Top Benefits
About the role
**About Us:**At Kobalt.io, our mission is to solve cybersecurity for SMBs at scale. We believe small businesses are the engine behind innovation and growth. Understanding the challenges that our customers have enables us to design and refine scalable cybersecurity services that support a secure path to growth. This is reflected in everything we do from the programs we build, to the partnerships we have developed with companies such as Vanta, Prescient and Sumo Logic.
Role Overview:
We are seeking a passionateSecurity Analyst – GRCto join our growing Delivery Team. As an engaged contributor within our Professional Services - Delivery, you will play a vital role in supporting our clients on their security journey. Collaborating closely with vCISOs, you will lead end-to-end managed compliance programs—from initial gap analysis to successful audit completion and beyond. You will leverage a deep understanding of each client’s unique operational constraints and tech stack to ensure security implementations are effective, realistic, and tailored to their specific environment. If you are ready for a new challenge and want to join a growing team that values diligence and a proactive security mindset, this is your opportunity. To be considered for this role, you must reside in the EST timezone.
Responsibilities:
-
Partner directly with clients to draft and implement policies and customized security roadmaps, set up and manage user security awareness training campaigns and manage recurring phishing simulations.
-
Manage small-scale security compliance programs, guiding clients from initial readiness through successful audit completion. Lead and assist with regular client meetings to track progress, resolve blockers, and maintain project momentum.
-
Collaborate with vCISOs to design and execute Incident Response tabletop exercises, test the resilience of client IR plans, conduct various security assessments to identify gaps and mature client security postures.
-
Leverage GRC platforms to accelerate compliance and streamline security program management.
-
Act as a responsive subject matter expert across all communication channels, ensuring a "customer-first" resolution to security challenges.
-
Build automation tools to compress manual tasks. Capture key performance metrics and contribute to the evolution of Kobalt’s service offerings through documentation and knowledge-base creation.
Your Qualifications & Skills:
Core Requirements:
-
3-5 years of experience in GRC, Internal Audit, Information Security, Technology Risk, or related fields.
-
Direct experience with governance frameworks (e.g., SOC 2, ISO 27001, HIPAA, etc.)
-
Strong understanding of cybersecurity domains, including Security Operations, Security Engineering, and Information Risk Management.
-
Customer-first focus, with the ability to support both internal teams and external client inquiries.
-
Excellent ability to communicate effectively, both verbally and in writing, with clients and internal audiences.
-
Can work independently and with teams to identify and resolve challenges and overcome roadblocks.
-
Ability to adapt security best practices to diverse client tech stacks.
Desired Qualifications:
- Professional certification is desired but not required.
- Intermediate scripting/coding skills for process automation.
- A strong team player with the ability to provide on-the-job training and knowledge sharing to other team members.
- Self-initiative with strong time management and the ability to perform in high-paced environments.
- Solid sense of integrity and identification with the mission.
- Understanding and basic level competence with AI systems such as Google Gemini, Google NotebookLM, Anthropic Claude, or OpenAI ChatGPT
Benefits:
-
Competitive salary, health benefits, RRSP matching and equity
-
Comprehensive health, dental, and vision insurance
-
Flexible work arrangements
-
Professional development opportunities
-
Fun and inclusive company culture
-
Monthly BYOD Allowance
How We Use AI in Our Hiring Process
At Kobalt.io, we value transparency and want you to know exactly how we evaluate candidates.
**AI Notetaking:**We use an AI-powered meeting assistant in all interviews. This tool records, transcribes, and generates summaries of our conversation. This allows our interviewers to be fully present and engaged with you, rather than being distracted by taking manual notes.
**Information Sharing:**These summaries help us accurately share your qualifications and highlights with hiring managers and key stakeholders who may not be on the call.
**Human-Led Decisions:**While our AI tools may provide data points or candidate rankings, humans remain at the helm of our decision-making. We may use these insights as just one piece of information in our evaluation. Your potential is assessed by real people, and the final decision on who moves forward is always made by the hiring team.
Not the right fit? Search for Security Analyst jobs in Ontario
About Kobalt Security Inc.
Kobalt.io is a rapidly growing company that manages all aspects of cyber security programs for small and medium-sized, cloud-native businesses.
Our team acts as an extension of our clients, considering their unique limitations and needs and supporting them with services ranging from security program-as-a-service to privacy management and 24x7 monitoring. Ensuring our client's security and helping drive their business growth are our top priorities.
