close-menu

RQ00414 Security Specialist Senior

Cleo Consulting

Not Interested
Bookmark
Report This Job
profile Job Location:

Toronto - Canada

profile Monthly Salary: Not Disclosed
Posted on: 22-10-2025
Vacancies: 1 Vacancy
Register to Apply

Job Summary

Assignment: RQ00414 - Security Specialist - Senior
Start Date:
End Date:
Office Location: 525 University Avenue Toronto
Account: Ontario Health
Department: Digital Excellence in Health
# Business Days: 120.00
Location: Up to 5 days onsite (subject to change)
Public Sector Experience: Nice to Have
Must Haves:
  • 5 years experience on conducting comprehensive security Threat and Risk Assessment (TRA) using frameworks such as NIST CSF HTRA and ISO 27001. Risk Assessment mitigation recommendations and management with a strong focus on identifying vulnerabilities analyzing potential impacts and delivering actionable risk mitigation to stakeholders Risk management such as FAIR model
  • 5 years experience in risk management models for assessing and mitigating various aspects of risk exposure.
  • 5 years experience in Risk assessment methodologies such as HTRA and NIST CSF and frameworks such as ISO 27001/2.
  • 5 years experience as An adept team player who is action oriented with a record of accomplishment of motivating other team members to achieve higher goals.
Description
Background Information
  • The purpose of this request is to acquire Sr. Security Specialist to support on-boarding of various Health Information Custodians (HICs) Health services providers (Pharmacies/ hospitals/Health teams and private Home Care Service Delivery Providers (SPO) for contributing / viewing Electronic Health records.
  • Security Risk assessments will be performed before on-boarding to provide the required services.
  • Review / analysis of the security documentation provided by the various organization to comply with Ontario Health Information Security standards.
  • This procurement will also assess cyber security risk of service provider organizations that hold existing services with Ontario Health.
Must haves:
  • Experience in risk management models for assessing and mitigating various aspects of risk exposure.
  • Analysis of the assessments reports based on NIST CSF.
  • Risk assessment methodologies such as HTRA and NIST CSF and frameworks such as ISO 27001/2.
  • An adept team player who is action oriented with a record of accomplishment of motivating other team members to achieve higher goals.
Responsibilities:
  • Take a subject matter expert role in various security risk management initiatives and providing security expertise facilitating collaboration and performing Risk Assessment for various projects / products / applications and services within OH and external vendors using NIST CSF.
  • Analyze proposed solution architectures technology design and IT development processes to identify potential threats and vulnerabilities and to recommend options that enhance the security of solutions and business processes. Identify analyze and recommend options for risk management at appropriate levels within the enterprise and the health care sector.
  • Present topic areas and relevant security materials to product and digital solution groups.
  • Consult with members and teams in Ontario Health to implement recommended security policies and related controls.
  • Track the security control implementation and working through Risk Treatment plans
  • Coordinate internal and external information security initiatives as a subject matter expert to reach feasible security solutions for issues across the health care sector.
  • Take a leading role in offensive security practices and provide guidance to the teams with methodologies tools and processes.
  • Contribute to the ongoing development and maturing of the OH security program consulting and assurance practices.
  • Demonstrate the ability to effectively negotiate and resolve conflicts with individuals or teams in a professional and collaborative manner.
  • Utilize strong communication and negotiation skills to effectively persuade individuals with differing perspectives and conflicting interests towards a mutually beneficial resolution on a regular basis.
  • Implement tools and processes to manage workflow and materials related to the information security risk management.
  • Stay abreast of any changes to industry best practices or legislative regulations and assess the resulting impact to the organization.
  • Deep knowledge of the methodologies frameworks and processes in Information Security domain.
  • Good Experience in conducting Threat Risk Assessments using various Framework / Methodologies / Standards such as (NIST / HTRA / ISO).
  • Risk management models for assessing and mitigating various aspects of risk exposure.
  • Generate risk maps to help guide the risk owners and keep the stakeholders in the communication.
Desired Skills:
  • 5 years experience in various security domains including third-party risk management IT audits and/or Security Governance Risk and Compliance (GRC)
  • Bachelors or Masters degree in Computer Science Information Technology Cyber Security Systems or other related field or equivalent work experience.
  • Professional certifications in information/cyber security (e.g. CISSP CCSP CISA CISM CRISC) is required.
  • Knowledge of prevalent industry standards (ISO 27001/27002 NIST CIS COBIT)
Required Skills:
  • An understanding of risk assessment methodologies such as HTRA and CSF and frameworks such as NIST and ISO 27001/2.
  • Knowledge and experience developing and working with security architecture and IT management frameworks such as SABSA and CoBIT.
  • Strong understanding and ability to interpret and communicate risk management concepts.
  • Good experience & knowledge of TRA methodologies and other risk assessment methodologies and tools and familiarity with related security tests and test methodologies
  • Knowledge of a wide variety of information systems and security technologies including Operating Systems security LAN and WAN Internet protocols and applications secure communications firewalls IDS/IPS PKI identity management identification and authentication techniques role-based access control malware defenses etc.
  • Deep Understanding of typical security threats vulnerabilities and safeguards relevant to application development test and QA environments and IT (datacenter) operations.
  • Experience in writing and presenting subject matter information that is both comprehensive and easy to understand.
  • Experience and working knowledge of risk management lifecycle processes and concepts.
Required Experience / Evaluation Criteria:
  • Minimum 5 years extensive experience on conducting comprehensive security Threat and Risk Assessment (TRA) using frameworks such as NIST CSF HTRA and ISO 27001. Risk Assessment mitigation recommendations and management with a strong focus on identifying vulnerabilities analyzing potential impacts and delivering actionable risk mitigation to stakeholders Risk management such as FAIR model. 30 Points
  • Minimum 5 years of extensive experience with Information security controls and architecture with a strong ability to identify gaps between the current security posture and industry standards best practices and regulatory requirements. 30 Points
  • Minimum 5 years of hands-on experience with Threat modeling techniques such as STRIDE PASTA and MITRE ATT&CK and Threat profiling in identification of attack vectors to enable secure design decisions and guide risk mitigation strategies across systems and applications. 20 Points
  • 5 years of experience authoring technical and executive-level reports developing risk registers and delivering presentations to stakeholders and senior leadership. Working experience in development of data flow diagrams and required security controls to protect the data. 20 Points
Total evaluation criteria: 100 Points
Deliverables
Deliverables include but are not limited to:
  • Support on completion of security assessment using tools based on NIST CSF.
  • Risk Analysis report for every on-boarding entity.
  • Review of Threat Risk Assessment VA scan report Penetration Test report and other security documents.
  • Follow up with clients to complete the documentation.
  • Executing Threat Risk Assessment for new / existing projects & applications.
Additional Terms
Term: The term of this Engagement Assignment is 120 Business Days with an option to extend for an additional 180 days at Ontario Healths discretion. The Engagement Assignment may also be extended for unused Business Days at Ontario Healths discretion.
The resource will comply with Ontario Health policies and procedures.
Ontario Health systems cannot be accessed from outside the province of Ontario and Ontario Health assets including laptops and related equipment cannot be removed from the province of Ontario without prior written approval from Ontario Health.
Assignment Type: This position is currently listed as Hybrid. The resource under this request will be required to work onsite as per Hiring Manager sole discretion.
Knowledge Transfer Details:
  • The resource will ensure full knowledge transfer is provided to the Ontario Health team before end of engagement. Some of this might occur at the end of the engagement but will also be shared as information is obtained/consolidated. Key deliverables will be shared with team.
  • The resource must provide all related documentation as part of knowledge transfer protocol. Documents will be reviewed by the appropriate leads and signed off by manager/director.
  • The resource will work collaboratively with the Ontario Health team throughout the assignment and ensure key deliverables milestones and documentation are shared.
  • A walkthrough of any demos development etc. will be required before the end of the engagement.
Assignment: RQ00414 - Security Specialist - Senior Start Date: End Date: Office Location: 525 University Avenue Toronto Account: Ontario Health Department: Digital Excellence in Health # Business Days: 120.00 Location: Up to 5 days onsite (subject to change) Public Sector Experience: Nice to Have M...
View more view more

