Employment Type- Part-time (15–20 hrs/week); potential to grow to full-time
Reports to- VP of Engineering
Location- Remote — must be Ontario-based; head office is in Toronto
Target Start- As soon as possible
About Habitat Learn
Habitat Learn is an education technology company focused on making learning accessible for every student.
Our products include Messenger Pigeon, an AI-powered platform for learning, note-taking, and live captioning, and Podium Solution, an on-device classroom accessibility platform designed with privacy and security at its core. Our technology is used by educational institutions including Harvard, UC Berkeley, Yale, the University of Toronto, and Humber Polytechnic to support more inclusive and accessible learning environments.
We are a design-led company with privacy, security, and data sovereignty as core principles. Podium Solution processes audio entirely on-device by design. We also provide Apple hardware to our team to ensure consistency, security, and performance across our workflows.
As we scale across North America, we are formalizing our security and compliance function to support institutional requirements and evolving public-sector standards.
About the Role
This is a newly created role at Habitat Learn for someone early in their career who is eager to take ownership, learn quickly, and grow within a fast-moving EdTech company.
As our first dedicated Security & Compliance Associate, you will support and help strengthen our security and compliance program across multiple frameworks, including SOC 2, ISO 27001, HIPAA, HECVAT, and Texas RAMP.
You will not be working alone. We are currently engaged with the Humber Polytechnic Digital Tech Hub for a cybersecurity assessment, followed by ongoing advisory support. This provides a structured foundation, external expertise, and a clear remediation roadmap. Your role will be to help operationalize and execute this roadmap internally.
You will work closely with the VP of Engineering and engineering leadership to ensure security and compliance requirements are embedded into day-to-day product and infrastructure operations.
What You’ll Do
Compliance & Documentation
- Support ongoing compliance activities across SOC 2, ISO 27001, HIPAA, HECVAT, and TX-RAMP
- Collect, organize, and maintain audit evidence and security documentation
- Help draft and maintain security policies, procedures, and internal standards
- Complete security questionnaires and HECVAT submissions for institutional procurement
- Maintain a compliance tracker and support audit readiness activities
Cybersecurity Assessment Follow-Through
- Review findings from the Humber Digital Tech Hub cybersecurity assessment
- Track remediation tasks and help coordinate follow-up with engineering and leadership
- Support updates to the risk register and documentation of control gaps and resolutions
- Act as an internal coordinator for progress tracking and reporting
Security Operations Support
- Support user access controls, provisioning, and offboarding processes
- Assist with vendor security reviews and BAA tracking
- Help coordinate internal security awareness and training activities
- Support Apple device management processes (MDM, Apple Business Manager)
Stakeholder Support
- Support responses to customer security reviews and procurement due diligence requests
- Assist in preparing compliance and security status updates for leadership
- Stay informed on relevant privacy and data protection regulations (FERPA, PIPEDA, etc.)
How to Apply
Attach your resume and a short paragraph in the summary section of the application form (a few sentences is fine).
Please include:
- What program you studied
- Any exposure to security, privacy, or compliance work
- Why Habitat Learn interests you
This role is open to candidates across Ontario, however candidates in other areas can be considered. We have strong ties with Humber Polytechnic but welcome applicants from any relevant program. Applications are reviewed on a rolling basis.
Requirements
What We’re Looking For:
Education
- Recent graduate (within 1–2 years) of a diploma or degree in Cybersecurity, Protection & Security Investigation, IT Security, Network Security, or a related field
- Ontario institutions such as Humber Polytechnic, Seneca Polytechnic, George Brown College, or equivalent programs are strongly welcomed
- Coursework in cybersecurity frameworks, risk management, or privacy law is an asset
Skills & Attributes
- Strong attention to detail and highly organized approach to documentation
- Clear written communication skills (policy writing and institutional responses are key parts of the role)
- Comfortable working independently in a fast-paced, evolving environment
- Curious about security and privacy, with an interest in understanding underlying systems (not just processes)
- Ability to manage multiple priorities and stay structured in a startup setting
Nice to Have
- Exposure to frameworks such as SOC 2, ISO 27001, NIST, HIPAA, or similar
- Familiarity with Apple device management or enterprise IT environments
- Entry-level certifications (e.g., CompTIA Security+, ISC2 CC)
- Experience with tools such as Vanta, Drata, Notion, or Jira
- Prior co-op, internship, or volunteer experience in IT, security, or compliance
Benefits
What You’ll Get:
- A meaningful first role with real ownership (not an internship-style support role)
- Direct mentorship from the VP of Engineering and exposure to company leadership
- Structured guidance through the Humber Digital Tech Hub cybersecurity assessment
- Hands-on experience across multiple enterprise compliance frameworks
- Exposure to real institutional procurement and security processes
- A mission-driven product supporting accessibility in education
- Remote Employment
- Health Benefits
