Y-Axis Jobs Logo
Send us feedback
telephone  +91 7670 800 001
Log in Sign up Try Premium
Security & Audit Lead at SiftMed
St. John's, NL A1E 6B5, Canada -
Full Time

Start Date

Immediate

Expiry Date

25 Oct, 25

Salary

0.0

Posted On

25 Jul, 25

Experience

5 year(s) or above

Remote Job

Yes

Telecommute

Yes

Sponsor Visa

No

Skills

Checklists, Security, Confidentiality, It, Ethics

Industry

Information Technology/IT

Description

Who Are We?
As a group of passionate technology developers, successful entrepreneurs and industry experts, SiftMed is scaling and growing quickly. We’re looking for a hands on Security and Audit Lead to design and implement secure systems that protect sensitive data and ensure we meet the highest standards under SOC 2, HIPAA, and PIPEDA.
SiftMed is an AI driven system that processes, organizes, and categorizes medical files. Driven by a mission to extract facts in medical data that can change lives - the company focuses on improving access to critical information, empowering legal teams and medical experts to quickly and accurately find previously hidden key facts in medical data.

WHAT WE’RE LOOKING FOR:

We’re looking for a Security & Audit Lead to ensure our systems are secure by design and operation. This is a technical, hands-on role focused on building, operating, and evolving secure infrastructure and processes with the goal of meeting and exceeding our obligations under SOC 2, HIPAA, and PIPEDA.
You’ll have direct support from the leadership team, close collaboration with engineering, and the autonomy to build a security program the right way from day one.

REQUIRED SKILLS:

  • 5+ years of hands-on security engineering experience ideally in cloud-native, high-trust environments.
  • Strong technical foundation in cloud infrastructure (especially AWS), IAM, network and endpoint security, and secure software development practices.
  • Ability to identify practical risks, propose technical mitigations, and clearly explain tradeoffs.
  • A pragmatic, automation-minded approach to compliance: you focus on building secure systems, not checklists.
  • High standards of ethics, confidentiality, and professionalism: you treat sensitive data like it’s your own.
Responsibilities
  • Own our security architecture and practices across infrastructure, applications, and data with an emphasis on prevention, visibility, and minimal access.
  • Ensure we meet our regulatory and contractual obligations under SOC 2, HIPAA, and PIPEDA through secure implementation, logging, access control, and incident response.
  • Design and enforce secure-by-default infrastructure using tools like IAM, encryption, container security, and CI/CD hardening (AWS native stack).
  • Build technical controls that map to compliance requirements such as audit logging, asset inventories, and access review workflows.
  • Respond to security incidents and drive remediation; lead post-mortems and ensure repeatable playbooks exist.
  • Collaborate with auditors and vendors to provide evidence of controls without slowing down the team.
  • Implement and tune essential security tooling, such as vulnerability scanners, secret detection, intrusion detection, and centralized logging.