Information Systems Security Manager

This is an opportunity in the exciting and fast-growing transportation technology industry. Public transit is being transformed from a system of static, scheduled fixed-routes, to a dynamic on-demand network, and you will be one of the pioneers shaping this transformation.

The Information Systems Security Manager will be responsible for protecting RideCo’s data and IT infrastructure by designing, implementing, maintaining, and enforcing security policies and protocols. Key responsibilities include monitoring systems, performing risk assessments, ensuring regulatory compliance (NIST, SOC2, GDPR, HIPAA), and leading incident response efforts to mitigate threats. 

Your day-to-day responsibilities will include:

Strategic Security Management: 

• 
  

  Developing and enforcing comprehensive security policies and procedures, ensuring they align with business objectives and legal compliance.

  
  


• 
  

  Own and maintain the organizational security roadmap using NIST SP 800-53 and NIST CSF 2.0, ensuring all security controls map directly to business risk and operational resilience. 

  
  


• 
  

  Lead the strategy and annual audit for SOC2 type 2 certification and compliance (including all Trust Services Criteria - Security, Availability, Confidentiality, Processing Integrity, Privacy), and RideCo’s Privacy Program.  

  
  

Risk Mitigation & Assessment:

• 
  

  Conducting regular threat assessments, vulnerability scanning, and audits to identify weaknesses and implement countermeasures

  
  


• 
  

  Develop and enforce governance policies for the secure adoption of AI

  
  

Security Operations:

• 
  

  Monitoring network traffic, firewalls, endpoints, and data systems for suspicious activity

  
  

Procedural Governance:

• 
  

  Conduct reviews and provide feedback on contracts, RFPs, security questionnaires, and ensure existing program components are regularly reviewed and functioning according to their criteria

  
  


• 
  

  Establish and maintain agency-based security and privacy procedures to ensure consistent security hygiene across all departments and platforms.

  
  

Incident Response: 

• 
  

  Leading efforts to identify, contain, and remediate security breaches or attempts.

  
  

Employee Training and Awareness:

• 
  

  Overseeing security awareness programs to train staff on cybersecurity best practices. 

  
  


• 
  

  Implement specialized training to protect employees against evolving AI-generated threats, including deepfake audio/video scams and sophisticated phishing. 

  
  

Technical Oversight:

• 
  

  Overseeing the deployment of security technologies, including encryption tools, antivirus software, and access controls 

  
  

Vendor Risk Management:

• 
  

  Assessing the security protocols of third-party vendors. 

  
  

Your Playground / What You’ll Learn:

At RideCo you’ll get a chance to play, learn and build with the following tools and technologies, and as part of a team that is the world’s foremost innovator in on-demand transit software.

• Operating Systems: Windows 11, Linux (Debian/Ubuntu), Mac, Android, iOS


• Infrastructure: AWS, Terraform, Redis, PostgreSQL, Celery, RabbitMQ, OpenVPN, Fortinet


• Health/Monitoring: AWS CloudWatch, Prometheus, Grafana, Elasticsearch, Logstash, Kibana, SumoLogic, Nexpose, SentinelOne


• Development Processes: Agile, continuous integration, Jenkins, zero-downtime software updates

Qualifications & Experience:

• Education: Bachelor’s degree in Cybersecurity, IT or related field


• Experience: 5+ years of related experience 


• Certifications: Certified Information Systems Security Professional (CISSP)


• Technical Knowledge: Proficient understanding of network infrastructure, firewalls and compliance frameworks 


• Leadership: Experience in coordinating with IT teams

Compensation and Benefits:

• Base Salary: $120k - 150k + performance-based bonus + stock options


• Work-Life Balance & Additional Perks: Flex-time work schedules, vacation time, bi-weekly catered lunches, social events, casual dress code


• Benefits Plan: Medical, dental, prescription, life/health spending accounts and more


• Professional Growth: Continuous education, certification maintenance, and attending conferences are important to keeping the role current and relevant


• Work Environment: Located in KW's most desirable work space in the heart of Uptown Waterloo 


• Commuter Program: Complimentary rides to and from work in Waterloo Region

Who we are:

http://www.rideco.com

RideCo powers on-demand transit. Public transit agencies and fleet operators use RideCo's cloud-based software platform to provide on-demand shared rides in dynamically routed buses and vans. RideCo is growing rapidly, and it is the most adopted on-demand paratransit and microtransit software among the 10 largest cities in the United States.  Our marquee clients include Philadelphia’s SEPTA, RTC Las Vegas, San Antonio Metro, and Houston Metro.   

RideCo’s software powers a diverse range of use cases, including paratransit, residential/ suburban travel; first-mile-last-mile connections for transit hubs; and corporate employee transportation.  The success of these services is supported by the industry's best customer service, including a 95% plus customer retention rate.  We are investing to scale up and capture the growing demand for on-demand shared rides solutions.

RideCo is proud to be an equal-opportunity employer. We hire the best talent and strive to build a meritocratic culture.  In accordance with the Accessibility for Ontarians with Disabilities Act, accommodations are available upon request for candidates taking part in all aspects of the selection process. If you require special accommodation to complete any portion of the application or interview process, please mention this in your application. #Li-Hybrid

Why is this role open? Existing Vacancy

RideCo is committed to a fair and transparent recruitment process. We do not use artificial intelligence (AI) or automated decision-making tools to screen, evaluate, or select candidates. All applications are reviewed and assessed by our hiring team.