The Senior Information Security Analyst plays a crucial role in safeguarding the organization's information systems by designing robust security frameworks and strategies. This role involves anticipating potential threats, identifying vulnerabilities, and implementing cutting-edge solutions to ensure the confidentiality, integrity and availability of the systems. The Senior Information Security Analyst champions security best practices, proactively identifies and mitigates risks, and helps guide the organization in building and maintaining a resilient security posture that aligns with the organization's objectives and regulatory requirements. This role collaborates extensively with various teams, assists in incident response, and mentors others to elevate the organization's overall security posture.

Role:

• Contribute to the implementation and maintenance of comprehensive security architecture frameworks.
• Identify and assess potential security threats, vulnerabilities, and risks to the organization's systems.
• Design security solutions and controls to protect information systems and data.
• Collaborate with IT and Product teams to integrate security measures into system designs and operations.
• Provide expert guidance on security architecture to stakeholders and management.
• Stay up-to-date with emerging security trends, threats, and technologies.
• Conduct training and awareness programs to educate staff on security best practices.
• Advocate for security best practices and proactive threat mitigation throughout the organization.
• Contribute to the development and maintenance of security standards, leveraging industry frameworks (NIST, CIS, etc.) and cloud provider recommendations.
• Evaluate designs and architectures for potential vulnerabilities, proposing risk mitigation measures.
• Conduct regular risk assessments of cloud infrastructure, applications, and data.
• Work closely with cloud architects, engineers, developers, and operations teams to embed security into all phases of cloud projects.
• Participate in incident response planning and lead remediation efforts in case of security breaches.
• Research, assess, and select security tools and technologies best suited for the organization's cloud environment.

And a little bit of....

• On-call availability for incident response.
• Contributing as part of the wider team to achieve organizational objectives even if this means doing things that aren’t strictly within the scope of your role.

What will make you successful:

• You have built strong relationships within IT and Product teams, enabling you to effectively champion security initiatives and drive organizational change.
• You have achieved a deep level of understanding across all aspects of Lightspeed’s complex cloud environments.
• You are able to own and drive complex security projects from concept to completion, working with and engaging stakeholders across the organization as necessary.
• Overall reduction in organizational risk due to improved cloud architecture, controls, and remediated risk assessments.

Experience:

• 5+ years of deep hands-on experience designing, implementing, and managing security within large-scale cloud environments (AWS, GCP, etc.).
• Bachelor's degree or equivalent experience in computer science, cybersecurity, network engineering, or a similar field.
• Proven experience in designing and implementing security architectures for complex cloud environments.
• Experience in working with product & engineering teams to design secure solutions
• Strong background in risk assessment, management, and mitigation strategies.
• Proficient in security frameworks and standards such as NIST, ISO 27001, CIS, PCI-DSS and SOC 2.
• Experience with security incident response and forensics.

Skill required:

• Good understanding of cloud technologies (AWS, Azure, GCP, etc.) and security principles.
• Extensive knowledge of security principles, access controls (IAM), network security, encryption, vulnerability management, threat modeling, incident response.
• Expertise in designing and implementing cloud security architectures.
• Expertise in security frameworks, regulations, compliance requirements.
• Strong analytical and problem-solving skills with the ability to think strategically.
• Excellent communication and leadership abilities.
• Excels in cross-functional collaboration.
• Ability to think creatively and holistically about reducing cyber risk in a complex environment
• Ability to adapt to a complex and ever-changing environment.

What’s in it for you:

• Join a growing team and help us move to the next level
• Amazing benefits & perks, including equity for all Lightspeeders
• Constant development of both your skill-set and business acumen with limitless growth opportunities
• Lots of autonomy, flexible work culture
• Innovation time to explore and learn at work
• Shaping the company by joining cultural & technical committees
• Tons of growth opportunities into technical or people management roles
• Opportunity to join a fast-paced, high-growth company
• Opportunity to learn, expand your skill set, forge wonderful relationships and make your mark within the diverse and inclusive Lightspeed family, a true Canadian tech success story

…. And enjoy a range of benefits that will keep you happy, healthy and (not) hungry.

• Lightspeed equity scheme (we are all owners).
• Flexible paid time off and remote work policies.
• Health insurance.
• Contributions to your pension plan - RRSP.
• Health and wellness benefit of $500 per year.
• Paid leave and assistance for new parents.
• Mental health online platform and counseling & coaching services.
• Training opportunities to grow your skills and career
• Volunteer day.
• Fully stacked kitchen (hot and cold beverages, meals served)
• Happy hours to build your relationships with colleagues after work