Work In Tech

Find your next role at Canada's fastest-growing tech companies

GRC- Security Analyst

Kobalt

Kobalt

IT
Ontario, Canada · Remote
Posted on May 1, 2025

About Us: At Kobalt.io, our mission is to solve cyber security for SMBs at scale. We believe small businesses are the engine behind innovation and growth. Understanding the challenges that our customers have enables us to design and refine scalable cyber security services that support a secure path to growth. This is reflected in everything we do from the programs we build, to the partnerships we have developed with companies such as Vanta, Prescient and Sumo Logic.

Role Overview: Kobalt.io is an equal-opportunity employer looking for team members who have a real passion for security. The GRC-Security Analyst is an engaged contributor role within Kobalt’s security delivery team. The Security Analyst is responsible for supporting the client’s security journey by tailoring cybersecurity protocols, including policies, procedures, and protocols. The Security Analyst also assists vCISOs with various types of security assessments and technical implementation projects. As Kobalt is a certified partner of Vanta, the Security Analyst will leverage the Vanta platform to accelerate the client’s compliance journey as part of the security program.

If you are ready for a new challenge and want to join a growing team, this is your opportunity. Kobalt is a growing cybersecurity services and technology firm focused on addressing the needs of small and mid-sized businesses. Founded in November 2018, Kobalt has been recognized as an emerging company on the Ready to Rocket Emerging ICT list, 2020 Startups to Watch by Techcouver, and has worked with over 250 companies addressing cybersecurity challenges since inception.

Responsibilities:

  • Assist vCISOs in executing elements and projects, such as risk assessments, within a security program
  • Work directly with clients to understand their operations and tailor security policies and procedures that are fit for the organization
  • Provide compliance audit readiness support as required
  • Provision, implement, and manage Vanta, or a similar GRC platform, for clients
  • Troubleshoot compliance monitoring issues within Vanta, or a similar GRC platform, for clients
  • Build new tools and techniques to compress human-intensive tasks into work that can be achieved in a fraction of the time
  • Document best practice procedures for commonly used technologies for standardization of deployment
  • Collaborate with team members to assist with improvements, discovery, and production of creative and insightful security use-cases
  • Capture regular metrics highlighting key activities, measurable accomplishments, and blockers
  • Support the design and development of Kobalt’s service offerings through insightful feedback and a positive attitude as a contributing member of our security delivery team
  • Help drive improvements in our best-in-class security services through the creation of knowledge-base articles and services documentation
  • Respond to and engage our customers through our ticket system, chat, email, phone, or other mediums as required

Qualifications:

  • 2-3 years of experience in Security Technologies, Information Security, Business Resilience, Technology Risk, or related fields
  • Customer-first focus
  • Can work independently and with teams to identify and resolve challenges and overcome roadblocks
  • Understanding of cybersecurity domains, including Security Operations (on-premise and cloud), Security Engineering, Information Risk Management, etc
  • The ability to articulate secure best practices of various aspects of information risk management in the context of people, processes and technology
  • Report Writing: Emphasis on Spelling, Grammar, Word usage, and ability to write a summary that answers the Who, What, Where, When, How, and to the best of your ability, Why.
  • Strong communication skills: Be able to perform summarization and commonality detection and "connect the dots" to turn a group of facts into contextual information. Then take that contextual information and determine if it proves your hypothesis right or wrong.
  • Ability to quickly learn and adapt security best practices to a wide variety of technologies in use by our clientele

Nice to have:

  • GRCP™ certification is desired but not required
  • Enthusiasm, curiosity, and thirst for knowledge
  • Intermediate coding/scripting skills to help automate processes and scale implementation efforts
  • Be familiar with technical system access controls, how to apply them, and what benefits are gained from controls.
  • Ability to perform in high-paced environments
  • Strong Team Player
  • Ability to provide on-the-job training and knowledge sharing to other team members
  • Self-initiative with strong time management
  • Solid sense of integrity and identification with the mission.
  • Strong intuition and ability to think “outside the box”
  • Attention to detail while seeing the bigger picture

Benefits:

  • Competitive salary, health benefits, RRSP matching and equity
  • Comprehensive health, dental, and vision insurance
  • Flexible work arrangements
  • Professional development opportunities
  • Fun and inclusive company culture
  • Monthly BYOD Allowance