tous les aspects du processus de sélection.
WSP souscrit au principe de l'équité en matière d'emploi. Seules les candidatures retenues seront contactées.
WSP n'accepte pas les cv spontanés transmis par des agences. Pour obtenir de plus amples renseignements, veuillez lire VEUILLEZ LIRE L'INTÉGRALITÉ DE LA POLITIQUE (

**The Opportunity:**
WSP is currently seeking a **System Security Specialist** to add to our Rail and Transit team. You will work from a dedicated project site in the Toronto area. The System Security Officer is responsible for providing emergency and security expertise and assurance related to construction projects.
**Why choose WSP?**
+ We value and are committed to upholding a culture of **inclusion** and **belonging**
+ Our **Flexible** Work Policy - we recognize the importance of balance in our lives and encourage you to prioritize the balance in yours. We will support you on and off the job so you can be fully present in both your work and home lives.
+ A **Canadian** success story - we're **proud** to wear the red and white of this beautiful country and show the world what Canada has to offer.
+ **Enhance** the world around you - from the environment to the highways, to the buildings and the terrain, WSP is the fabric of Canada.
+ **Outstanding** career opportunities - we're growing and pushing ourselves every day to be greater than yesterday - we're open to **your** ideas and trying **new** things.
+ A phenomenal **collaborative** culture and a workforce filled with genuinely **good** **people** who are doing humbly important work. Come find out for yourself what it's like to be a part of our journey.
We offer attractive pay, flexible work options, a great corporate culture, comprehensive and employee-focused benefits including virtual healthcare and a wellness platform as well as great savings programs, and a clear vision for the future.
# **WeAreWSP**
**What you can expect to do here:**
+ Development of security programs and specifications for large scale, multi-department, matrix organizations involved in capital projects delivery
+ Advise on security planning and design issues during the planning and design stages of facilities
+ Support System Security Assurance case development throughout the project lifecycle.
+ Reviews Contractor's Project Security Plans, Safe Work Methods and inspecting construction sites
+ Contribute to site readiness documentation including security risk registers, incident tracking processes, and Security Design Criteria compliance reviews
+ Conduct systematic reviews/inspections to assess security needs with an emphasis on loss prevention/control at construction sites
+ Delivery of training presentations and seminars
+ Determines specifications and makes recommendations on security technology and system security program improvement (e.g. CCTV, access control systems, lighting, fencing, barriers, gates, etc.)
+ Oversee the implementation and commissioning of security systems, including:
+ CCTV, Access Control, Fencing, Gates, Lighting, Barriers, Panic Alarms, and Emergency Power
+ Prepares security survey reports for management, including security risks, deficiencies, considerations that need attention and documenting findings and recommending appropriate loss prevention/control initiatives and equipment
+ Support the Testing & Commissioning teams with assessments of physical readiness, procedural controls, and failover capabilities for secure operations
+ Ensures the system security is compliant with the latest legislated requirements, industry standards, and corporate requirements
**What you'll bring to WSP:**
+ Strong interpersonal skills - poses a calm and composed demeanor, especially in high-pressure or unexpected situations
+ 5+ years' experience in the security field, ideally in military police, police force or in large organization(s) with well-established security departments.
+ Certified Protection Professional Certification (CPPC) is Required
+ General knowledge of safety and Fire/Life Safety legislation and principles, techniques and measures is required.
+ Must be able to analyze and interpret conceptual and finished architectural and engineering drawings.
