Talent.com
Cleo Consulting
Security SpecialistCleo Consulting • Toronto, ON, Canada
Security Specialist

Security Specialist

Cleo Consulting • Toronto, ON, Canada
2 days ago
Job type
  • Full-time
  • Quick Apply
Job description
Assignment: RQ00716 - Security Specialist - Senior Requisition: RQ00716 Job Title: Security Specialist - Senior for the Information Security Office Client: Ontario Health Start Date: 2026-08-17 End Date: 2027-08-13 Department: Digital Excellence in Health Office Location: 525 University Ave, Toronto Business Days: 125.00 Location: Remote Public Sector Experience: Must Have

Must Haves:

  • Minimum 8 years of hands-on experience with IPC (very strong) and OAGO audits.
  • Minimum 5 years extensive experience in conducting comprehensive security Threat and Risk Assessment (TRA) using frameworks such as NIST CSF, HTRA, and ISO 27001. Risk Assessment, mitigation recommendations and management with a strong focus on identifying vulnerabilities, analyzing potential impacts, and delivering actionable risk mitigation to stakeholders. 25 points
  • Minimum 5 years of extensive experience with Information security governance, developing policies and standards with a strong ability to identify gaps between the current security posture and industry standards, best practices, and regulatory requirements. 25 points
  • 5+ years of experience authoring executive-level reports, developing cyber security program and risk registers, and delivering presentations to stakeholders and senior leadership.

Description

  • The Sr. Security Specialist will support and deliver on multiple initiatives related to Security Governance, Risk and Compliance and Cyber Defense Operations. This includes leading multiple initiatives related to security strategy, security audit and compliance requirements and findings, security governance including policies, standards and processes development and security risk management procedures.

Must haves:

  • Experience in risk management models for assessing and mitigating various aspects of risk exposure.
  • Experience with risk assessment methodologies such as HTRA and NIST CSF, and frameworks such as ISO 27001/2.
  • Experience with security governance including developing policies, standards, processes and procedures.
  • Hands on experience with IPC (Information Privacy Commissioner) triennial audits.
  • Demonstrated experience in working with various compliance and audit frameworks including, PHIPA, SOC 2 Type II, OAGO
  • An adept team player who is action oriented, with a record of accomplishment of motivating other team members to achieve higher goals.

Desired Skills:

  • 10+ years' experience in various security domains including third-party risk management, IT audits and/or Security Governance, Risk and Compliance (GRC)
  • Bachelor's or Master's degree in Computer Science, Information Technology, Cyber Security, Systems or other related field, or equivalent work experience.
  • Professional certifications in information/cyber security (e.g. CISSP, CCSP, CISA, CISM, CRISC) is required.
  • Knowledge of prevalent industry standards (ISO 27001/27002, NIST, CIS, COBIT)

Required Skills:

  • An understanding of risk assessment methodologies such as HTRA and CSF, and frameworks such as NIST and ISO 27001/2.
  • Knowledge and experience developing and working with security architecture, and IT management frameworks such as SABSA, and CoBIT.
  • Strong knowledge and demonstrated experience working with compliance and audit frameworks including PHIPA, SOC 2 TII, OAGO audits.
  • Hands on experience with IPC triennial audits
  • Technical writing expertise and demonstrated knowledge and experience in developing Information security policies and standards in alignment with PHIPA, IPC requirements and industry standards.
  • Strong understanding and ability to interpret and communicate risk management concepts.
  • Good experience & knowledge of TRA methodologies and other risk assessment methodologies and tools, and familiarity with related security tests and test methodologies
  • Deep understanding of typical security threats, vulnerabilities and safeguards relevant to IT systems.
  • Experience in writing and presenting subject matter information that is both comprehensive and easy to understand.
  • Excellent communication and reporting abilities to effectively present findings and risk mitigation strategies to both technical teams and executive stakeholders.
  • Experience and working knowledge of risk management lifecycle, processes, and concepts.
  • Strong analytical skills to assess potential impacts and likelihoods of various threat scenarios.

