Role: Enterprise Security Specialist

Department: R&D

Reports to: Chief Technology Officer (CTO)

Location: Stouffville, ON (Hybrid)

Salary: $120,000 - $135,000

Number of Openings: 1

Who we are:

At Portfolio+, we empower financial institutions with secure, scalable, and customer-first solutions. As a proudly Canadian company, we’re at the forefront of open finance, delivering cutting-edge cloud technology that simplifies operations, enhances security, and drives innovation. Our team thrives in a collaborative, growth-oriented environment where ideas matter, and impact is real. If you're passionate about fintech, innovation, and making a difference, Portfolio+ is the place to build your career.

Who you are:

The Enterprise Security Specialist is a senior individual contributor responsible for leading the organization’s enterprise security program in a regulated fintech environment. Reporting to the CTO, this role focuses on security governance, risk management, audits, certifications, and enterprise security practices, with exposure to DevSecOps considered an asset.

This role serves as a primary security lead and advisor, working cross-functionally to ensure security practices support business growth, regulatory requirements, and customer trust, without formal people management responsibilities.

What you'll do:

Enterprise Security Program Leadership

• Lead the development, implementation, and continuous improvement of the enterprise information security program.
• Develop and maintain security policies, standards, procedures, and controls aligned with business objectives.
• Establish security metrics and reporting to support executive visibility and informed decision-making.
• Act as a trusted security advisor to the CTO and senior leadership.

Governance, Risk & Compliance

• Lead enterprise risk assessments, security reviews, and control evaluations.
• Align security practices with recognized frameworks such as ISO 27001, NIST etc.
• Support compliance with Canadian regulatory and privacy requirements, including PIPEDA, OSFI guidance, and applicable provincial legislation.

Audits, Certifications & Regulatory Engagement

• Lead and support security audits and certifications, including SOC 2, PCI DSS, ISO 27001, and customer security reviews.
• Serve as a primary point of contact for auditors, regulators, and enterprise clients.
• Coordinate audit readiness activities, including evidence collection, policy updates, control testing, and remediation tracking.
• Translate audit findings into practical, risk-based improvements.

Third-Party & Vendor Security

• Lead third-party security risk assessments and vendor security reviews.
• Support security questionnaires, contract reviews, and customer due diligence requests.

Security Awareness & Collaboration

• Promote a security-conscious culture through collaboration, education, and practical guidance.
• Support security awareness initiatives and training across the organization.
• Work closely with Product, Professional Services, Risk, and Legal teams to support internal and external security needs.

Reporting & Leadership Support

• Provide regular reporting on security posture, risks, audit readiness, and remediation progress.
• Escalate significant security risks and incidents appropriately and support incident response activities.

What you bring:

Technical Skills

• 5 -7+ years of experience in information security, cybersecurity, or technology risk.
• Experience leading security programs or initiatives in fintech, financial services, SaaS, or other regulated environments.
• Hands-on experience supporting SOC 2, PCI DSS, ISO 27001, or similar audits and certifications.
• Strong understanding of enterprise security controls, risk management, and governance.
• Familiarity with cloud environments (AWS, Azure, or GCP).
• Ability to communicate security concepts clearly to technical and non-technical audiences.
• Knowledge of Canadian regulatory and privacy requirements.
• Clearly convey complex security topics to executives, clients, and technical teams.
• Analyze security and compliance issues and design effective solutions.
• Build strong partnerships internally and externally.
• Deep understanding of SDLC, DevSecOps, CI/CD pipelines, cloud technologies, and regulatory frameworks.

Bonus Points if you have the following:

• Exposure to DevSecOps or secure SDLC practices.
• Experience with vulnerability management or application security tooling.
• Experience supporting client security assessments or enterprise customer due diligence.
• Security certifications such as CISSP, CISM, or ISO 27001 Lead Implementer/Auditor.

What We Offer:

• Be part of a dynamic, innovative team where your ideas directly shape our sales strategy and market presence.
• Flexible working arrangements (hybrid, remote, or in-office) designed to support work-life balance.
• Comprehensive benefits package starting from day one, including health coverage, paid time off, and volunteer days.
• Competitive salary, annual bonus program, and participation in our employee stock option plan.
• Access to continuous learning opportunities, a robust learning management system, and a tuition reimbursement program.
• Tools and technology provided (laptop, headset, monitors) to set you up for success.
• A supportive environment that values your growth, success, and contributions to our customers’ achievements.

We welcome and encourage applications from all qualified individuals who can contribute to the continued diversification of our organization, including those from equity-deserving groups that have been historically underrepresented in the workforce.

At Portfolio Plus, we use AI-enabled tools to help support parts of our recruitment process, such as creating job descriptions, assessments, and scheduling automations. These tools help us work more efficiently and consistently as we grow. AI supports our hiring teams, but it does not replace human judgment. All hiring decisions are made by people, and AI is never used as the sole decision-maker.

If you have questions about our hiring process, how AI is used, or if you require accommodation at any stage, please reach out to our People & Culture team (humanresources@portfolioplus.com) and we will be happy to answer any questions you have.

In alignment with the Accessibility for Ontarians with Disabilities Act, 2005, Portfolio+ provides accommodation upon request throughout the recruitment, selection, and assessment process for applicants with disabilities. Please reach out to humanresources@portfolioplus.com for any questions or requests.