Manager, Cloud Security

Summary

Join Wealthsimple as Manager, Cloud Security to lead a high-performing team in securing cloud environments, primarily AWS. Collaborate with various teams, establish rapport with leadership, and expand the team's domain. Responsibilities include architecting a scalable and resilient cloud security vision, holding team members accountable, developing compliance programs, acting as the primary point of contact for cloud security, building and mentoring the team, and defining key performance indicators. The ideal candidate will complete an initial assessment of the cloud security program, review and prioritize existing issues, take ownership of vendor relationships, develop team growth plans, establish working relationships with other teams, and prepare the team's annual roadmap and budget. Wealthsimple offers competitive salary, top-tier health benefits, retirement savings matching, generous paid time off, wellness and professional development budgets, an international work program, wellness days, and a remote-first work environment.

Requirements

• Significant experience (10+ years preferred) combining individual contributor and leadership roles within cybersecurity, DevOps, and cloud security, with a proven history of working cross-functionally and building high-performing teams
• Technical understanding of networks, endpoint, identity, cloud, encryption, data protection and OSes
• General knowledge of frameworks (NIST CSF, CIS, ISO, SOC 2, PCI DSS)
• Functional use with cloud tools (CWPP, CSPM, cloud-native application protection platform) and automation (ArgoCD, Chef, Puppet, Salt, Ansible)
• Proficient in one or more: Terraform, Kafka, Kubernetes, Helm, scripting (Python, JavaScript)
• Proven use with zero trust network access, encryption, web application firewalls, data protection, vulnerability management, API security, IaC
• Knowledge in one or more: NIST 800-144, CIS, CSA-CCM, ISO (27040, 27017, 27001)

Responsibilities

• Collaborate with security and engineering leadership to architect and articulate a scalable and resilient vision and roadmap for secure cloud environments that support business objectives
• Use team rituals to hold DRIs accountable for the outcome of their work while ensuring risks and priorities are proactively communicated with stakeholders. SLA, budget and project delivery estimations are reliable and agreed upon in advance
• Develop programs and recommend necessary changes to ensure the company’s systems are fully compliant with all applicable regulatory requirements and privacy laws and future proof against new developments in the industry or potential security incidents
• Act as the primary point of contact for cloud security requirements, initiatives, and escalations with the requisite subject matter expertise. Where necessary, proactively communicate the state of your domain's security posture to both technical and nontechnical stakeholders
• Build and mentor the team, focusing on employee retention and career growth by fostering a 'people first' environment with clearly stated expectations and robust support to achieve high standards
• Define key performance indicators, objectives and key results, and metrics to illustrate efficacy of the cloud security program integrating results with Vulnerability Management, GRC, or Security Operations
• Complete their initial assessment of the cloud security program and team and be able to articulate to the business key risks and opportunities
• Review and prioritize existing issues with the team and bring any cross-functional work to the appropriate betting tables to secure buy-in from stakeholders
• Take ownership of our vendor relationships specifically for our CNAPP and CWP tools
• Develop growth plans for the team based on existing needs including any training, conference, or sourcing budget that may be required
• Establish good working relationships with vulnerability management, application security, and platform teams
• Establish what KPIs or SLAs define excellence on this team and establish a strong operating cadence for their direct reports in concert with their peers and management team with at least a 4-month roadmap
• Prepare their team’s annual roadmap, budget, and headcount plan for the new year with appropriate buy-in from their stakeholders
• Review their team’s performance against stated objectives, evaluate control effectiveness, and highlight any suggested changes to the program

Preferred Qualifications

• Experience working in AWS is preferred
• Previous industry experience in Financial Services is preferred
• Preferably one or more: CISM, CISSP, CISA, GSLC
• Preferably one or more offered by AWS, Google or Microsoft, or GCSA, CKA, CCSP, CCSK
• Preferably a bachelors or higher degree in cybersecurity, software engineering, or a related field

Benefits

• Competitive salary with top-tier health benefits and life insurance
• Retirement savings matching plan using Wealthsimple for Business
• 20 vacation days per year and unlimited sick and mental health days
• Up to $1,500 per year towards wellness and professional development budgets respectively
• 90 days away program: Employees can work internationally in eligible countries for up to 90 days per calendar year
• A wide variety of peer and company-led Employee Resource Groups (ie. Rainbow, Women of Wealthsimple, Black @ WS)
• Company-wide wellness days off scheduled throughout the year