+ Must have a thorough knowledge of Crime Prevention Through Environmental Design principles.
+ Familiarity with ISO Security standards
+ Thorough understanding of Occupational Health and Safety Act and Construction Regulations with emphasis on creating strong safety culture on-site and accident prevention techniques
**Additional qualifications**
+ Familiarity with emergency planning and response.
+ Awareness of:
+ Methodologies associated with Threat, Risk & Vulnerability Assessments (TRVAs)
+ Visitor and contractor clearance requirements
+ Contract and site specific security plans
+ Site security inspections
+ Modern security systems
+ Capability to establish strong relationships with client group and offer practical solutions.
+ The following safety profession accreditations are an asset:
+ Canadian Registered Safety Professional (CRSP)
+ Physical Security Professional (PSP)
+ Knowledge of government legislation and industry standards, including CSA, ULC, Criminal Codes and the Trespass to Property Act (Ontario) or similar in other jurisdictions.
+ Experience with transit construction projects - (e.g. railway, subway, light rail, buses) is considered an asset.
+ Experience with transit agency (e.g. TTC, Metrolinx) is an asset.
+ Effective interpersonal, oral, and written communication skills.
+ Strong organizational, administrative, analytical, and problem-solving abilities.
**Preferred experience**
+ Familiarity with integration of security and emergency protocols into progressive design-build projects
+ Familiarity with Metrolinx Design Standards and Design Manuals is an asset
+ Ability to manage interface with multiple contractors, operators, and agencies
+ Familiarity with industry codes and provincial regulations (CSA, ULC, OHSA, Trespass to Property Act, etc.)
+ Exposure to design review gates, TPA milestone strategies, or commissioning readiness frameworks is an asset
**WSP** est l'une des plus importantes firmes de services professionnels à travers le monde. Notre mission est d'assurer la pérennité de nos villes et nos environnements.
Notre équipe compte plus de 65 000 membres dans le monde. Au Canada uniquement, nous sommes plus de 12 000 personnes impliquées dans tous les domaines; de l'assainissement de l'environnement à la planification urbaine, de l'ingénierie de bâtiments emblématiques à la réalisation de réseaux de transport durables. Nous trouvons de nouvelles façons d'extraire des ressources essentielles et développons des sources d'énergie renouvelables pour l'avenir.
Chez **WSP** :
+ Nous accordons une grande valeur à nos employés et à notre réputation.
+ Nous œuvrons localement, mais avec une envergure internationale.
+ Nous sommes axés sur l'avenir et remettons en question le statu quo.
+ Nous favorisons la collaboration dans tout ce que nous faisons.
+ Nous soutenons une culture d'autonomie et de responsabilisation.
Veuillez noter:
La santé et la sécurité sont des valeurs absolument essentielles pour WSP. Étant donné l'importance de se garder en sécurité, vous devez vous conformer à notre politique de santé, sécurité et environnement (SSE) en tout temps, ainsi qu'aux politiques SSE du client lorsque cela s'applique.
Les offres d'emploi pour des postes impliquant des travaux sur le terrain et assujettis en matière de sécurité sont conditionnelles à ce que les candidats soient en mesure d'effectuer des tâches physiques clés du travail tel que décrit dans l'offre d'emploi et lors de l'entrevue. Cela peut inclure la capacité de travailler dans une variété de conditions environnementales, telles que les régions éloignées ou isolées, travailler seul, et dans des cas de mauvais temps (dans des limites sûres et raisonnables).
L'usage du genre masculin inclut le féminin et n'a été utilisé que pour alléger le texte
WSP accueille et encourage les personnes à mobilité réduite. Les accommodements sont disponibles sur demande pour les candidats qui participent à tous les aspects du processus de sélection.
WSP souscrit au principe de l'équité en matière d'emploi. Seules les candidatures retenues seront contactées.
WSP n'accepte pas les cv spontanés transmis par des agences. Pour obtenir de plus amples renseignements, veuillez lire VEUILLEZ LIRE L'INTÉGRALITÉ DE LA POLITIQUE (