Evaluation Criteria: 100 Points

  • Minimum 5 years extensive experience in conducting comprehensive security Threat and Risk Assessment (TRA) using frameworks such as NIST CSF, HTRA, and ISO 27001. Risk Assessment, mitigation recommendations and management with a strong focus on identifying vulnerabilities, analyzing potential impacts, and delivering actionable risk mitigation to stakeholders. 25 points
  • Minimum 5 years of extensive experience with Information security governance, developing policies and standards with a strong ability to identify gaps between the current security posture and industry standards, best practices, and regulatory requirements. 25 points
  • Minimum 8 years of hands-on experience with IPC and OAGO audits. 30 points
  • 5+ years of experience authoring executive-level reports, developing cyber security program and risk registers, and delivering presentations to stakeholders and senior leadership. 20 points

Deliverables

  • Deliverables include, but are not limited to:
  • Development of security policies, standards, procedures, processes.
  • Development of frameworks and models for select security capabilities
  • Support implementation of new enterprise governance, risk and compliance tool.
  • Support development of a cyber security strategy and key aspects of program development including program performance reporting.
  • Support on completion of security assessment using tools based on NIST CSF.
  • Review of Threat Risk Assessment, VA scan report, Penetration Test report and other security documents.

Additional Terms

  • This Engagement Assignment is the equivalent of 125 Business Days to be worked at between the Start and End Dates. The Engagement Assignment may be extended for unused Business Days at the Agency's discretion. The resource will work approximately 78 Business Days in FY26/27 and 47 Business Days in FY 27/28.
  • The resource will comply with the Agency's policies and procedures.
  • The Agency systems cannot be accessed from outside the province of Ontario, and Agency assets including laptops and related equipment cannot be removed from the province of Ontario, without prior written approval from the Agency.
  • Assignment Type: This position is currently listed as "Hybrid". The resource under this request will be required to work onsite as per Hiring Manager sole discretion.
  • The resource will be issued an Agency laptop and is expected to provide at their own expense at least one additional monitor, an external keyboard, and a mouse. In addition, when the resource is working from their home location, they must have a private office space and are not permitted to work in an open communal space. Internet connection must be hard-wired and suitable bandwidth to support the IT requirements of this role. If these conditions cannot be met within their home office space, the resource will transition to full time in office, and the hybrid option will no longer be available.
Create a job alert for this search

Security Specialist • Toronto, ON, Canada

Similar jobs

Sr. Security Services Solutions Architect, AWS Security Services SA - North America

Amazon Web Services (AWS)toronto, on, Canada
Full-time

AWS Global Sales drives adoption of the AWS cloud worldwide, enabling customers of all sizes to innovate and expand in the cloud.Our team empowers every customer to grow by providing tailored servi... Show more

 • Promoted

Information Security Specialist

DexianToronto, ON, CA
Full-time

This role is responsible for conducting detailed.The position is project-based and involves reviewing technology initiatives across multiple business units to identify risks, validate controls, and... Show more

 • Promoted

Digital Security Specialist- EN

IAMGOLD CorporationToronto, ON, CA
Full-time

Innovative, Accountable Mining.IAMGOLD is a Canadian-based gold mining company with operations and development projects across North America and West Africa.With flagship operations like the Côté G... Show more

 • Promoted

Enterprise Security Specialist

CprvisionWhitchurch-Stouffville, ON, CA
Full-time

Enterprise Security Specialist.Location: Stouffville, ON • Department: R&D • Reports to: Chief Technology Officer (CTO) • Salary: $120,000 - $135,000 • Openings: 1.Lead the development, implementat... Show more

 • Promoted

Security Systems Application Specialist

AinsworthToronto, ON, CA
Full-time

Reporting to the Project Manager, you will have the opportunity to execute and lead various security system projects.Your role will encompass estimation, engineering design, programming, commission... Show more

 • Promoted

Security Specialist - $90 - $100 An Hour

GttToronto, Canada
Full-time

Overview The Security Specialist V plays a critical role in advancing enterprise-wide IT and data protection initiatives.This role will oversee the implementation of security standards , ensure com... Show more

