About Cority
Cority helps customers see and prevent risks across their operations in real time. Our EHS+ platform converges people, data, and AI agents to provide a clear view of information people can trust, automate workflows that make people more impactful, and deliver personalized insights and expertise to improve decision-making. While most solutions respond to risks one at a time, Cority helps prevent them across environmental management, employee health, safety, quality, and sustainability. For 40 years, Cority has been the market leader in EHS+, recognized by top analysts and trusted by more than 1,500 of the most complex organizations worldwide. Cority has received many awards for its strong employee culture and outstanding business performance. To learn more, visit www.cority.com.
Monitor, assess, and maintain security controls within cloud environments
Responsible for oversight of the vulnerability management program, including penetration testing, participating in reviews of vulnerability and security log reports, creation of mitigation actions and remediation plans, and tracking/monitoring to completion
Manage the overall Security Awareness program for Cority, including annual training, quarterly phishing campaigns
Participate in vendor management process, and customer audit process
Liaise with CloudOps team to manage cloud security using security best practices and frameworks
Participate in the design and implementation of security for all cloud environments
Monitor, assess, and maintain security controls within cloud environments to safeguard data systems
Leverage security tools within the cloud to proactively identify security threats, analyse root causes of security violations, and recommend corrective actions
Integrate cloud security technologies with existing toolsets such as SIEM, EDR, and IAM solutions
Serve as a cloud-security subject matter expert to support CloudOps, Enterprise IT, and risk analysis programs by performing, analysing, and documenting
Ensure that all cloud tool sets and their integrations are properly maintained to meet stated policies, audit requirements and industry best practices
Identify and maintain KPIs and other metrics that show the effectiveness of the program
Provide Security Incident Response support and participate in the development of business cases and presentations on cloud security technologies
Apply knowledge of the above skill areas to assist with the GRC program
Minimum 5+ years of Information Security experience
3+ years of implementing cloud security for cloud infrastructures such as Azure and AWS.
3+ years of experience managing security within the Amazon Web Services (AWS) environment
Current knowledge and thorough understanding of Information Security issues, threats and trends
Demonstrated knowledge in the areas of risk assessment, strong understandings of secure communications, secure data storage, secure systems development, secure systems deployment and documentation
Demonstrated understanding of the real-world application of security and risk frameworks including ISO/IEC 27001, SOC 2 Type 2, NIST and FedRAMP (ISO42001 is an asset)
Assets:
• CISSP, CCSP, CISA, or other relevant industry related certifications
• Experience with ELK, AI, FedRAMP, GitLab
CanadaRemotemid
Gongio
Huntress
Steerbridge