Clio is the global leader in legal AI technology, empowering legal professionals and law firms of every size to work smarter, faster, and more securely.
We are transforming the legal experience for all by bettering the lives of legal professionals while increasing access to justice.
Summary:About the TeamCorpSec is transitioning and growing at Clio, into a focused mission-driven function within the organization. Security systems and practices are already in place, this role will be responsible for adopting and unifying the systems, communication, and oversight of security systems from across IT Systems, Application Security, and Compliance. Build upon the existing trust within the organization, define a unified approach, configure, formalize the program in accordance to Compliance requirements. This role is available to candidates across Canada, excluding Quebec. If you are local to one of our hubs (Burnaby, Calgary, or Toronto) you will be expected to be in office minimum twice per week on one of our Anchor Days.
Your team will work closely with the IT Systems, Application Security, People, Compliance, and IT Services teams to ensure appropriate security coverage in detection, response, and establishing non-adversarial techniques.
About the RoleThis role is established for the purpose of driving the cybersecurity definitions and posture across our fleet and systems — leading investigations, owning incident response end-to-end, and improving the operational quality of how we detect and respond to threats. You will protect Clio from internal and external threats, accidental and intentional.
As Senior CorpSec Analyst, you are both a senior operator and a project lead. You own detection and response work end-to-end, lead high-severity incidents, and raise the quality and velocity of how the team operates. You stay hands-on with the tools that matter — DLP, EDR, phishing, SIEM, SSO — and you turn ambiguous patterns into runbooks, automations, and durable improvements.
The successful candidate is a force-multiplier. They recognize the importance of resolving incidents and closing tickets, they are also the person within the team that makes the teams an processes around them better. You coach junior analysts, lead high-severity investigations, and partner with adjacent teams to close gaps that no single team owns. Familiarity and proficiency with AI tooling is expected; you will help define how we use it in detection and response responsibly. Where there may be a built up pain tolerance to inefficiencies or legacy processes, you learn to understand them and propose updates or rewrites when the base objective is no longer being met.
What You'll DoBuild & Run — Technical & Operational
The role has senior technical expectations, including raising the operational bar of the team.
Lead investigations and incident response for medium- and high-severity security events — phishing campaigns, insider risk, compromised accounts, data-loss concerns — owning the response from triage through resolution and post-incident review.
Own detection engineering across the corporate security stack — tune DLP, EDR, phishing templates, remediations, and SSO/IdP signals; build correlation rules; reduce false-positive rates without sacrificing coverage.
Drive root-cause analysis after incidents and near-misses, then translate findings into durable runbook, control, and tooling changes.
Build and maintain automations and integrations that move work left — auto-remediation playbooks, signal enrichment, evidence collection pipelines.
Define, document, and evolve internal incident response playbooks for insider threat, compromised device, and data-loss scenarios.
Partner with the Manager, CorpSec on tooling decisions — evaluate, configure, and operate platforms across EDR, DLP, phishing, SIEM, and SOAR.
Tune and evolve security tooling for AI detection — address risks of unauthorized data movement, agentic workflows, and the lethal trifecta.
Drive correlation and visibility capability across Clio's security stack so detection and investigation stay timely as the company continues to grow.
Lead & Improve — Team & Cross-Functional
Act as incident commander on high-severity events — coordinate response across respective teams, as needed; communicate clearly to stakeholders during and after.
Raise the operational bar of the team — coach junior analysts, review their investigations, share patterns and gotchas, and write documentation, scripts, and/or automations for others to learn from.
Identify operational health problems before they become incidents — propose, prioritize, and execute the work to close gaps.
Drive cross-team initiatives that no single team owns — DLP policy refinement, MDM coverage, audit log centralization, AI tooling guardrails.
Support security compliance requirements for SOC 2, ISO 27001, GovRAMP, and PCI-DSS — own and design technical evidence pipelines, not just one-off collection.
Maintain Clion trust by communicating transparently and proportionately — we design to protect, not to surveil.
5–8 years of hands-on experience in security operations, detection engineering, or incident response.