Job Description
We are seeking a skilled and proactive Security Engineer to join our growing Information Security team. This role is ideal for someone passionate about securing modern cloud environments and driving DevSecOps practices. You will be responsible for deploying and maintaining security technologies, ensuring solution availability, and aligning configurations with architectural and industry standards.
Responsibilities
 - Deploy and configure new security technologies across cloud and on-premise environments.
 - Manage upgrades, patches, and lifecycle maintenance for security tools and platforms.
 - Ensure high availability and performance of security solutions, including coordination with SaaS vendors.
 - Align security configurations with enterprise architecture and industry standards (e.g., NIST, CIS, ISO 27001).
 - Operationalize security gating and compliance checks within CI/CD pipelines to support DevSecOps.
 - Collaborate with engineering and application teams to enforce security controls across AWS, Azure, and hybrid environments.
 - Conduct security assessments and provide remediation guidance for vulnerabilities and misconfigurations.
 - Maintain documentation for security configurations, operational procedures, and incident response protocols.
Support incident response efforts with technical expertise and forensic analysis.
We are a company committed to creating diverse and inclusive environments where people can bring their full, authentic selves to work every day. We are an equal opportunity/affirmative action employer that believes everyone matters. Qualified candidates will receive consideration for employment regardless of their race, color, ethnicity, religion, sex (including pregnancy), sexual orientation, gender identity and expression, marital status, national origin, ancestry, genetic factors, age, disability, protected veteran status, military or uniformed service member status, or any other status or characteristic protected by applicable laws, regulations, and ordinances. If you need assistance and/or a reasonable accommodation due to a disability during the application or recruiting process, please send a request to learn more about how we collect, keep, and process your private information, please review Insight Global's Workforce Privacy Policy: and Requirements
- 5+ years of experience in security engineering, with a focus on cloud and DevSecOps environments
 - Strong knowledge of cloud platforms (AWS, Azure) and container security (e.g., Kubernetes, Docker)
 - Experience with security tools such as SIEM, EDR, vulnerability scanners, and cloud-native security services.
Familiarity with scripting and automation (e.g., Python, PowerShell, Terraform). Excellent communication and collaboration skills.
- Solution oriented, forward thinking - you will be joining a team that is growing and looking to you for best practices
- The successful candidate will be interested in building their cloud journey and DevsecOps journey from the beginning stages

