close-menu

Security Specialist 0390-1217

Foilcon

Not Interested
Bookmark
Report This Job
profile Job Location:

Toronto - Canada

profile Monthly Salary: Not Disclosed
Posted on: 30+ days ago
Vacancies: 1 Vacancy
Register to Apply

Job Summary

HM Note: This hybrid contract role is two (2) days in office. Candidates resumes must include first and last name.

Description
Background Information
  • This engagement involved leading the end-to-end execution of a Threat Risk Assessment (TRA) to evaluate the security posture of the information system application infrastructure and business process.
  • The objective is to identify potential threats assess vulnerabilities and determine the likelihood and impact of various risk scenarios affecting confidentiality integrity and availability.

Key activities included:
  • Scoping the assessment in collaboration with business and technical stakeholders.
  • Conducting structured risk analysis using recognized frameworks such as ISO 31000 NIST RMF or FAIR.
  • Performing threat modeling (e.g. STRIDE MITRE ATT and amp;CK) to map potential attack vectors and security gaps.
  • Reviewing system architecture data flows and existing controls.
  • Assessing compliance with relevant regulatory and organizational security requirements.
  • Documenting findings in a detailed TRA report including risk ratings and actionable mitigation recommendations.
  • Presenting results to executive leadership and supporting integration of risk treatments into the broader security strategy.

Must haves:
  1. In-depth knowledge of risk management frameworks (e.g. ISO 31000 NIST RMF Risk Management Framework) and threat modelling methodologies (e.g. STRIDE DREAD).
  2. Expertise in identifying evaluating and prioritizing threats and vulnerabilities across physical cyber and operational domains.
  3. Strong analytical skills to assess potential impacts and likelihoods of various threat scenarios.
  4. Proficiency risk assessment matrices
  5. Excellent communication and reporting abilities to effectively present findings and risk mitigation strategies to both technical teams and executive stakeholders.
  6. Familiarity with legal regulatory and compliance requirements ensuring assessments align with organizational and industry standards (e.g. PHIPAA and nbsp;- Personal Health Information Protection Act).
  7. Proactive mindset and situational awareness to anticipate and adapt to emerging threats in a dynamic risk environment.

Responsibilities:
  • Lead end-to-end Threat Risk Assessment (TRA) initiatives across systems processes and assets.
  • Develop and apply threat models to assess organizational security posture.
  • Collaborate with stakeholders to align assessments with business objectives and risk tolerance.
  • Analyze vulnerabilities and assess threats to determine likelihood and potential impact.
  • Produce detailed TRA reports documenting findings recommendations and risk ratings.
  • Maintain risk registers and track remediation efforts.
  • Propose actionable mitigation strategies based on assessment outcomes.
  • Ensure alignment with:
  • Regulatory requirements
  • Industry standards
  • Organizational security policies
  • Communicate findings effectively to both technical teams and executive leadership.
  • Support audit and compliance activities as needed.
  • Contribute to the continuous improvement of risk management frameworks and methodologies.
  • Stay informed on emerging threats vulnerabilities and security best practices.

Desired Skills:
  • Demonstrated expertise in enterprise risk analysis with a solid background in applying risk management frameworks such as ISO 31000 FAIR and NIST RMF to identify evaluate and prioritize organizational security risks.
  • Hands-on experience conducting structured threat analysis utilizing methodologies like STRIDE PASTA (Process for Attack Simulation and Threat Analysis) and MITRE ATT and amp;CK. Familiarity with creating threat models mapping attack surfaces and visualizing system flows to uncover security weaknesses.
  • Strong command of cybersecurity governance practices including the development and enforcement of information security policies and standards. Practical understanding of how to align internal controls with recognized frameworks like ISO 27001 NIST CSF and the CIS Critical Security Controls.
  • Proven ability to translate technical risk findings into clear business language producing high-quality documentation such as executive summaries detailed risk reports and stakeholder presentations. Skilled in managing communication between technical teams and leadership to drive informed decision-making.

Required Skills:
  • Risk Management and amp; Assessment 57 years
  • Proven experience in conducting threat risk assessments using frameworks like ISO 31000 NIST RMF or Factor Analysis of Information Risk (FAIR).

  • Threat Modeling 35 years
  • Practical knowledge of threat modeling techniques (e.g. STRIDE PASTA MITRE ATT and amp;CK) including development of data flow diagrams and attack vectors.

  • Information Security Governance 5 years
  • Strong understanding of security policies standards and controls aligned with ISO 27001 NIST CSF and CIS Controls.

  • Communication and amp; Reporting 5 years
  • Skilled in writing technical and executive-level reports risk registers and presenting to stakeholders and leadership.

Required Experience / Evaluation Criteria: and nbsp; and nbsp;
  • 5-7 years of hands-on experience with threat modeling techniques such as STRIDE PASTA and MITRE ATT and amp;CK including the development of data flow diagrams and identification of attack vectors to inform secure design decisions and guide risk mitigation strategies across systems and applications.: 20 points
  • 57 years of experience conducting comprehensive threat and risk assessments using frameworks such as ISO 31000 NIST RMF and FAIR with a strong focus on identifying vulnerabilities analyzing potential impacts and delivering actionable risk mitigation strategies to stakeholders.: 20 points
  • 57 years of extensive experience with security controls and architecture with a strong ability to identify gaps between the current security posture and industry standards best practices and regulatory requirements.: 40 points
  • Over 5 years of experience authoring technical and executive-level reports developing risk registers and delivering presentations to stakeholders and senior leadership.: 20 points
Total evaluation criteria: and nbsp;100 points

Deliverables
Deliverables Include but not limited to:
  • TRA (Threat Risk Assessment) Report:
  • A comprehensive document outlining identified threats vulnerabilities risks and proposed mitigation strategies tailored to the organizations context.

