Canso Investment Counsel Ltd. Careers
Cloud Security & Risk Engineer
Description
About Canso Investment Counsel: Canso Investment Counsel Ltd. is a leading independent investment management firm providing portfolio management services to Canadian institutional clients. Founded in 1997, Canso is dedicated to delivering superior long-term investment results through a disciplined and research-driven approach. Our team of experienced investment professionals is committed to maintaining the highest standards of compliance and ethical conduct in all aspects of our operations. We have a happy, family-friendly, and flexible work environment. We value honesty and integrity, and our clients come first.
Position Summary:
We are seeking a Cloud Security & Risk Engineer to act as a hands‑on individual contributor responsible for the design, implementation, and day‑to‑day operation of security controls across our cloud platforms, applications, and enterprise data environments.
This role is security‑led by design. You will work closely with engineering, data, and IT teams to ensure that security is embedded throughout the software development lifecycle and cloud infrastructure, while aligning with the risk, compliance, and resilience expectations of an institutional financial services firm. This role aligns with all five functions of the NIST Cybersecurity Framework, contributing to risk identification, preventative control design, continuous detection, effective incident response, and ongoing security resilience improvement in a regulated financial services environment.
You will not manage people, but you will own technical security outcomes, exercise independent judgment, and be expected to challenge designs, raise risks, and drive practical remediation.
Cloud & Data Security:
- Design, implement, and maintain cloud security controls across AWS and Azure environments
- Embed security controls into CI/CD pipelines, ensuring secure build, test, and deployment practices
- Review application and infrastructure code to identify security vulnerabilities and recommend remediation
- Implement and enforce secure configuration standards using infrastructure‑as‑code (Terraform)
- Manage encryption, key management, and secrets handling across cloud and data platforms
Data & Platform Security
- Design and enforce security controls for enterprise data platforms, including Snowflake
- Ensure strong encryption practices for data at rest and in transit
- Partner with data and engineering teams to protect sensitive financial and client data across its lifecycle
Monitoring, Detection & Response
- Operate and tune cloud‑native security and detection tools (e.g., Defender, Orca, Elastic)
- Investigate security alerts, assess impact, and support containment and remediation activities
- Contribute to incident response, root‑cause analysis, and post‑incident improvements
- Continuously improve detection coverage and signal quality
Risk, Governance & Stakeholder Collaboration
- Partner with internal stakeholders and external security vendors to identify control gaps and risks
- Provide clear, actionable security input on key initiatives and projects
- Apply sound risk judgment to balance security controls with business requirements
- Communicate security findings and recommendations clearly to technical and non‑technical audiences
- Maintain and contribute to security policies, standards, and technical control documentation to ensure alignment with cloud architectures, regulatory expectations, and evolving threat models
Qualifications & Experience
Education:
- Bachelor’s degree in Computer Science, Information Systems, Cybersecurity, or a related field (or equivalent experience).
Experience:
- Minimum 7+ years in DevOps, security engineering, or related roles.
- Proven track record of leading security-focused projects, such as MFA rollouts, VPN deployments, or policy implementations.
- Proven experience in a DevOps, cybersecurity, or related role, with a strong background in application security
Technical Expertise:
- Deep knowledge of cloud security (AWS, Azure) and enterprise data platforms (Snowflake).
- Proficiency in Python
- Experience with automation tools (Terraform) and container technologies (Docker)
- Strong programming skills for reviewing and addressing code vulnerabilities.
- Networking protocols and architecture
- Solid understanding of network security.
- Vulnerability management and encryption techniques
- Proficiency with SIEM, IDS/IP, firewalls, and endpoint security tools
Preferred Certifications:
Required or Strongly Preferred:
- CISSP (Certified Information Systems Security Professional) – required or actively pursued
- CCSP (Certified Cloud Security Professional)
- CISM (Certified Information Security Manager)
Highly Valued for Financial Services:
- CRISC (Certified in Risk and Information Systems Control)
- CISA (Certified Information Systems Auditor)
- CSA CCSK (Certificate of Cloud Security Knowledge)
Cloud & Identity Security:
- Microsoft SC-Series certifications (SC-100, SC-200, SC-300)
- AWS Certified Security – Specialty
- Microsoft certifications related to security and identity (e.g., MS-500)
Key Competencies
- Independent Ownership: Drives security outcomes with minimal supervision
- Strong: Judgment: Assesses risk and prioritizes practical, effective controls
- Collaboration: Works effectively with engineering, data, and business teams
- Communication: Clearly explains security concepts and trade‑offs
- Adaptability: Handles evolving priorities in a regulated, fast‑moving environment
Canso Investment Counsel is proud to be an Equal Opportunity and Affirmative Action Employer.
We are committed to providing accommodations for people with disabilities in all aspects of the recruitment and selection process. If you require accommodation or special assistance, please send an email with your request to PC@Cansofunds.com. Your information will be treated as confidential.
We sincerely thank all applicants for their interest, however only those in consideration for the opportunity will be contacted.