Senior Security Specialist

Senior Security Specialist – Governance, Risk & Compliance (GRC) / Cyber Defence

Location:
Toronto, ON (Hybrid – up to 3 days onsite)

Contract Length: 2-3 months to start
(with potential extension)

Sector:
Public Sector / Healthcare

A leading
public-sector organization in Ontario
is seeking a highly experienced
Senior Security Specialist
to support multiple initiatives across
Security Governance, Risk & Compliance (GRC), and Cyber Defence Operations
. This role will act as a
subject matter expert
in security risk management, policy development, compliance, and audit readiness, while contributing to the ongoing maturity of the enterprise security program.

This opportunity is ideal for a senior-level security professional with deep expertise in
risk assessment frameworks, compliance and audit standards, and security governance
, who thrives in collaborative, high-impact environments.

Key Responsibilities

• Act as a
  security subject matter expert
  across multiple security risk management initiatives, including conducting and facilitating
  Threat and Risk Assessments (TRA)
  .
• Analyze proposed solution architectures, system designs, and IT development processes to identify security threats, vulnerabilities, and risks.
• Evaluate and interpret assessment reports based on
  NIST Cybersecurity Framework (CSF)
  and other recognized standards.
• Develop and recommend
  risk mitigation strategies
  aligned with enterprise risk tolerance and regulatory requirements.
• Lead and contribute to
  security governance activities
  , including development and maintenance of security policies, standards, procedures, and processes.
• Coordinate with internal and external stakeholders to implement security controls and address audit findings.
• Track security control implementation to ensure compliance with applicable regulations and audit frameworks.
• Support and contribute to the evolution of the organization's
  cybersecurity strategy, governance, and assurance practices
  .
• Deliver presentations and security briefings to technical teams, business stakeholders, and senior leadership.
• Guide
  offensive security practices
  , methodologies, tools, and processes.
• Stay current on evolving industry best practices, security frameworks, and legislative requirements, assessing impacts to the organization.
• Utilize strong communication, negotiation, and conflict-resolution skills to align stakeholders with differing priorities.

Required Qualifications & Experience

• 7+ years of experience
  in security risk management models for assessing and mitigating risk exposure.
• Extensive experience conducting
  Threat and Risk Assessments
  using frameworks such as:
• NIST CSF (including CSF 2.0)
• HTRA (Harmonized Threat Risk Assessment)
• ISO 27001 / ISO 27002
• Strong experience analyzing security assessment reports and translating findings into actionable recommendations.
• Proven experience in
  security governance
  , including developing policies, standards, processes, and procedures.
• Hands-on experience working with
  compliance and audit frameworks
  , including:
• PHIPA
• SOC 2 Type II
• Information Privacy Commissioner (IPC) audits
• Ontario Auditor General's Office (OAGO) audits
• Deep understanding of security threats, vulnerabilities, and safeguards across applications, infrastructure, and enterprise environments.
• Strong analytical and risk communication skills, with the ability to present complex concepts to both technical and executive audiences.
• Experience with security and IT management frameworks such as
  SABSA
  and
  COBIT
  .
• Demonstrated ability to work collaboratively, lead initiatives, and influence cross-functional teams.

Desired Qualifications

• 10+ years of experience
  across security domains such as GRC, IT audit, cyber defence, or third-party risk management.
• Bachelor's or Master's degree in Computer Science, Information Technology, Cyber Security, or a related field (or equivalent experience).
• Professional security certifications
  required (one or more):
• CISSP
• CISM
• CISA
• CRISC
• CCSP
• Experience in public sector or healthcare environments (asset).

If you are a senior security professional with a passion for
risk management, compliance, and strengthening enterprise security programs
, this role offers a high-impact opportunity to contribute to meaningful public-sector initiatives. If interested, apply to the job posting directly or send your resume to for immediate consideration.