Security Specialist 0145-2212

Join to apply for the Security Specialist 0145-2212 role at Foilcon 1 day ago Be among the first 25 applicants Get AI-powered advice on this job and more exclusive features. HM Note: This hybrid contract role is two (2) days in office. Candidates' resumes must include first and last name. Description Seeking experienced cybersecurity professionals with practical expertise in Governance, Risk, and Compliance (GRC) solutions to optimize our Vendor Risk Management program and perform third-party vendor assessments while aligning with the business objectives. Experience/skills Required A minimum of seven (7+) years of experience in information security, including working with large security projects Strong communication, interpersonal, and presentation skills for engaging with diverse stakeholders Expertise in security governance, risk management, and compliance, including developing road maps, policies, standards, procedures, and processes Proven experience in contractual security requirements and third-party risk management through RFP processes and vendor evaluations throughout procurement lifecycle Ability to work in cross-functional teams, communicating complex technical information to all levels of the organization, including leadership Proficient in cybersecurity risk management and third-party risk management tools (e.g., ServiceNow, OneTrust, Audit Board) Experience with development of security processes, procedures, and standards documentation Strong knowledge of industry standards and regulations such as PCI-DSS, NIST, ISO 27001, and the ability to ensure compliance Strong time management skills and the ability to prioritize project work and ongoing responsibilities Self-motivated with the ability to work independently in a fast-paced environment Proficiency with standard Microsoft Office tools such as Word, Excel, PowerPoint, PowerBI, and Visio Deliverables Lead security and vendor risk assessments, identifying risks and gaps, and developing mitigation strategies for third-party vendors. Conduct detailed assessments of third-party vendors' security domains, communicate findings, and prepare reports for management and stakeholders. Develop and implement cybersecurity governance frameworks, policies, and procedures in collaboration with cross-functional teams. Support audit, compliance, and regulatory requests with thorough documentation and analysis. Collaborate with internal teams and vendors to develop cybersecurity requirements for new solutions, ensuring alignment with security policies and standards. Work with project teams to recommend and implement security controls to address identified risks. Coordinate with Enterprise Architecture, Solution Delivery, Security, and Operations teams to ensure security solutions meet compliance and standards. Identify requirements for policies and standards, and work with relevant teams for creation, review, and approval. Act as a cybersecurity resource for project-based work. Work with project teams to identify and recommend security controls to remediate risks. Ensure ongoing compliance with regulatory requirements and Metrolinx standards. Develop security processes, procedures, governance artifacts, and controls within the Cybersecurity Risk Management and Governance/Compliance Programs. Assist with security audits and threat/risk assessments to ensure policy compliance and work with teams to address security exposures. Provide advice, risk assessments, and technical assistance in implementing security controls for projects. Communicate regularly with cybersecurity teams, stakeholders, and project teams, escalating matters as necessary. Support the implementation of security principles, policies, and standards aligned with industry best practices. Additional Terms Education A current security designation (CISSP, CISM, CCSP, or CISA) Must Haves 7+ years' experience in information security, including large security projects Proven experience in contractual security requirements and third-party risk management Proficient in cybersecurity risk management and third-party risk management tools (e.g., ServiceNow, OneTrust, Audit Board) Strong knowledge of industry standards and regulations such as PCI-DSS, NIST, ISO 27001, and compliance ability Seniority level Mid-Senior level Employment type Contract Job function Other, Information Technology, and Management Industries IT Services and IT Consulting #J-18808-Ljbffr