Deep hands-on experience with at least three of: EDR, DLP, Phishing platforms, SIEM, or Google Workspace security controls — you've configured, tuned, and operated them in production.
Demonstrated experience leading security incidents end-to-end — you've been the incident commander, not just a contributor.
Track record of root-cause investigation — you fix the problem, not the symptom, and translate the fix into a durable control or automation.
Strong written communication — your runbooks, post-incident reviews, and decisions are easy to follow for engineers outside CorpSec.
Demonstrated ability to coach or mentor more junior analysts — you raise the bar of those around you, not just your own.
Comfort with ambiguity — you can take an open-ended problem ("our DLP signal-to-noise is bad") and produce a concrete, prioritized plan.
A healthy curiosity to look for the why and fix the problem rather than the symptom.
Experience using, observing, and securing AI systems, platforms, and agents.
Growth mindset when it comes to process improvement and new technologies, especially AI.
Experience designing or operating SIEM or detection-as-code pipelines.
Experience contributing to security compliance programs including SOC 2, ISO 27001, GovRAMP, or FedRAMP.
Scripting fluency (Python, Bash, PowerShell) for automating investigation, evidence collection, and remediation.
Industry certifications such as CISSP, CISM, GCIH, GCIA, or CompTIA Security+.
Comfortable jumping onto due-diligence calls if Compliance requires assistance with customer Risk Interviews.
You're a force multiplier — when you're on a project, the whole team gets better.
You lead with calm under pressure — when an incident lands, people feel the response tighten, not panic.
You document decisions for the engineer who comes after you — your runbooks outlive the on-call rotation that wrote them.
You're principled about the visibility-trust tension — you treat security communication as a trust-building exercise.
You're energized by improving systems, not just operating them — you leave every tool, runbook, and process measurably better than you found it.
#LI-Remote
This is a new role.What you will find here:
Compensation is one of the main components of Clio’s Total Rewards Program. We have developed a series of programs and processes to ensure we are creating fair and competitive pay practices that form the foundation of our human and high-performing culture.
Some highlights of our Total Rewards program include:
Competitive, equitable salary with top-tier health benefits, dental, and vision insurance
Hybrid work environment, with expectation for local Clions (Vancouver, Calgary, Toronto, Dublin, London, New York City and Sydney) to be in office min. twice per week.
Flexible time off policy, with an encouraged 20 days off per year.
$2000 annual counseling benefit
RRSP matching and RESP contribution
Clioversary recognition program with special acknowledgement at 3, 5, 7, and 10 years
*Our salary bands are designed to reflect the range of skills and experience needed for the position and to allow room for growth at Clio. For experienced individuals, we typically hire at or around the midpoint of the band. The top portion of the salary band is reserved for employees who demonstrate sustained high performance and impact at Clio. Those who are new to the role may join below the midpoint and develop their skills over time. The final offer amount for this role will be dependent on geographical region, applicable experience, and skillset of the candidate.
Diversity, Inclusion, Belonging and Equity (DIBE) & Accessibility
Our team shows up as their authentic selves, and are united by our mission. We are dedicated to diversity, equity and inclusion. We pride ourselves in building and fostering an environment where our teams feel included, valued, and enabled to do the best work of their careers, wherever they choose to log in from. We believe that different perspectives, skills, backgrounds, and experiences result in higher-performing teams and better innovation. We are committed to equal employment and we encourage candidates from all backgrounds to apply.
Clio provides accessibility accommodations during the recruitment process. Should you require any accommodation, please let us know and we will work with you to meet your needs.
Learn more about our culture at clio.com/careers
We're a Human and High Performing AI company, meaning we use artificial intelligence to improve all of our operations. In recruitment, AI helps us streamline the process for greater efficiency. However, we've built our systems to ensure that a human always reviews AI-generated output, and we never make automated hiring decisions.
Disclaimer: We only communicate with candidates through official @clio.com email addresses.
Clio Toronto, Ontario, CAN Office
330 Bay Street #1000, Toronto, Ontario, Canada, M5H 2S8

.png)