Job Description

Job Description

Salary: $130,000 - $60,000 CAD

The Role

Were looking for a senior Security Developer (aka Security Engineer) to join our Platform team and help safeguard the integrity of our applications, infrastructure, and data. This role is central to designing and implementing technical solutions that proactively prevent, detect, and respond to security threats. The ideal candidate brings a strong technical foundation, a collaborative mindset, and a passion for making security an enabler of great software. Youll work closely with developers to identify risks, promote best practices, and implement secure solutions. Were looking for someone who believes in building strong, repeatable processesleveraging cloud-native security tools, partnering with external experts, and helping teams build secure systems by design.

Primary responsibilities:

• Lead the evaluation and mitigation of emerging security threats and news
• Proactively identify security weaknesses in our systems and seek improvements
• Promote security best practices
  

Additional responsibilities:

• Recommend effective strategies and provide guidance to developers on secure solutions
• Collaborate with developers to review designs and implementations for potential security issues
• When appropriate, implement solutions aligned with recommended strategies
• Write infrastructure-as-code (Terraform), with a focus on security-related solutions
• Configure and manage cloud security tools, including Datadogs security suite
• Oversee vulnerability scanning and assessment, including Dependabot and Amazon ECR
• Organize and evaluate penetration tests, including managing external assessments
• Lead or actively participate in security exercises and audits
• Support responses to compliance and security questionnaires
• Meet with vendors and partners on security-related matters
• Provide input on internal security guidance related to staff practices and device configuration

What we expect from you:

• 5+ years of professional experience in a security engineering, DevSecOps, or infrastructure security role
• Bachelors degree in Software Engineering, Computer Science or related field, or equivalent practical experience
• Proficiency in at least one programming language
• Experience in utilizing a variety of tools for vulnerability and penetration testing
• Experience writing clear, actionable security reports tailored for engineering, leadership and compliance teams
• Hands-on experience with secure software development lifecycle practices, including threat modeling, static/dynamic code analysis, and security-focused code reviews
• Demonstrated ability to build relationships across engineering teams, encouraging secure development practices through education, support, and partnership

Additional experience that would be beneficial:

• Experience provisioning and configuring AWS infrastructure using Terraform
• Experience integrating security checks into CI/CD pipelines using GitHub Actions
• Experience leading tabletop exercises to simulate incident response scenarios
• Experience working in regulated industries, such as finance or healthcare
• Familiarity with compliance frameworks such as SOC 2

About Lendesk

Were a financial technology company on a mission to make the mortgage experience easy, accessible, and transparent. Our flagship product is an advanced digital mortgage origination platform that connects borrowers, brokers, and lenders. Were a fast-growing team of 50+ employees, composed of innovative and engaged individuals working collaboratively to deliver a unique digital home buying experience.

