IT Security & Operations Specialist

Join Riverside Natural Foods Ltd., a $300 million+ Canadian-based, family-owned, and globally operating business, committed to leaving the world better than we found it. As a B-Corp certified, Triple-Bottom Line company, we proudly manufacture nutritious, 'better-for-you' snacks such as MadeGood and GOOD TO GO. We value teamwork, humility, respect, ownership, adaptability, grit, and fun.

We're on an ambitious mission to double our business by 2027, and we need talented individuals like you to help us reach new heights. At Riverside, you'll have the opportunity to chart your own path to success while contributing to ours. We believe anything worth doing is worth doing right, and our values will guide us through the rugged terrain – and yes, it will get rough. But that's what makes the journey worthwhile.

So, lace up your boots and let's tackle the climb together.

You can learn more about us at www.riversidenaturalfoods.com.

• *Job Description**
• *Position:**

IT Security & Operations Specialist

• *Department:**

Business Transformation & Technology

• *Reporting To:**

Information Security Manager

• *Last Revised:**

March 3, 2026

• *Approved** **By:**

Ning Dong

• *The Opportunity:**

As a family owned and led company, Riverside Natural Foods ("Riverside" or the "Company") has the freedom to pursue our founders' vision of being a values-based and purpose driven food company that puts people first – our employees, our consumers, our partners, and our communities. Our purpose of "inspiring a healthier and more compassionate world" starts within our four walls and extends well beyond them to include everyone we can positively impact through our products, our business, and our relationships.

Continued rapid growth, fueled by our focus on building a bigger, more capable, more productive, and more responsible business, has created the opportunity to add an IT Security & Operations Specialist role.

• *Position Summary:**

The IT Security & Operations Specialist supports Riverside's cybersecurity operations and selected IT administration activities. This role is responsible for monitoring and responding to security events, administering key Microsoft security controls, supporting phishing and awareness programs, and helping maintain secure identity, endpoint, and collaboration environments. The role also provides hands-on support for selected IT operational processes, including user lifecycle management, endpoint administration, and coordination with Infrastructure and Helpdesk teams. Success in this role requires strong judgment, attention to detail, and the ability to balance security priorities with day-to-day operational support.

• *Primary Responsibilities:**
• Monitor SIEM, EDR, and other security tools for suspicious activity and security alerts.
• Investigate and respond to security incidents, including containment, eradication, and recovery efforts.
• Conduct root cause analysis and maintain detailed incident documentation.
• Track and manage Incident and Change Request SLAs.
• Coordinate and execute phishing simulation campaigns and report on outcomes.
• Ensure end users complete mandatory cybersecurity awareness training and track compliance metrics.
• Provide appropriate phishing response actions, including analysis of spam/phishing emails, reporting, and taking corrective action.
• Implement and maintain security controls, including MFA, encryption, Data Loss Prevention (DLP), and endpoint protection.
• Assist the Information Security Manager with cybersecurity projects and new security implementations or improvements.
• Maintain accurate documentation of policies, procedures, risk assessments, and incident reports.
• Administer and support the Microsoft 365 environment, including core security controls, user administration, Exchange Online, SharePoint, and Teams.
• Manage and maintain Windows Server environments, including Active Directory, Group Policy, DNS, DHCP, and user access management to ensure secure and reliable operations.
• Administer endpoint management solutions such as Microsoft Intune for device provisioning, patch management, software deployment, and security policy enforcement.
• Support identity and access management by configuring Microsoft 365, Microsoft Entra ID, MFA, and SSO integrations while ensuring compliance with IT security policies.
• Deliver the IT security components of the user onboarding and offboarding process, ensuring secure access provisioning and deprovisioning.
• Collaborate with IT Infrastructure and Helpdesk teams to strengthen cybersecurity operations and overall IT resilience.
• Support continuous improvement initiatives related to cybersecurity posture and compliance.

•