  • Risk Register:
  • A structured log of all identified risks including severity likelihood risk rating responsible owners and mitigation actions.

  • Threat Modeling Diagrams:
  • Visual representations of systems data flows and potential threat vectors using models like STRIDE or attack trees.

  • Risk Assessment Matrix:
  • A visual tool mapping the likelihood and impact of risks to prioritize them effectively.

  • Asset Inventory and amp; Classification:
  • A list of assets in scope (e.g. systems applications data) categorized by value and sensitivity.

  • Vulnerability Assessment Results:
  • A summary of technical vulnerabilities discovered during the assessment often with outputs from tools like Nessus or OpenVAS.

  • Gap Analysis:
  • Identification of discrepancies between current security posture and industry standards best practices or regulatory requirements.

  • Mitigation and amp; Remediation Plan:
  • Detailed action plans with timelines and responsibilities for reducing identified risks to acceptable levels.

  • Executive Summary:
  • A high-level summary tailored for senior leadership focusing on key findings business impact and strategic recommendations.

  • Compliance Mapping:
  • Documentation showing how risks and controls align with regulatory or standards frameworks (e.g. NIST ISO 27001 SOC 2).

  • Presentation Deck:
  • Slide-based briefing to communicate findings risks and recommendations to stakeholders in a clear and digestible format.

Knowledge Transfer Details:
  • The resource will ensure full knowledge transfer is provided to the Ontario Health team before end of engagement. Some of this might occur at the end of the engagement but will also be shared as information is obtained/consolidated. Key deliverables will be shared with team.
  • The resource must provide all related documentation as part of Knowledge transfer protocol. Documents will be reviewed by the appropriate leads and signed off by manager/director.
  • The resource will work collaboratively with the Ontario Health team throughout the assignment and ensure key deliverables milestones and documentation are shared.
  • A walkthrough of any demos development etc. will be required before the end of the engagement.


Must Haves:
  1. 5-7 years experience of risk management frameworks (e.g. ISO 31000 NIST RMF Risk Management Framework) and threat modelling methodologies (e.g. STRIDE DREAD).
  2. 5-7 years experience identifying evaluating and prioritizing threats and vulnerabilities across physical cyber and operational domains.
  3. 5-7 years experience and nbsp;assessing potential impacts and likelihoods of various threat scenarios.
and nbsp;
Nice to have:
  • Familiarity with legal regulatory and compliance requirements ensuring assessments align with organizational and industry standards (e.g. PHIPAA and nbsp;- Personal Health Information Protection Act).
HM Note: This hybrid contract role is two (2) days in office. Candidates resumes must include first and last name.DescriptionBackground InformationThis engagement involved leading the end-to-end execution of a Threat Risk Assessment (TRA) to evaluate the security posture of the information system ap...
View more view more

Key Skills

  • CCTV
  • Low Voltage
  • Network Management
  • IDS
  • Computer Networking
  • Field Service
  • ICD Coding
  • Military Experience
  • Security
  • Security System Experience
  • Information Security
  • Troubleshooting
Apply Now

About Company

Foilcon
View Profile View Profile

AI AutoApply

Apply to 100+ jobs with one click

AI AutoApply

AI Resume Builder

Create an ATS-ready CV in minutes

AI Resume Builder

AI Cover Letter

Write a personalized letter instantly

AI Cover Letter

Related Jobs

Bilingual Disability Specialist

Otip Group Of Companies (ogc)

profile Waterloo

Senior Site Remediation Specialist

Egis Group

profile Toronto

Senior Quality Engineering Specialist

General Dynamics Missions System International

profile Dartmouth

Senior Environmental Risk Assessment Specialist

Egis Group

profile Toronto

Intermediate Environmental Risk Assessment Specialist

Egis Group

profile Toronto

Specialist, Operations Excellence (18 months contract)

Abbvie

profile Montreal

Security Analyst

Thales

profile Ottawa

Security Operations Director

Cgi

profile Ottawa
  1. Home
  2. Jobs In Canada
  3. Jobs In Toronto
  4. Security Specialist 0390-1217
About Dr.Job

Dr.Job is an AI-powered career platform that bridges the gap between employers and talented job seekers. Since 2015, we have been one of the leading job portals in the UAE, trusted by thousands daily to find opportunities faster and smarter. Today, Dr.Job is expanding worldwide, connecting professionals and employers across borders. With AI-driven tools for resume building, interview preparation, and automated applications, Dr.Job empowers job seekers to land their dream roles and helps employers find top talent with accuracy and speed.

Follow Dr.Job
Payment accepted icon
Company
Popular Searches
Employer
Quick Links
Job seeker
Jobs by Countries

Dr Job FZ LLC. 2025 © All Rights Reserved

Terms of Use. Privacy Policy. Cookie Policy