Security Specialist – Senior
Job Description
Security Specialist – Senior (2 Positions)
Location: Hybrid (Toronto, Ontario, Canada)
Type: Contract
About the Opportunity:
Noramtec is currently seeking two (2) experienced Security Specialists – Senior to join our client’s cybersecurity program in Toronto, Ontario. This is an exciting opportunity to contribute to critical cybersecurity initiatives within a dynamic and fast-paced environment.
Key Responsibilities:
Lead security and vendor risk assessments, identify risks, and develop mitigation strategies for third-party vendors.
Conduct detailed security domain assessments of third-party vendors and deliver findings and reports to management and stakeholders.
Develop and implement cybersecurity governance frameworks, policies, and procedures in collaboration with cross-functional teams.
Provide support for audits, compliance, and regulatory requests with precise documentation and analysis.
Collaborate with internal teams and vendors to define cybersecurity requirements for new solutions, ensuring alignment with standards and policies.
Recommend and implement security controls to address identified risks on project teams.
Work with Enterprise Architecture, Security, Operations, and Solution Delivery teams to ensure security solutions comply with corporate standards.
Assist with the creation, review, and approval of policies, standards, and governance documentation.
Participate in ongoing compliance activities and threat/risk assessments, ensuring regulatory and policy adherence.
Experience & Skills Required:
Minimum 7+ years of experience in information security, including involvement with large-scale security projects.
Expertise in security governance, risk management, and compliance, including developing roadmaps, policies, procedures, and standards.
Strong experience with contractual security requirements, third-party risk management, and procurement processes (RFP, vendor evaluations, etc.).
Proven ability to work effectively in cross-functional environments, communicating complex technical information to diverse audiences, including executive leadership.
Proficiency with cybersecurity risk and third-party risk management tools such as ServiceNow, OneTrust, and AuditBoard.
Solid knowledge of industry standards and regulatory frameworks, including PCI-DSS, NIST, and ISO 27001.
Strong time management, prioritization, and self-motivation skills, with the ability to work independently in a fast-paced environment.
Proficient in Microsoft Office tools including Word, Excel, PowerPoint, Power BI, and Visio.
Education & Certifications:
A current security designation is required (e.g., CISSP, CISM, CCSP, or CISA).
Application Details:
If you meet the above qualifications and are interested in this opportunity, please submit your resume to:
jim.nickolson@noramtec.com