What We Offer

In addition to the exciting work, great people and a fun and supportive culture, we offer an extensive benefits and perks package:

• Competitive salaries
• Comprehensive benefit plan including dental, medical and vision
• Remote first, work from where you are in Canada
• Budget to improve your home office set-up
• Flexible work hours
• The latest in hardware and software tools
• Budget for continuous development and training
• Stock purchase program in our parent company (NYSE:RKT)

You must be a current Canadian resident to be considered for this role. A candidate selected for this position must pass a criminal background check.

Lendesk is committed to offering competitive salaries to all our team members. This role has a salary range of 130,000 - 160,000 CAD which accounts for the skills youll bring to the team, the impact youll have on the business, and the growth youll experience in the role. Throughout your time at Lendesk well continue to have conversations about your career development and youll have the opportunity to build an amazing career with us.

Job Description

Job Description

Responsibilities:

• Conduct thorough investigations and offer guidance on the most current security-related risks, threats, and vulnerabilities. This will involve managing security incidents, overseeing external security reviews, and performing penetration tests to ensure the robustness of our infrastructure's security posture.
• Collaborate on the development of Information Security policies, standards, and baselines. Your input will contribute to assessing compliance efforts.
• Monitor, evaluate, and execute network penetration tests, vulnerability assessment scans, and risk evaluation reviews.
• Define and present key security metrics to influence trends in remediation strategies.
• Communicate findings and provide recommendations to stakeholders during remediation processes as necessary.
• Work closely with IT Operations, architecture, and project teams to design and implement security controls based on policies, standards, and industry best practices.
• Coordinate vulnerability assessments, review assessment results, guide patching, and lead or offer advice on remediation activities related to various IT infrastructure technologies such as BU OS, Middleware, Unix/Linux Servers, Storage, Databases, Appliances, Web Applications, Network Devices, malware tools, IDS/IPS, encryption, etc.
• Contribute to consistent governance reporting by providing results and metrics. You will also collaborate on and organize remediation plans and efforts.
• Engage in research to develop testing tools, techniques, and process enhancements.
• Effectively explain, demonstrate, and document the operational implications of specific security vulnerabilities or loopholes.
• Analyze vulnerability findings and suggest corrective actions and security strengthening measures.
• Manage and configure NGFW, WAF, and NSG.
• Implement Data Loss Prevention (DLP) solutions to enhance data security.
• Provide mentorship, guidance, and knowledge-sharing within the team.
• As needed, offer recommendations, explanations, and guidance on your area of expertise to other teams in the organization.
• Comprehend the Scope of Work for each engagement.
• Proactively recognize security risks and define security requirements and controls to mitigate these risks.
• Carry out your duties in a secure, organized, and professional manner.

Requirements:

• You hold a Bachelor's Degree in Science, Engineering, or an equivalent field.
• You possess certifications such as CISSP, GSEC, or other relevant credentials.
• You have over 5 years of progressive experience in IT security.
• Your track record demonstrates expertise in formulating, maintaining, and enforcing security best practices.
• You are proficient in industry-recognized tools, encompassing Middleware, Servers (Linux/Windows), Storage, Databases, Appliances, Web Applications, Network Security Devices, as well as technologies like Cisco ACI, Nutanix, Azure Cloud Platform, CyberArk, Intune, Microsoft Endpoint Management, SDWAN, Palo Alto, Fortinet, Cisco ASA, and Juniper firewalls.
• Your extensive knowledge covers the current cybersecurity landscape, with a focus on networks and server/system management. You possess a strong background in Cloud Security (Azure, OCI, Nutanix) and a deep understanding of Zero Trust and SASE security models.
• You possess a strong grasp of Authentication, End Point Security, Internet Policy Enforcement, Web Content Filtering, Public Key Infrastructure (PKI), Data Loss Prevention (DLP), Identity and Access Management (IAM) solutions, VMs, as well as common networking services and protocols (TCP/IP, SSH, FTP, DNS, DHCP, SMTP, SSL, etc.).
• Your familiarity extends to Information Security best practices, policies, standards, and baselines, including industry guidelines from ISO 27001/27002, NIST, CIS, and OWASP.
• You have notable experience in database security.
• System hardening for Networking Devices, Windows, and Linux is within your realm of expertise.
• You're a resourceful problem solver who thrives in collaborative settings.
• You exhibit the ability to systematically analyze intricate technical issues, identify solutions, and effectively communicate them to non-technical audiences.
• Your communication skills, both written and verbal, are strong, enabling you to generate concise reports, summaries, and formal presentations.
• You can adeptly explain, demonstrate (when applicable), and document the operational consequences of specific security vulnerabilities or loopholes.
• You're self-motivated and capable of working independently.
• You're a dedicated team player.

