About PureFacts Financial Solutions

PureFacts Financial Solutions is a rapidly growing, market leading WeathTech organization, on an exciting journey committed to becoming a leading Canadian firm with a world class team. At PureFacts, we are on a mission to create meaningful, differentiated wealth solutions that help people live their best life. We use artificial intelligence, big data, and the latest technologies, along with our industry expertise, to help firms grow revenue, reduce costs, manage risk, and delight their customers. Our wealth solutions are mission critical to our clients.

Combined with our solutions and loyal clients, our hungry, humble & smart team is a cornerstone to our growth. In addition to our highly valued wealth solutions, we are committed at PureFacts to help create a better life for all. We are focused under our corporate citizenship arm of PurePossibilities to provide food, shelter, education and employment for the less fortunate, enabling one step at a time a leg up for all.

At PureFacts, we do business differently. We believe in a six-stakeholder model where employees, clients, partners, the community, the environment and the shareholders are beneficiaries of the business. For our differentiated approach and results, PureFacts was selected as one of 100 most innovative WealthTech firms in the world by WealthTech 100.

In summer 2024, we announced a partnership with GrowthCurve Capital as a majority investor and are planning to 4-10x our business in the coming 3-5 years. To meet that hyper growth, we our investing in our people, operations and technology to continue to service our clients at the highest level.

We embody six values – Hungry, Humble, Smart, Purposeful, as well as Teamwork and Radical Candor. If that sounds like you and you want a seat on the rocket ship, then join us at PureFacts!

About the role

As an Information Security and Compliance Engineer, you will play a critical role in safeguarding PureFacts’ infrastructure, applications, and data. You will be responsible for implementing and maintaining security controls, supporting compliance initiatives (e.g., SOC 1, SOC 2, ISO 27001), and collaborating with cross-functional teams to ensure the security, privacy, confidentiality, integrity, and availability of our systems.

What you'll do

• Implement and maintain security controls aligned with the SOC framework, ISO 27001, CIS Benchmarks and other best security practices.
• Support the execution of the annual SOC 1 and SOC 2 audits, including evidence collection, control testing, and remediation tracking.
• Conduct ongoing vulnerability assessments and coordinate remediation efforts with DevOps and infrastructure teams.
• Coordinate penetration tests on our web applications with independent security specialist.
• Monitor and manage external attack surfaces and consult internal teams to reduce exposure.
• Maintain static code analysis and application security scanning as part of our SDLC (Software Development Life Cycle) pipelines.
• Collaborate with IT leadership to define and enforce access control policies, including least privilege and role-based access.
• Participate in incident response and root cause analysis, ensuring timely resolution and documentation of security events.
• Contribute to the development and delivery of security awareness training programs for employees and contractors.
• Maintain documentation for security policies, procedures, and compliance reports.

Qualifications

• Bachelor’s degree in Computer Science, Information Security, or a related field.
• 3+ years of experience in information security, compliance, or IT risk management.
• Strong understanding of cloud security (preferably Microsoft Azure), network security, and endpoint protection.
• Familiarity with compliance frameworks such as SOC 1/2, ISO 27001, and GDPR.
• Experience with security tools, vulnerability scanners, and SIEM platforms.
• Excellent communication and documentation skills.
• Industry certifications (e.g., CISSP, CISM, CEH, ISO 27001 Lead Implementer) are a plus.