IT Security & Infrastructure Manager

Sonic Incytes Medical Corp.

Vancouver, BC

About Sonic Incytes

Sonic Incytes is a leading innovator in AI-enabled liver ultrasound technology, transforming how liver disease is diagnosed and managed. We are committed to building secure, scalable, and compliant systems that support both our cutting-edge products and internal operations.

About the Role

We are seeking an IT Security & Infrastructure Manager to support our cybersecurity program, cloud security, and internal IT infrastructure. This is a hands-on role focused on day-to-day security operations, documentation, access management, compliance support, and collaboration with Engineering and Product teams. This is an in-office role.

Key Responsibilities:

1. Develop Cybersecurity Program and Documentation

Maintain and evolve the company’s cybersecurity roadmap and security program
Manage risk, governance, and compliance initiatives (SOC 2, HIPAA, ISO 27001, NIST)
Maintain risk registers, policies, and audit-ready documentation
Translate security risks into clear business insights for leadership

2. Partner with Engineering & Product

Embed security into the software development lifecycle (Secure SDLC)
Conduct threat modeling, security reviews, and testing
Support secure AI/ML and cloud-based product environments

Protect intellectual property and engineering systems
Support customer security questionnaires and audits

3. Own Compliance & Risk Management

Ensure audit readiness, control validation, and evidence collection
Conduct internal audits and gap assessments
Manage vendor risk and third-party security reviews

4. Drive Security Operations

Oversee threat detection, monitoring, and incident response (SIEM, MDR, EDR)
Act as incident lead for high-priority security events
Manage vulnerability scanning, patching, and remediation programs
Continuously improve detection, response, and security processes

5. Secure Cloud, Identity & Infrastructure

Manage and secure cloud environments (AWS, GCP, Microsoft)
Manage identity and access management (IAM), MFA, and Zero Trust initiatives
Oversee network security architecture (firewalls, IDS/IPS, segmentation, VPNs)
Ensure reliability of enterprise systems, endpoints, and infrastructure

6. Build a Security-First Culture

Deliver security awareness training across the organization
Partner cross-functionally with Engineering, IT, Legal, HR, and Finance
Promote best practices and accountability across teams

7. Corporate IT & Administrative Security

Own company data security practices, including secure storage, backup, recovery,
and retention.
Oversee employee computer setup, secure configurations, and device lifecycle
management.
Manage onboarding and offboarding access processes.
Administer and optimize access and licensing for core business software tools (e.g.
Dropbox, Google Drive, Hubspot, Slack).

Qualifications:

1. Experience

3+ years in cybersecurity, IT infrastructure, or security engineering
Experience owning security programs or initiatives
Background in cloud security, network security, and identity management
Experience working in regulated environments (healthcare, SaaS, or similar)

2. Technical Expertise

Security operations: SIEM, SOC, MDR/EDR, incident response
Cloud platforms: AWS, GCP, Azure
Identity & access: IAM, RBAC, PAM, Zero Trust
Network security: Firewalls, IDS/IPS, segmentation, VPNs
Security tools: vulnerability scanners, penetration testing tools
Scripting/automation (Python, Bash, or PowerShell) is an asset

3. Governance & Leadership

Knowledge of SOC 2, ISO 27001, NIST, HIPAA, or similar frameworks
Experience with audits, compliance, and risk management
Excellent communication skills with ability to engage technical and business stakeholders
Proven ability to lead initiatives, influence teams, and drive outcomes

4. Nice to Have

Certifications such as CISM, CISSP, CCNP, Security+, or AWS Security Specialty
Experience with Zero Trust architecture or OT/IT environments
Experience supporting AI/ML or data-driven platforms