Similar jobs you might like
Top Benefits
About the role
**About Us:**At Kobalt.io, our mission is to solve cybersecurity for SMBs at scale. We believe small businesses are the engine behind innovation and growth. Understanding the challenges that our customers have enables us to design and refine scalable cybersecurity services that support a secure path to growth. This is reflected in everything we do from the programs we build, to the partnerships we have developed with companies such as Vanta, Prescient and Sumo Logic.
Role Overview:
We are seeking a passionateSecurity Analyst – GRCto join our growing Delivery Team. As an engaged contributor within our Professional Services - Delivery, you will play a vital role in supporting our clients on their security journey. Collaborating closely with vCISOs, you will lead end-to-end managed compliance programs—from initial gap analysis to successful audit completion and beyond. You will leverage a deep understanding of each client’s unique operational constraints and tech stack to ensure security implementations are effective, realistic, and tailored to their specific environment. If you are ready for a new challenge and want to join a growing team that values diligence and a proactive security mindset, this is your opportunity. To be considered for this role, you must reside in the EST timezone.
Responsibilities:
-
Partner directly with clients to draft and implement policies and customized security roadmaps, set up and manage user security awareness training campaigns and manage recurring phishing simulations.
-
Manage small-scale security compliance programs, guiding clients from initial readiness through successful audit completion. Lead and assist with regular client meetings to track progress, resolve blockers, and maintain project momentum.
-
Collaborate with vCISOs to design and execute Incident Response tabletop exercises, test the resilience of client IR plans, conduct various security assessments to identify gaps and mature client security postures.
-
Leverage GRC platforms to accelerate compliance and streamline security program management.
-
Act as a responsive subject matter expert across all communication channels, ensuring a "customer-first" resolution to security challenges.
-
Build automation tools to compress manual tasks. Capture key performance metrics and contribute to the evolution of Kobalt’s service offerings through documentation and knowledge-base creation.
Your Qualifications & Skills:
Core Requirements:
-
3-5 years of experience in GRC, Internal Audit, Information Security, Technology Risk, or related fields.
-
Direct experience with governance frameworks (e.g., SOC 2, ISO 27001, HIPAA, etc.)
-
Strong understanding of cybersecurity domains, including Security Operations, Security Engineering, and Information Risk Management.
-
Customer-first focus, with the ability to support both internal teams and external client inquiries.
-
Excellent ability to communicate effectively, both verbally and in writing, with clients and internal audiences.
-
Can work independently and with teams to identify and resolve challenges and overcome roadblocks.
-
Ability to adapt security best practices to diverse client tech stacks.
Desired Qualifications:
- Professional certification is desired but not required.
- Intermediate scripting/coding skills for process automation.
- A strong team player with the ability to provide on-the-job training and knowledge sharing to other team members.
- Self-initiative with strong time management and the ability to perform in high-paced environments.
- Solid sense of integrity and identification with the mission.
- Understanding and basic level competence with AI systems such as Google Gemini, Google NotebookLM, Anthropic Claude, or OpenAI ChatGPT
Benefits:
-
Competitive salary, health benefits, RRSP matching and equity
-
Comprehensive health, dental, and vision insurance
-
Flexible work arrangements
-
Professional development opportunities
-
Fun and inclusive company culture
-
Monthly BYOD Allowance
How We Use AI in Our Hiring Process
At Kobalt.io, we value transparency and want you to know exactly how we evaluate candidates.
**AI Notetaking:**We use an AI-powered meeting assistant in all interviews. This tool records, transcribes, and generates summaries of our conversation. This allows our interviewers to be fully present and engaged with you, rather than being distracted by taking manual notes.
**Information Sharing:**These summaries help us accurately share your qualifications and highlights with hiring managers and key stakeholders who may not be on the call.
**Human-Led Decisions:**While our AI tools may provide data points or candidate rankings, humans remain at the helm of our decision-making. We may use these insights as just one piece of information in our evaluation. Your potential is assessed by real people, and the final decision on who moves forward is always made by the hiring team.
Not the right fit? Search for Security Analyst jobs in Ontario
About Kobalt Security Inc.
Kobalt.io is a rapidly growing company that manages all aspects of cyber security programs for small and medium-sized, cloud-native businesses.
Our team acts as an extension of our clients, considering their unique limitations and needs and supporting them with services ranging from security program-as-a-service to privacy management and 24x7 monitoring. Ensuring our client's security and helping drive their business growth are our top priorities.