Senior Manager, Security Risk (Cybersecurity)

TL;DR

Senior Manager, Security Risk (Cybersecurity): Lead and evolve a global risk function, managing a distributed team. Focus on integrating compliance control requirements into the risk management process and delivering risk solutions that balance risk mitigation with business velocity.

Location: Remote - Ontario, British Columbia, or Alberta, Canada

Salary: $160,320 - $200,400 CAD

Company

hirify.global delivers innovative solutions to hundreds of thousands of businesses and empowers millions of developers worldwide to craft personalized customer experiences.

What you will do

• Lead, mentor, and grow a team of international and domestic risk analysts.
• Conduct and oversee complex risk assessments across microservices architectures, cloud-native environments, and legacy on-premise telecommunications systems.
• Operationalize and mature the One hirify.global Risk Management framework leveraging risk management frameworks (NIST RMF, ISO 27005, etc.) with a specific focus on emerging areas like AI Risk, Data Governance, Privacy, Reliability, and Observability.
• Develop and deliver high-impact, executive-level risk reporting.
• Identify and design efficient process workflows within Jira and GRC tools to automate risk intake, tracking, and remediation.
• Act as a primary point of contact for external auditors and regulators, clearly articulating hirify.global’s risk posture and the effectiveness of our controls.

Requirements

• Experience: 8+ years in Cybersecurity or Information Security, with at least 4+ years in a people management role leading international teams.
• The ability to navigate high-tension situations finding the "win-win" middle ground.
• Deep understanding of hybrid cloud environments (AWS/GCP), on-premise infrastructure, and microservices.
• Proven track record of implementing and maturing risk frameworks such as NIST RMF, ISO 3100.
• Power-user level proficiency in Jira (for workflow orchestration) and experience with security tooling (e.g., Wiz, Orca, Snyk) and GRC platforms (e.g., LogicGate, Jira, Archer, ServiceNow).
• Exceptional written and verbal communication skills, with a proven ability to present complex risk topics to non-technical executive audiences.

Nice to have

• Familiarity with the NIST AI RMF or ISO 42001 and the ability to assess the risks of data leakage and prompt injection in internal AI tools.
• Ability to move beyond "High/Medium/Low" to help the business define and document specific risk appetite statements that guide engineering trade-offs.
• Skill in quantifying the cost of a security control versus the value of the risk it mitigates, ensuring pragmatic investment.

Culture & Benefits

• Generous time-off.
• Ample parental and wellness leave.
• Healthcare.
• Retirement savings program.