Senior Cyber Security Specialist
Job Description
Senior Cyber Security Specialist – Threat Risk Assessment (TRA), Threat Modeling & Risk Management (2 Positions)
Toronto, Ontario, Canada (On-Site/Hybrid)
$80.00–$125.00 per hour (Incorporated Contractor)
195 Business Day Contract (Extension Possible)
Canadian Citizens and Permanent Residents Only 10 years plus in Canada Full Background Check
Required
Immediate Opportunity for Senior Cybersecurity Professionals
We are seeking two experienced Senior Cyber Security Specialists with expertise in Threat Risk Assessment (TRA), Threat Modeling, Vulnerability Assessment, Security Risk Management, Information Security Governance, Gap Analysis, and Regulatory Compliance.
The successful candidates will support a high-profile public sector cybersecurity initiative by identifying, assessing, and mitigating security risks across enterprise applications, infrastructure, business processes, and information assets. This role requires deep experience with NIST RMF, ISO 31000, ISO 27001, NIST CSF, CIS Controls, STRIDE, PASTA, MITRE ATT&CK, vulnerability management, and security governance frameworks.
Top Skills & Keywords
Threat Risk Assessment (TRA)
Threat Modeling (STRIDE, PASTA, DREAD, MITRE ATT&CK)
Cyber Risk Management
Information Security Governance
Vulnerability Assessment
Gap Analysis
Risk Registers
NIST RMF
NIST Cybersecurity Framework (CSF)
ISO 31000
ISO 27001
CIS Controls
Security Compliance
PHIPA Compliance
Security Architecture Reviews
Security Controls Assessment
Executive Reporting
Risk Mitigation Planning
What You’ll Do
Conduct enterprise Threat Risk Assessments (TRA) for applications, systems, cloud services, infrastructure, and business processes.
Develop threat models and attack path analyses using recognized methodologies.
Identify, assess, and prioritize cyber threats, vulnerabilities, and business risks.
Perform security gap assessments against NIST, ISO 27001, CIS Controls, and regulatory requirements.
Develop risk registers, mitigation plans, remediation roadmaps, and executive summaries.
Collaborate with security architects, technical teams, project stakeholders, and senior leadership.
Support audit, compliance, governance, and risk management initiatives.
Deliver actionable recommendations that strengthen the organization’s overall security posture.
Required Experience
10+ years in Cyber Security Risk Management and Threat Risk Assessments.
10+ years conducting Threat Modeling and Security Assessments.
7+ years in Information Security Governance and Compliance.
10+ years preparing executive-level security reports and presentations.
Demonstrated experience with NIST RMF, ISO 31000, ISO 27001, NIST CSF, and CIS Controls.
Experience within healthcare, public sector, or highly regulated environments is considered an asset.
Apply Today
Please submit your resume to:
jim.nickolson@noramtec.com
We thank all applicants for their interest; however, only candidates selected for an interview will be contacted.
