Home » Senior Information Security Officer
Today

Senior Information Security Officer

SOCAN – Society of Composers, Authors and Music Publishers of Canada
Flag ca Toronto, ON

You must sign in to apply for this position. Sign In

Job Description

We’re Hiring!

Senior Information Security Officer

Toronto, ON

www.socan.com

POSITION TYPE: Permanent Full-Time

HIRING RANGE: $101,360 to $121,360

REASON FOR HIRING: New Role

WORK MODEL: Remote

LANGUAGE: English, French is an asset

WHO WE ARE

SOCAN is a not-for-profit copyright collective dedicated to ensuring music creators and publishers receive what they have rightfully earned for the use of their work. SOCAN supports and represents nearly 200,000 songwriters, composers, and music publishers. Through licensing, global royalty collection and advocacy, we help creators to keep making the music that entertains, moves, and inspires us.

OUR COMMITMENT TO DIVERSITY, EQUITY, INCLUSION, AND ANTI-RACISM

SOCAN thrives with a variety of viewpoints, identities, and backgrounds, and we are committed to anti-racism. Everyone is welcome to apply for our wide range of roles, regardless of gender identity, gender expression, ethnicity, race, age, culture, sexual orientation, religious belief, or physical ability. Learn more about SOCAN’s commitment to Inclusion & Anti-Racism.

WHY WORK WITH US?

  • Make a difference by supporting and collaborating with a vibrant and creative community
  • Enjoy many options for workplace flexibility and work-life balance
  • Get involved in the rapidly changing creative space
  • Advocate for and empower the creative community
  • Together, we’ll help music creators earn more income and make a living

WHAT WE OFFER

  • 35-hour workweek schedule (possible flexible work options i.e., 4-day work week (position based)
  • Twelve paid sick days annually (including five personal days)
  • Access to SOCAN fitness facility
  • Annual Performance Incentive bonus (dependent on a personal and company performance)
  • Defined contribution Pension Plan
  • Comprehensive, health and dental benefits program
  • Inclusive and collaborative working environment

ABOUT THE ROLE

The Senior Information Security Officer (SISO) helps protect the organization’s people, data, and technology by building and operating a pragmatic security program across governance, risk management, and security operations. Working on a small team with wide-ranging responsibilities, the ISO partners closely with IT and business stakeholders to reduce risk through policy and standards, security monitoring and detection engineering, threat hunting, incident handling, and continuous improvement of security controls, automation, and resilience across a hybrid environment consisting of Microsoft Azure and on-prem infrastructure hosted on VMware ESX/NSX.

WHAT YOU’LL DO / KEY RESPONSIBILITIES

  • Security Governance: develop, maintain, and socialize security policies, standards, procedures, and security architecture guardrails aligned to business objectives
  • Risk Management: lead and/or support security risk assessments, control reviews, threat modeling, risk treatment plans, and executive-ready reporting
  • Security Operations: design and continuously improve security monitoring, alerting, and response processes across Microsoft Azure cloud and on-prem infrastructure (VMware ESX/NSX), as well as endpoint, identity, network, and SaaS environments
  • Detection Engineering: build and tune SIEM detections and analytics (queries, correlation rules, use cases), reduce false positives, and measure detection coverage (e.g., mapped to MITRE ATT&CK)
  • Threat Hunting: conduct proactive hunts using logs/telemetry, develop hypotheses, document findings, and translate learnings into new detections and control improvements
  • Incident Handling: triage and investigate security alerts; lead incident response from containment through eradication and recovery; run post-incident reviews and drive corrective actions
  • SIEM & Automation: operate and optimize SIEM/SOAR integrations, log onboarding, parsing/normalization, playbooks, and automations to improve MTTR and analyst efficiency
  • Vulnerability Management: manage scanning and remediation workflows, prioritize findings based on risk, track SLAs, and validate fixes
  • Security Assessments & Testing: perform technical security assessments, configuration reviews, and support or execute penetration testing; coordinate remediation with owners
  • Application Security: partner with developers or vendors on secure SDLC practices and standards (OWASP ASVS and OWASP Top 10), including code review support, dependency scanning, secrets management, CI/CD security, and developer enablement
  • Third-Party & SaaS Security: assess vendors and integrations, review security controls, and monitor ongoing risk
  • Security Awareness: contribute to security training, guidance, and internal communications to strengthen the security culture
  • Documentation & Metrics: maintain runbooks and playbooks; define KPIs/KRIs (e.g., coverage, response times, patch SLAs) and report progress

