Technical Lead, Cyber Security

Location : USA or Canada—Work from home #LI-Remote

About SOVRA

SOVRA is a leading public procurement platform serving over 7,000 government agencies and connecting them with more than 1 million suppliers across North America. SOVRA offers comprehensive, end-to-end solutions tailored for the public sector.

SOVRA's solutions are purpose-built to address the unique challenges of public procurement, ensuring compliance, enhancing efficiency, and promoting transparency. Our commitment to innovation has been recognized with the Achievement of Excellence in Procurement (AEP) Certification from the National Procurement Institute, affirming our platform's adherence to the highest standards in efficiency and vendor accessibility.

By leveraging SOVRA's advanced tools and expansive supplier network, public agencies can optimize every tax dollar spent, drive better procurement outcomes, and deliver exceptional services to their communities.

You can find more info about SOVRA at SOVRA.com

What will your primary responsibilities look like?

In this role, you will be led to :

• Lead audit readiness and annual cycles for SOC 2 Type 2, PCI DSS, and FISMA RMF.
• Plan, run, and close out internal and external audits, including evidence strategy, control walkthroughs, and remediation tracking.
• Operate and continuously improve the customer trust portal, including curating artifacts and meeting SLAs for security questionnaires.
• Run vulnerability management across cloud, endpoints, applications, and containers with measurable risk reduction.
• Develop vulnerability metrics that demonstrate coverage, effectiveness, and remediation time to present to leadership.
• Maintain the control inventory and map controls to frameworks and obligations, including NIST SP 800 53, FedRAMP, GovRAMP, PCI DSS, and FISMA.
• Drive policy and standard lifecycle, including authorship, reviews, approvals, and rollout.
• Risk management, including register hygiene, assessments, and treatment plans.
• Partner with Legal, Privacy, Engineering, IT, and Product to meet regulatory and contractual obligations.
• Coordinate incident response readiness runbooks, tabletop exercises, and post-incident improvements.
• Influence architecture and SDLC to embed security by design and automation-first practices.
• Coordinate security awareness activities for internal users on best practices.
• Manage vendor third-party risk management due diligence, contractual requirements, and monitoring.
• Ensure that identity and access management standards are consistently respected across all systems.

What elements of your professional background will be necessary and useful in this role?

What are the assets that would make you stand out?

I appreciate your interest in SOVRA . However, only selected candidates will be contacted.

At SOVRA , we are committed to fostering an inclusive and equitable workplace. We are an equal opportunity employer and do not discriminate against any employee or applicant for employment based on race, colour, religion, gender, sexual orientation, gender identity or expression, national origin, age, disability, marital status, veteran status, or any other characteristic protected by applicable laws. We provide a work environment free from discrimination and harassment. In addition, we are committed to ensuring pay equity across our organization and regularly review our compensation practices.

SOVRA , through its wholly owned subsidiary International Data Base Corp., doing business as BidNet, participates in E-Verify. If selected for employment, you will be required to provide your Form I-9 information to confirm that you are authorized to work in the United States.

SOVRA a través de su subsidiaria de propiedad total International Data Base Corp., que opera bajo el nombre comercial BidNet, participa en E-Verify. Si es seleccionado para empleo, se le solicitará proporcionar la información de su Formulario I-9 para confirmar que usted está autorizado para trabajar en los Estados Unidos.