Security Specialist

Back to All Jobs
[social_share]

Our client requires a security specialist to lead a full end to end Threat Risk Assessment (TRA) to evaluate the security posture of complex information systems, applications, infrastructure, and related business processes. Responsibilities include identifying threats, analyzing vulnerabilities, and assessing risk likelihood and impact using industry frameworks such as ISO 31000, NIST RMF, and FAIR. Deliverables include detailed risk ratings, mitigation strategies, and executive level insights to strengthen overall cybersecurity and regulatory compliance.

Work is onsite at client location in Toronto, ON.

Toronto, Ontario (Onsite)

Responsibilities
  • Conducting comprehensive Threat Risk Assessments across systems, applications, infrastructure, and business processes using frameworks such as ISO 31000, NIST RMF, and FAIR.
  • Performing threat modeling (STRIDE, MITRE ATT&CK), architecture reviews, data flow analysis, and security control evaluation to identify attack vectors and gaps.
  • Analyzing vulnerabilities, risk scenarios, and compliance requirements, producing detailed TRA reports, risk registers, and mitigation recommendations.
  • Developing artifacts including threat modeling diagrams, risk assessment matrices, asset classifications, vulnerability summaries, and gap analyses.
  • Presenting findings to technical stakeholders and executives, supporting integration of remediation plans into broader security strategy and risk management frameworks.
  • Supporting audit and compliance efforts while contributing to continuous improvement of security governance, risk methodologies, and organizational cybersecurity practices
Mandatory Requirements
  • 8+ years of expertise in identifying, evaluating, and prioritizing threats and vulnerabilities across physical, cyber, and operational domains.
  • 8+ years strong analytical skills to assess potential impacts and likelihoods of various threat scenarios.
  • 8+ years familiarity with legal, regulatory, and compliance requirements, ensuring assessments align with organizational and industry standards (e.g., PHIPAA -Personal Health Information Protection Act).
  • 8+ years proactive mindset and situational awareness to anticipate and adapt to emerging threats in a dynamic risk environment.
  • In-depth knowledge of risk management frameworks (e.g., ISO 31000, NIST RMF- Risk Management Framework) and threat modelling methodologies (e.g., STRIDE, DREAD).
  • Expertise in identifying, evaluating, and prioritizing threats and vulnerabilities across physical, cyber, and operational domains.
  • Proficiency risk assessment matrices
  • Excellent communication and reporting abilities to effectively present findings and risk mitigation strategies to both technical teams and executive stakeholders.
Desirable Requirements
  • Public Sector experience
  • Demonstrated expertise in enterprise risk analysis, with a solid background in applying risk management frameworks such as ISO 31000, FAIR (Factor Analysis of Information Risk), and NIST RMF to identify, evaluate, and prioritize organizational security risks.
  • Hands-on experience conducting structured threat analysis, utilizing methodologies like STRIDE, PASTA (Process for Attack Simulation and Threat Analysis), and MITRE ATT&CK. Familiarity with creating threat models, mapping attack surfaces, and visualizing system flows to uncover security weaknesses.
  • Strong command of cybersecurity governance practices, including the development and enforcement of information security policies and standards. Practical understanding of how to align internal controls with recognized frameworks like ISO 27001, NIST CSF, and the CIS Critical Security Controls.
  • Proven ability to translate technical risk findings into clear business language, producing high-quality documentation such as executive summaries, detailed risk reports, and stakeholder presentations. Skilled in managing communication between technical teams and leadership to drive informed decision-making.

Job Posting ID: 56709

Location: Toronto, Ontario (Onsite)

Estimated Starting Date: Apr 1, 2026

Estimated End Date: till Mar 31, 2027

Posting Closing Date: March 20, 2026

Back to All Jobs

Apply for this Job Posting

Fill in the form below to submit your application for this position.

  • This field is for validation purposes and should be left unchanged.
  • Accepted file types: doc, pdf, docx, Max. file size: 512 MB.