**We are Generac, a leading energy technology company committed to powering a smarter world.**
Over the 60 plus years of Generac's history, we've been dedicated to energy innovation. From creating the home standby generator market category, to our current evolution into an energy technology solutions company, we continue to push new boundaries.
The ISMS Lead coordinates and maintains the daily operations of the Information Security Management System (ISMS) Program, ensuring compliance with ISO27001 and alignment with Generac's broader cybersecurity and compliance frameworks. The ISMS lead is the central point of contact for cross-functional control owners, capability teams, and audit stakeholders-supporting evidence collection, risk and control tracking, and the orchestration of ISMS-related deliverables across both internal ISMS assessments and external ISO27001 audits.
The ISMS Lead drives operational excellence through governance coordination, audit readiness, and performance monitoring. This includes facilitating working groups, tracking the Statement of Applicability (SoA), risk register updates, and corrective action plans. The role supports both corporate and subsidiary teams in implementing and sustaining ISMS requirements, helping to foster a culture of compliance and continuous improvement across the organization.
**Major Responsibilities**
+ Coordinates the day-to-day operations of the Information Security Management System (ISMS), ensuring alignment with ISO27001 and Generac's unified governance and compliance frameworks
+ Maintains the GRC platform, supporting timely delivery of compliance activities across policy owners, control implementers, and evidence contributors
+ Facilitates internal ISMS assessments, committee meetings, and working group sessions by preparing agendas, tracking action items, and reporting compliance progress
+ Supports capability teams, subsidiaries, and control owners by clarifying implementation expectations, audit documentation needs, and evidence quality standards
+ Tracks and manages the lifecycle of risks, controls, and corrective actions, including updates to the risk register and the Statement of Applicability (SoA)
+ Coordinate ISMS readiness efforts in preparation for external ISO27001 audits or other applicable certification assessments
+ Develops and refines ISMS-related documentation, including procedures, guidelines, control narratives, and support materials
+ Maintains dashboards and performance metrics related to audit readiness, non-conformity closure, and risk treatment activities
+ Identifies bottlenecks, overdue tasks, and control misalignments, escalating as needed to the IT GRC Capability Manager or Director of InfoSec
+ Ensures consistent version control, evidence traceability, and document quality across all submissions in support of audits or assessments
+ Collaborates with Capability Teams and subsidiaries to ensure control implementation aligns with policy and framework expectations
+ Monitors developments in ISO27001:2022, privacy regulations, and industry best practices to continuously improve the ISMS model and processes
+ Supports onboarding and enablement of new ISMS participants, including training on stakeholder roles, tool usage, and evidence responsibilities
+ Coordinates internal evidence gathering for ISMS assessments and external audits, including document requests, stakeholder interviews, and audit walkthrough preparation
**Minimum Job Requirements**
**Education**
+ Bachelor's Degree with Information Technology focus, or equivalent experience
**Work Experience**
+ 5 years experience in Information Security Management Systems or Cyber Security.
+ Proven experience supporting or coordinating ISO27001 compliance or certification efforts.
+ Experience working within a multi-framework compliance program (e.g., ISO27001, NIST, SOC 2, PCI, GDPR).
+ Understanding of risk assessment methodologies, control mapping, and evidence management practices.
+ Experience with GRC platforms, able to apply prior learnings to new GRC tools.
+ Experience with cross functional coordination, providing guidance to teams across IT and business functions
**Knowledge / Skills / Abilities**
+ Familiarity with cloud service models and control responsibilities in SaaS/PaaS/IaaS environments
+ Strong coordination, documentation, and communication skills for multi-stakeholder collaboration
+ Familiarity with unified control framework initiatives or crosswalks across security and privacy standards
+ Understanding of how compliance maps to internal business processes and capability team structures
+ Ability to coordinate evidence requests, policy updates, and SoA changes in a dynamic environment
+ Experience maintaining compliance metrics, dashboards, or remediation tracking reports
+ Knowledge of key control areas such as access control, data protection, vulnerability management, and incident response
**Preferred Job Requirements**
**Certification / License**
+ Certifications preferred: ISO27001 Lead Implementer or Auditor, CISA, CISSP, CISM, or SCF Certified Practitioner
**Great Reasons to work for Generac**
+ Competitive Benefits: Health, Dental, Vision, 401k and many more
+ Pride! When a storm strikes, Generac employees always rise to the occasion. Each time a storm hits, many employees volunteer their time with the customer support team or on the production line, while others go right into storm-affected areas to repair generators
+ Make a positive impact. Generac has always been community-minded and dedicated to giving back. The company proudly offers a Volunteer Time Off program, inviting team members to participate in charitable volunteer opportunities on company time.
+ We're an inclusive company that celebrates differences and keeps equity and respect at the forefront.
**Compensation:** Generac is committed to fair and equitable compensation practices. The salary range for this role when based in Colorado or California is $120,000 to $150,000. This compensation will ultimately be in line with the location in which the position is filled. Final compensation for this role will be determined by various factors such as a candidate's relevant work experience, skills, certifications, and geographic location.
**Physical Demands** : While performing the duties of this job, the employee is regularly required to talk and hear; and use hands to manipulate objects or controls. The employee is regularly required to stand and walk. On occasion the incumbent may be required to stoop, bend or reach above the shoulders. The employee must occasionally lift up to 25 - 50 pounds. Specific conditions of this job are typical of frequent and continuous computer-based work requiring periods of sitting, close vision and ability to adjust focus. Occasional travel.
_"We are an equal opportunity employer and all qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, national origin, disability status, protected veteran status, or any other characteristic protected by law."_
Over the 60 plus years of Generac's history, we've been dedicated to energy innovation. From creating the home standby generator market category, to our current evolution into an energy technology solutions company, we continue to push new boundaries.
As one of the leaders and largest suppliers of power generation equipment and technology, the work we do touches millions of lives. Employees at Generac are encouraged to be innovative and are valued as an integral part of our global team. Our challenging goals develop knowledgeable employees dedicated to helping continue Generac's success. Generac provides individuals the opportunity to work in a fast-paced agile work environment where their work makes a difference in people's lives and their own.