Key Skills

  • CCTV
  • Low Voltage
  • Network Management
  • IDS
  • Computer Networking
  • Field Service
  • ICD Coding
  • Military Experience
  • Security
  • Security System Experience
  • Information Security
  • Troubleshooting
Apply Now

About Company

Cleo Consulting
Company Logo
View Profile View Profile

AI AutoApply

Apply to 100+ jobs with one click

AI AutoApply

AI Resume Builder

Create an ATS-ready CV in minutes

AI Resume Builder

AI Cover Letter

Write a personalized letter instantly

AI Cover Letter

Related Jobs

Assistant Security Manager

Accorhotel

profile Vancouver

Information Security Specialist Cyber Security Incident Response

Td Bank

profile Toronto

Senior Endpoint Security Engineer

Td Bank

profile Toronto

Senior Subcontracts Specialist

Rtx

profile Ontario

Senior Security Consultant Incident Response Team (TSIRT)

Telus

profile Quebec

Senior Information Security Analyst CyberArk & Privileged Access

Td Bank

profile Toronto

RQ00424 | Systems TestingQA Specialist, Senior

Merak Systems Corporation

profile Toronto

RQ09829 | Systems TestingQA Specialist, Senior

Merak Systems Corporation

profile Toronto
  1. Home
  2. Jobs In Canada
  3. Jobs In Toronto
  4. RQ00414 Security Specialist Senior
About Dr.Job

Dr.Job is an AI-powered career platform that bridges the gap between employers and talented job seekers. Since 2015, we have been one of the leading job portals in the UAE, trusted by thousands daily to find opportunities faster and smarter. Today, Dr.Job is expanding worldwide, connecting professionals and employers across borders. With AI-driven tools for resume building, interview preparation, and automated applications, Dr.Job empowers job seekers to land their dream roles and helps employers find top talent with accuracy and speed.

Follow Dr.Job
Payment accepted icon
Company
Popular Searches
Employer
Quick Links
Job seeker
Jobs by Countries

Dr Job FZ LLC. 2025 © All Rights Reserved

Terms of Use. Privacy Policy. Cookie Policy