Senior Security Specialist

Teckhorizon Inc

Job Location:

Toronto - Canada

Monthly Salary: Not Disclosed

Posted on: 3 days ago

Vacancies: 1 Vacancy

Job Summary

Overview

Our Client is seeking two Senior Security Specialists with extensive experience in Threat Risk Assessments (TRA) threat modeling vulnerability assessment and security risk management.

The successful candidates will support the growth and maturity of the Security Risk Management and Information Security Office by conducting end-to-end risk assessments identifying security risks developing threat models and recommending mitigation strategies aligned with industry standards and regulatory requirements.

Key Responsibilities

Conduct comprehensive Threat Risk Assessments (TRAs) across systems applications business processes and organizational assets.
Identify evaluate and prioritize security threats and vulnerabilities.
Develop and apply threat modeling methodologies to assess risk exposure.
Analyze the likelihood and impact of security threats and risk scenarios.
Maintain risk registers and document identified risks owners and remediation plans.
Produce detailed assessment reports and executive-level summaries.
Collaborate with business and technical stakeholders to understand risk tolerance and business objectives.
Recommend practical mitigation and remediation strategies.
Support security governance audit compliance and risk management initiatives.
Ensure alignment with organizational regulatory and industry security standards.
Contribute to continuous improvement of security risk management practices and frameworks.
Stay current with emerging cybersecurity threats vulnerabilities and best practices.

Mandatory Qualifications (10 Years)

Candidates must demonstrate:

Deep knowledge of risk management frameworks such as:
- ISO 31000
- NIST Risk Management Framework (RMF)
Strong experience with threat modeling methodologies such as:
- STRIDE
- DREAD
Expertise in:
- Threat identification and analysis
- Vulnerability assessment
- Risk prioritization across cyber physical and operational environments
Strong analytical and risk assessment capabilities including:
- Risk assessment matrices
- Risk scoring methodologies
Excellent communication and reporting skills with experience presenting findings to:
- Technical teams
- Senior leadership
- Executive stakeholders
Knowledge of legal regulatory and compliance requirements including:
- PHIPA/PHIPAA
- Industry security standards
Ability to proactively identify emerging threats and adapt to changing risk landscapes.

Desired Skills & Experience

Risk Management & Assessment (10 15 Years)

Conducting TRAs using frameworks such as:
- ISO 31000
- NIST RMF
- FAIR

Threat Modeling (10 15 Years)

Experience with:
- STRIDE
- PASTA
- MITRE ATT&CK
Creation of:
- Data flow diagrams
- Attack trees
- Threat models

Information Security Governance (7 Years)

Strong understanding of:
- ISO 27001
- NIST Cybersecurity Framework (CSF)
- CIS Controls

Communication & Reporting (10 Years)

Executive reporting
Technical documentation
Risk registers
Stakeholder presentations

Key Deliverables

The consultant will be expected to produce:

Threat Risk Assessment (TRA) Reports
Risk Registers
Threat Modeling Diagrams
Risk Assessment Matrices
Asset Inventory and Classification Documentation
Vulnerability Assessment Reports
Security Gap Analysis Reports
Mitigation and Remediation Plans
Executive Summaries
Compliance Mapping Documentation
Stakeholder Presentation Decks

Overview Our Client is seeking two Senior Security Specialists with extensive experience in Threat Risk Assessments (TRA) threat modeling vulnerability assessment and security risk management. The successful candidates will support the growth and maturity of the Security Risk Management and Informat...

Overview

Our Client is seeking two Senior Security Specialists with extensive experience in Threat Risk Assessments (TRA) threat modeling vulnerability assessment and security risk management.

Key Responsibilities

Conduct comprehensive Threat Risk Assessments (TRAs) across systems applications business processes and organizational assets.
Identify evaluate and prioritize security threats and vulnerabilities.
Develop and apply threat modeling methodologies to assess risk exposure.
Analyze the likelihood and impact of security threats and risk scenarios.
Maintain risk registers and document identified risks owners and remediation plans.
Produce detailed assessment reports and executive-level summaries.
Collaborate with business and technical stakeholders to understand risk tolerance and business objectives.
Recommend practical mitigation and remediation strategies.
Support security governance audit compliance and risk management initiatives.
Ensure alignment with organizational regulatory and industry security standards.
Contribute to continuous improvement of security risk management practices and frameworks.
Stay current with emerging cybersecurity threats vulnerabilities and best practices.

Mandatory Qualifications (10 Years)

Candidates must demonstrate:

Deep knowledge of risk management frameworks such as:
- ISO 31000
- NIST Risk Management Framework (RMF)
Strong experience with threat modeling methodologies such as:
- STRIDE
- DREAD
Expertise in:
- Threat identification and analysis
- Vulnerability assessment
- Risk prioritization across cyber physical and operational environments
Strong analytical and risk assessment capabilities including:
- Risk assessment matrices
- Risk scoring methodologies
Excellent communication and reporting skills with experience presenting findings to:
- Technical teams
- Senior leadership
- Executive stakeholders
Knowledge of legal regulatory and compliance requirements including:
- PHIPA/PHIPAA
- Industry security standards
Ability to proactively identify emerging threats and adapt to changing risk landscapes.