Sr. Security Specialist (GRC) (Part-Time)
Back to All Jobs
[social_share]
Our client requires a Senior Security Specialist to support and deliver on multiple initiatives related to Security Governance, Risk and Compliance (GRC) and Cyber Defense Operations. This includes leading multiple initiatives related to security strategy, security audit and compliance requirements and findings, security governance including policies, standards and processes development and security risk management procedures.
Work is remote within the Province of Ontario. The role is Part-Time, working the equivalent of 78 business days for Fiscal Year 2026/2027, and 47 business days in Fiscal Year 2027/2028.
Remote within Ontario
Mandatory Requirements
Mandatory Requirements Include:
- Public Sector experience is a must have
- Minimum 8 years of hands-on experience with IPC (very strong) and OAGO audits.
- Minimum 5 years extensive experience in conducting comprehensive security Threat and Risk Assessment (TRA) using frameworks such as NIST CSF, HTRA, and ISO 27001. Risk Assessment, mitigation recommendations and management with a strong focus on identifying vulnerabilities, analyzing potential impacts, and delivering actionable risk mitigation to stakeholders.
- Minimum 5 years of extensive experience with Information security governance, developing policies and standards with a strong ability to identify gaps between the current security posture and industry standards, best practices, and regulatory requirements.
- 5+ years of experience authoring executive-level reports, developing cyber security program and risk registers, and delivering presentations to stakeholders and senior leadership.
Required Skills:
- An understanding of risk assessment methodologies such as HTRA and CSF, and frameworks such as NIST and ISO 27001/2.
- Knowledge and experience developing and working with security architecture, and IT management frameworks such as SABSA, and CoBIT.
- Strong knowledge and demonstrated experience working with compliance and audit frameworks including PHIPA, SOC 2 TII, OAGO audits.
- Hands on experience with IPC triennial audits
- Technical writing expertise and demonstrated knowledge and experience in developing Information security policies and standards in alignment with PHIPA, IPC requirements and industry standards.
- Strong understanding and ability to interpret and communicate risk management concepts.
- Good experience & knowledge of TRA methodologies and other risk assessment methodologies and tools, and familiarity with related security tests and test methodologies
- Deep understanding of typical security threats, vulnerabilities and safeguards relevant to IT systems.
- Experience in writing and presenting subject matter information that is both comprehensive and easy to understand.
- Excellent communication and reporting abilities to effectively present findings and risk mitigation strategies to both technical teams and executive stakeholders.
- Experience and working knowledge of risk management lifecycle, processes, and concepts.
- Strong analytical skills to assess potential impacts and likelihoods of various threat scenarios.
Desirable Requirements
- 10+ years’ experience in various security domains including third-party risk management, IT audits and/or Security Governance, Risk and Compliance (GRC)
- Bachelor’s or Master’s degree in Computer Science, Information Technology, Cyber Security, Systems or other related field, or equivalent work experience.
- Professional certifications in information/cyber security (e.g. CISSP, CCSP, CISA, CISM, CRISC) is required.
- Knowledge of prevalent industry standards (ISO 27001/27002, NIST, CIS, COBIT)
Job Posting ID: 56952
Location: Remote within Ontario
Estimated Starting Date: Aug 17, 2026
Estimated End Date: till Aug 13, 2027 + pos. extension
Posting Closing Date: July 23, 2026
Apply for this Job Posting
Fill in the form below to submit your application for this position.
