Systems and Data Security Manager

At Mod Op, we’re reimagining the future of marketing by fusing creativity, technology, and intelligence to transform how work gets done and the value clients receive. Our AI & Innovation Team builds AI-enabled platforms and agentic systems that automate, optimize, and evolve the marketing process—from creative development to media execution to performance analytics.

The Systems and Data Security Manager is a hands-on IT security position responsible for operating and maintaining the organization’s security controls across systems, cloud infrastructure, data, and development environments. Reporting to the Senior IT Director, this role owns day-to-day security operations, SOC 2 Type II compliance execution, cloud and identity security, and security monitoring.

This role also leads the implementation and automation of compliance and security processes to increase efficiency, visibility, and scalability across the organization.

The position works closely with Development and the compliance-focused IT team to ensure controls are effective, documented, and continuously validated.

Responsibilities

Security Governance & Compliance

• Manage day-to-day operation of an established SOC 2 Type II control environment

• Own continuous evidence collection, documentation, and audit readiness

• Coordinate third-party assessments, including penetration testing, and track remediation through completion

• Maintain security policies, procedures, and control documentation as systems change

• Work directly with auditors, Development, and the compliance-focused IT team to support audits and close findings

• Create, assign, audit, and revoke IAM roles and service accounts across cloud platforms, ensuring least-privilege access.

• Conduct vendor risk assessments, including security reviews and documentation tracking

• Oversee infrastructure vulnerability scanning and enforce patch management SLAs across cloud and hosted environments

• Lead and document quarterly access reviews across systems and cloud platforms

• Implement and manage compliance automation platforms such as Vanta, Drata, or Secureframe

• Automate evidence collection, access reviews, and compliance reporting processes

• Build and maintain compliance dashboards to provide leadership visibility into control health and audit readiness

• Measure and report efficiency gains achieved through compliance and security automation

Identity & Cloud Security

• Operate and maintain security controls for Microsoft Entra ID, AWS and Google Cloud Platform environments

• Manage identity, access, and privilege controls across cloud and enterprise systems, including GCP IAM roles, policies and service accounts

• Ensure secure configuration, hardening, and access reviews are performed regularly

Security Monitoring & Incident Response

• Manage Entra ID, AWS and GCP security logging, monitoring, and alerting

• Investigate and respond to security alerts and incidents

• Perform root cause analysis and implement corrective actions

• Investigate and remediate access-related incidents, including misconfigured roles or unauthorized permissions.

• Leverage AI-powered security tools for threat detection, anomaly identification, and alert triage

• Investigate and respond to security alerts and incidents

• Perform root cause analysis and implement corrective actions

• Investigate and remediate access-related incidents, including misconfigured roles or unauthorized permissions

Development & AI Security

• Implement and maintain security controls within development and automated build and deployment processes

• Partner with Development on vulnerability management, code scanning, and application security

• Apply security controls and governance for AI systems, including data access, model usage, and risk management

Application Usage & Budget Management

• Monitor application usage and spend across agency-hosted environments for internal and client-facing applications

• Define acceptable usage thresholds and budget bands for applications and environments

• Implement alerts, automation, and reporting for usage or cost variances

• Investigate, resolve, and document usage and budget variances

• Own application budgets related to hosted environments and route issues or overages to appropriate stakeholders

Agency & Client Onboarding & Offboarding

• Support onboarding of new agencies and clients by evaluating applications, technologies, and usage requirements

• Assess security, compliance, and SOC 2 Type II impact to existing environments

• Estimate infrastructure usage and cost impact and align onboarding to established usage and budget bands

• Support client data ingestion, migration, and validation, ensuring security and data integrity

• Manage client offboarding activities, including sunsetting services and archiving or securely deleting data

• Partner with Development and the compliance-focused IT team to ensure onboarding and offboarding meet security, compliance, and operational standards

• Support account manager’s escalations related to security, access, or consent requirements.

Leadership & Collaboration

• Serve as a hands-on security manager and subject matter expert

• Collaborate closely with Development and the compliance-focused IT team on security and audit activities

• Provide clear documentation and practical guidance to internal stakeholders

• Serve as the primary point of contact for access requests and permission-related troubleshooting.

Requirements:
• 6 to 10 years of experience in information security, systems security, or cloud security

• 2 or more years in a manager-level or senior individual contributor security role

• Demonstrated experience operating SOC 2 Type II programs

• Strong hands-on expertise in Microsoft Entra ID, AWS & GCP security

• Experience with cloud security monitoring and incident response

• Practical experience with development security and secure software lifecycle practices

• Experience securing AI systems, data, or machine-learning-enabled applications

• Experience with GRC and compliance automation platforms (Vanta, Drata, Secureframe or similar)

• Scripting or infrastructure-as-code skills such as Python, PowerShell, or Terraform

• Demonstrated track record of reducing manual compliance workload through automation

• Familiarity with AI-powered security and threat detection tools

Certifications

• Microsoft security certifications required or strongly preferred, including:

• Microsoft Certified: Security, Compliance, and Identity Fundamentals

• Microsoft Certified: Identity and Access Administrator Associate

• Microsoft Certified: Security Operations Analyst Associate

Preferred Skills

• Experience coordinating and managing penetration tests and remediation efforts

• Familiarity with identity-based security models that emphasize least-privilege access and continuous verification

• Experience monitoring and investigating security events across cloud platforms and enterprise systems

• Hands-on use of built-in security and logging tools provided by cloud platforms such as AWS, GCP and Microsoft

• Strong documentation skills supporting audits, investigations, and operational security processes

Benefits:
• Flexible, hybrid work arrangements.
• Annual company shutdown during the holiday season.
• Frequent studio-wide social events.
• Budget and time allotted for professional development.
• Commitment to wellbeing and work life balance.
• Competitive health and dental benefits package.
• Group RRSP Matching program

When asked what they love about working at Mod Op, we hear:

• “I feel I can be myself at work and it’s fun!” -MV
• “The caliber of the clients/brands we work with, knowing your work is seen by thousands of people, in many cases across the world.” -JC

• “We actually create videogames!” -AC
• “We have an all-star team, and it’s like playing in the pro-bowl every day!” -MW
• “Opportunities to always learn from and work with the best and the brightest.” HW
• “Mentors and opportunities for growth.” -KB

Diversity and Inclusion:

Some of our best ideas emerge when different perspectives collide. That’s just one of the reasons we’re committed to building and retaining a team that reflects diverse backgrounds, identities, experiences, and abilities. Through our core values, we’re also fostering a culture where everyone feels heard, included and comfortable being themselves.