WHAT YOU WILL BRING / QUALIFICATIONS & EXPERIENCE

  • Bachelor’s degree in Computer Science, Information Security, or related field (or equivalent practical experience)
  • 5+ years of progressive experience across multiple information security domains (governance/risk and hands-on security operations)
  • Hands-on experience with SIEM platforms (Microsoft Sentinel) including log onboarding, detection development, tuning, and dashboarding
  • Demonstrated detection engineering and investigation skills: KQL proficiency, alert triage, and evidence-based incident response
  • Experience performing threat hunting and translating hunts into detection use cases and playbooks
  • Incident response experience including scoping, containment, eradication, recovery, and post-incident retrospectives
  • Strong understanding of core security controls across identity (SSO/MFA), endpoint security, networking, logging/telemetry, and hybrid security concepts spanning Microsoft Azure and on-prem infrastructure (VMware ESX/NSX) (e.g., Entra ID/Azure AD, Azure networking, key management, cloud posture management, and segmentation/micro-segmentation)
  • Vulnerability management experience: scanning (infrastructure and apps), prioritization, remediation tracking, and verification
  • Experience with security assessments and/or penetration testing methodologies and reporting
  • Application security experience: secure SDLC, OWASP Top 10, API security, dependency and secrets scanning, and partnering with developers
  • Automation/scripting ability (e.g., Python, PowerShell, Bash) and experience integrating security tools via APIs/webhooks; SOAR/playbook experience preferred
  • Knowledge of security frameworks and standards (e.g., NIST CSF/800-53, ISO 27001, CIS Controls) and practical risk management
  • Relevant certifications are an asset (e.g., CISSP, CISM, GIAC, GCIH, GCIA, GCED, OSCP, AZ-500, SC-200/SC-100)
  • Excellent written and verbal communication skills; able to explain risk and technical findings to both technical and non-technical audiences.

ACCESSIBILITY & ACCOMMODATION

SOCAN is committed to providing an inclusive workplace environment that meets the accessibility needs of employees with disabilities. Should you require accommodations please contact us directly at [email protected] and we will make the necessary accommodations. Applications submitted to this email address will not be accepted.

EQUAL EMPLOYMENT OPPORTUNITY

SOCAN is an Equal Opportunity Employer. Hiring and other employment decisions at SOCAN are made without regard to race, colour, religion, sex, ancestry, national origin, ethnic origin, age, disability, citizenship, veteran status, sexual orientation, record of offences, marital status, family status, or any other characteristic protected by federal, provincial, or local law, regulation, or ordinance.

If you don’t see yourself fully reflected in every job requirement listed on the posting above, we still encourage you to reach out and apply. Research has shown underrepresented groups often only apply when they feel 100% qualified. We are committed to creating a more equitable, inclusive, and diverse company and we strongly encourage applicants of all genders, ages, ethnicities, cultures, abilities, sexual orientations, and life experiences to apply

HOW TO APPLY

If you’re interested in joining us, we’d love to hear from you: http://www.socan.com/careers/

Thank you for your interest in our company; we will be in touch with those candidates we wish to interview.

To learn more about SOCAN, go to www.socan.com. You can also follow us on LinkedIn, Twitter, Instagram, and Facebook (@SOCANmusic/@SOCANmusique).

You must sign in to apply for this position. Sign In

Recent Job Listings

Security Guard – Government Sites
Securitas – Toronto
Flag ca Toronto, ON
Today
View Job
Uniformed Asset Protection Personnel
Loblaw Companies Limited
Flag ca Toronto, ON
Today
View Job
Experienced Undercover Loss Prevention Investigator (Central GTA Region)
Loss Prevention Services Limited – Toronto
Flag ca Toronto, ON
Today
View Job
Retail Security Guard
Loss Prevention Services Limited – Toronto
Flag ca Toronto, ON
Today
View Job
OVERNIGHT Concierge / Security- Toronto (MUST HAVE CONDO CONCIERGE EXP)
Magnum Protective Services
Flag ca Toronto, ON
Today
View Job
Is this Your Job Listing? Unlock the Benefits of Claiming Your Profile.

Enhance your company's online presence and reach top-notch security guard candidates by claiming your job listings.

Claim Your Profile

Upgrade Your Security Resume

No more guessing what to put on your resume. With SGO’s resume builder, simply input your information. Our tool makes job applications seamless.

Build your Resume Sign Up