On-siteFull Time

Salary

$117.33 / hr

Location

Regent Park, ON

Regent Park, Ontario M5A 3N7

Posted

Jul 17, 2026

Role overview

Our Client is seeking a Senior Security Specialist to support Information Security Office. The consultant will lead initiatives across security governance, risk and compliance, cyber defence operations, security audits, policy development, risk assessments, and regulatory compliance.

Key Responsibilities

Conduct comprehensive Threat and Risk Assessments using HTRA, NIST CSF, ISO 27001/27002, and other recognized methodologies.
Identify security vulnerabilities, assess threat likelihood and business impact, and provide actionable risk-mitigation recommendations.
Develop and maintain information security policies, standards, procedures, and governance processes.
Lead and support IPC triennial audits, OAGO audits, PHIPA compliance reviews, and SOC 2 Type II assessments.
Identify gaps between the organization's current security posture and regulatory, industry, and security requirements.
Develop cybersecurity strategies, risk registers, governance frameworks, and security program performance reports.
Support the implementation of a new enterprise Governance, Risk and Compliance platform.
Review Threat and Risk Assessments, vulnerability assessment reports, penetration-testing reports, and other security documentation.
Prepare executive-level reports and deliver findings, recommendations, and risk-mitigation strategies to senior leadership.
Collaborate with technical teams, business stakeholders, auditors, and executives throughout security and compliance initiatives.
Provide complete documentation, knowledge transfer, and walkthroughs before the end of the engagement.

Mandatory Requirements

Minimum 8 years of strong, hands-on experience with IPC and OAGO audits.
Minimum 5 years of experience conducting comprehensive Threat and Risk Assessments using HTRA, NIST CSF, and ISO 27001.
Minimum 5 years of experience in information security governance, including the development of policies, standards, processes, and procedures.
Minimum 5 years of experience developing executive reports, cybersecurity programs, risk registers, and presentations for senior leadership.
Strong experience with PHIPA, SOC 2 Type II, IPC, and OAGO compliance and audit requirements.
Demonstrated public-sector experience.
Strong knowledge of risk assessment, risk treatment, mitigation planning, and the risk-management lifecycle.
Excellent technical writing, communication, reporting, and stakeholder-presentation skills.

Preferred Qualifications

10+ years of experience across security governance, GRC, IT audit, third-party risk management, or related security domains.
Bachelor's or Master's degree in Computer Science, Information Technology, Cybersecurity, Systems, or a related field.
Professional security certification such as CISSP, CISM, CISA, CRISC, or CCSP.
Knowledge of ISO 27001/27002, NIST, CIS, COBIT, and SABSA.
Strong understanding of security threats, vulnerabilities, safeguards, testing methodologies, and security architecture.