Principal Cybersecurity Consultant

Monachus helps early-stage startups build scalable systems for compliance, security, and operations. Without the chaos. We're a small, high-trust team based in Vancouver, BC, and our clients are spread across North America. We work closely with founders and technical teams who are moving fast and need security and compliance done right, not just done.

"Monachus" is Latin for monk, meaning diligent, dedicated, wise. If you care about doing high-quality work, being hands-on in the world of compliance, learning constantly, and having real ownership over outcomes, this is the kind of place where that actually happens.

We're hiring a senior security leader who operates across GRC, vCISO services, and cloud security engineering. This role is built for someone who can think strategically, execute fast, and handle high-volume client security work with precision, whether that's boardroom advisory or hands-on cloud security work.

You'll act as a trusted security partner to founders, CTOs, and executive teams while owning real security outcomes across multiple client environments. If you want to operate as both a security leader and execution powerhouse, this role is built for you.

• Act as fractional CISO (vCISO) for clients, advising on security posture, risk strategy, and roadmaps

• Lead SOC 1, SOC 2, ISO 27001, and customer security programs end-to-end

• Own vendor security questionnaires (VSQs), customer trust reviews, and security sections of RFPs and RFIs, including third-party risk assessments and vendor due diligence

• Evaluate and harden cloud environments across AWS configurations, container supply chain security, Kubernetes posture, and CI/CD pipeline security, using frameworks like CIS Benchmarks as the baseline

• Assess and improve vulnerability management programs, including scanner selection, triage workflows, and false positive reduction

• Review and design backup and DR architectures, covering break-glass accounts, destructive action controls, RPO/RTO definition, and restore testing

• Tune and assess SIEM and logging pipelines for detection coverage gaps, and advise on infrastructure modernization from a security lens

• Support incident response planning, tabletop exercises, and remediation programs

• Partner with engineering, product, and leadership teams on security decisions, operating as a peer to technical teams, not just as an auditor

• Manage multiple client engagements simultaneously with strong prioritization and execution

Experience & Background

• Deep familiarity with industry security frameworks including SOC 2, ISO 27001, and NIST

• Experience with regulatory and privacy standards such as GDPR, HIPAA, and PCI-DSS

• Experience in multi-client, consulting, or high-volume security environments

• Strong understanding of cloud-native architectures, threat modeling, and practical security risk mitigation across SaaS environments

• 10+ years of experience in information security or related technical roles, with strong hands-on experience securing cloud-first SaaS and infrastructure environments

• CISSP certification; CISM, CCSP, or equivalent security certifications also accepted

Tools & Systems

• Hands-on AWS experience at a configuration level (IAM, KMS, VPC, S3, RDS)

• Familiarity with vulnerability management tooling and scanner trade-offs

• Working knowledge of container security, CI/CD pipeline security, and SAST/DAST tooling

• Ability to evaluate Kubernetes/EKS security posture and backup/DR architectures

You’ll Thrive Here If You

• Constantly look for ways to improve systems, workflows, and delivery quality

• Collaborate well and prioritize alignment over ego

• Can take direction, follow operating systems, and improve them instead of fighting them

• Move fast without sacrificing quality

• Take ownership and operate with high accountability

• Enjoy building scalable processes and improving how work gets done

• Are curious about new tools and technologies and actively experiment with AI to improve how work gets done

Why Monachus

• Direct impact with startup founders and leadership teams

• Real vCISO responsibility and decision-making ownership

• Small, high-trust team with autonomy

• Strong focus on quality, structure, and continuous improvement

• Work that values originality, depth, and thoughtful execution over templates or audit checklists

Send your resume, a short note about your interest in the role, and any relevant links (GitHub, portfolio, LinkedIn) to:

📧 work@monachus.co

Subject: Application - Principal Cybersecurity Consultant

Applications are reviewed on a rolling basis. We review every application. If you're a fit, someone from our team will reach out within 5 business days to introduce themselves and share next steps.