 • Promoted

Security Specialist - Senior_10+yrs

Maarut IncToronto, ON, CA
Full-time

The Cyber Security Centre of Excellence (COE) is seeking one (1) Senior Cyber Security Specialist to support in strengthening Ontario’s cyber security infrastructure as the province collectively mo... Show more

 • Promoted

Security Governance, Risk and Compliance Specialist

Tecsys Inc.Toronto, ON, CA
Full-time +1

Security Governance, Risk and Compliance Specialist.Having recognized the advantages of remote work, such as improved employee morale, increased productivity, and positive impacts on both employee ... Show more

 • Promoted

Palo Alto Security SME - Implementation

Tech Talent Internationaltoronto, on, Canada
Full-time

About the job Palo Alto Security SME - Implementation.Fortune 100/500/1000 and other companies in Canada/US.We are currently hiring for a Palo Alto Security SME - Implementation for our IT infrastr... Show more

 • Promoted

Security specialist

Flip retailToronto
Full-time

Security Specialist vacancy in Toronto Canada.Security Specialist mainframe - REMOTE.Duty: Safety Specialist data processor.Ability: Protection Specification: Rational Identity & Accessibility Mgmt... Show more

 • Promoted

Senior Security Specialist – Vulnerability & Mss Lead - $42 - $59 An Hour

CDW CanadaToronto, Canada
Full-time

Senior Security Specialist needed to provide technical support, mentor staff and manage complex technical issues. Show more

 • Promoted

Site Security Lead - Operational Excellence (Former Federal, Provincial, Municipal Police Offic[...]

Securitas Security Services USA, Inc.Toronto, ON, CA
Full-time

This position is for an active open vacancy.Posting will be removed once filled.Corporate discounts with Goodlife Fitness, CAA, Perkopolis and Telus.Monday to Friday work schedule.Leadership level ... Show more

 • Promoted

Security Implementation SME - Azure and Palo Alto

Tech Talent InternationalToronto, ON, CA
Full-time

Security Implementation SME - Azure and Palo Alto.Job Openings Security Implementation SME - Azure and Palo Alto.About the job Security Implementation SME - Azure and Palo Alto.Fortune 100/500/1000... Show more

 • Promoted

Security Sales Specialist - Google - Toronto, ON

CNSCToronto, ON, CA
Full-time

Toronto, where you’ll help grow the cybersecurity business by engaging with customers to deliver business value and demonstrate real-world product functionality.This opportunity is perfect for thos... Show more

 • Promoted

Information Security Specialist

123 CorporateToronto, Ontario, Canada
Full-time

We are hiring an Information Security Specialist to join our team in Toronto.In this role, you will assist with building and operating information initiatives for technology, processes, and service... Show more

 • Promoted

RQ00650 - Sr. Security Specialist

Source CodeToronto, ON, CA
Full-time

ONSITE 5 days -200 Front St West.Provide after‑hours support as required for security events or high‑priority operational needs.Experience designing, implementing, and securing cloud environments (... Show more

 • Promoted

RQ08709 - Security Specialist - Senior

Rubicon PathToronto, Ontario, Canada
Full-time

About the job RQ08709 - Security Specialist - Senior.Role: Senior Security Specialists.Support the development, UAT and Production of OPS Secure environments.Monitoring the health, performance, and... Show more

 • Promoted

Digital Security Specialist

Iamgold CorporationToronto, ON, CA
Full-time

IAMGOLD is looking for a Digital Security Specialist to support cybersecurity operations across our corporate and mine site environments.Reporting to the Senior Manager, Cybersecurity, you will hel... Show more

 • Promoted

Analyst III, Security Strategy, Architecture & Innovation

Moneris Solutions CorpToronto, ON, CA
Full-time

Analyst III, Security Strategy, Architecture & Innovation.In this role, you will shape how security is embedded across Moneris’ application, cloud, and infrastructure environments.You will partner ... Show more

 • Promoted

Senior Technical Specialist, Corporate Security

Jaide HealthToronto
Full-time +1

Base salary range: For this role, candidates located in Canada can expect a base salary range, described in the posting.Actual compensation is determined based on skills, experience, and role level... Show more