**About GitHub**
As the global home for all developers, GitHub is the complete AI-powered developer platform to build, scale, and deliver secure software. Over 150+ million developers, including more than 90% of the Fortune 100 companies, use GitHub to collaborate and experiment across 420+ million repositories. With all the collaborative features of GitHub, it has never been easier for individuals and teams to write faster, better code.
**Locations**
In this role you can work from Remote, Canada | Remote, Ontario Canada| Remote, British Columbia Canada | Remote, Alberta Canada
**Overview**
GitHub is changing the way the world builds software and we want you to help secure GitHub. We're looking for a Sr. Security Engineer to help accelerate that journey as we innovate and modernize core security processes.
A global, remote-first team, Secure Access Engineering - Perimeter & Secrets enables and supports secrets management, secrets governance, and access to internal infrastructure across GitHub. In this position, you will be responsible for modernizing, maintaining, and operating the security infrastructure and processes while identifying areas for improvement internally and through partnerships with our Security and Engineering teams.
**Responsibilities**
+ Leads discussions for the technical solutions of products/features within Secure Access Engineering's area of responsibility and creates proposals for architecture by testing design hypotheses and helping to refine code plans.
+ Collaborates with other cross-organizational teams in the development of wide-spanning technical solutions.
+ Independently creates a clear and articulated plan for testing and assuring quality of solutions, and defines success metrics for quality.
+ Leads by example within the team by producing extensible and maintainable code that is integrated with downstream dependencies.
+ Mentors others in the immediate team to troubleshoot code and build product/service/feature expertise.
+ Maintains operations of live service as issues arise on a rotational, on-call basis.
+ Acts as a First Responder for their area of ownership and guides other engineers by developing and following playbooks, working on call to monitor system/product/service for degradation, downtime, or interruptions.
+ Drives efforts to collect, classify, and analyze data on a range of metrics which drives the refinement of products through data analytics, and makes informed decisions in engineering products through data integration.
+ Leads the development of automation within production and deployment of complex product features.
+ Improves development quality, development velocity, and team performance through modeling contributions to improvement of developer tooling. Builds, enhances, reuses, contributes to, and identifies new software developer tools to support other programs and applications to create, debug, and maintain code for products.
**Qualifications**
**Required/Minimum Qualifications**
+ 6+ years experience in Software Engineering, Computer Science, or related technical discipline with proven experience maintaining and delivering production software coding in languages including, but not limited to, C, C++, C#, Java, JavaScript, Go, Ruby, Rust, or Python
+ OR Associate's Degree in Computer Science, Electrical Engineering, Electronics Engineering, Math, Physics, Computer Engineering, Computer Science, or related field AND 5+ years experience in Software Engineering, Computer Science, or related technical discipline with proven experience maintaining and delivering production software coding in languages including, but not limited to, C, C++, C#, Java, JavaScript, Go, Ruby, Rust, or Python
+ OR Bachelor's Degree in Computer Science, Electrical Engineering, Electronics Engineering, Math, Physics, Computer Engineering, Computer Science, or related field AND 4+ years experience in Software Engineering, Computer Science, or related technical discipline with proven experience maintaining and delivering production software coding in languages including, but not limited to, C, C++, C#, Java, JavaScript, Go, Ruby, Rust, or Python
+ OR Master's Degree in Computer Science, Electrical Engineering, Electronics Engineering, Math, Physics, Computer Engineering, Computer Science, or related field AND 2+ years experience in Software Engineering, Computer Science, or related technical discipline with proven experience maintaining and delivering production software coding in languages including, but not limited to, C, C++, C#, Java, JavaScript, Go, Ruby, Rust, or Python
+ OR Doctorate in Computer Science, Electrical Engineering, Electronics Engineering, Math, Physics, Computer Engineering, Computer Science, or related field
+ OR equivalent experience.
**Preferred Qualifications**
+ Experience building highly available and secure systems at scale.
+ Experience with Kubernetes and Docker.
+ Experience with configuration/orchestration management software such as Puppet, Chef, or Ansible.
+ Experience with secrets management tools, such as HashiCorp Vault.
+ Experience with infrastructure services such as LDAP, SSH, VPN, HTTP proxies.
+ Experience with service mesh implementations, such as Tailscale.
+ Experience with Amazon Web Services, Microsoft Azure, or a similar cloud provider.
**GitHub values**
+ Customer-obsessed
+ Ship to learn
+ Growth mindset
+ Own the outcome
+ Better together
+ Diverse and inclusive
**Manager fundamentals**
+ Model
+ Coach
+ Care
**Leadership principles**
+ Create clarity
+ Generate energy
+ Deliver success
**Who We Are**
GitHub is the world's leading AI-powered developer platform with 150 million developers and counting. We're also home to the biggest open-source community on earth (and 99% of the world's software has open-source code in its DNA). Many of the apps and programs you use every day are built on GitHub.
Our teams are dreamers, doers, and pioneers, leading the way in AI, driving humanitarian efforts around the globe, and even sending open source to Mars (and beyond!).
At GitHub, our goal is to create the space you need to do your best work. We're remote-first and offer competitive pay, generous learning and growth opportunities, and excellent benefits to support you, wherever you are-because we know that people flourish when they can work on their own terms.
Join us, and let's change the world, together.
**Equal Employment Opportunity**
GitHub is made up of people from a wide variety of backgrounds and lifestyles. We embrace diversity and invite applications from people of all walks of life. We don't discriminate against employees or applicants based on gender identity or expression, sexual orientation, race, religion, age, national origin, citizenship, disability, pregnancy status, veteran status, or any other differences. Also, if you have a disability, please let us know if there's any way we can make the interview process better for you; we're happy to accommodate!