Senior Cyber Security Specialist

Assignment: RQ00650 - Security Specialist - Senior | Requisition: RQ00650 | Job Title: Senior Cyber Security Specialist | Client: Supply Ontario | Start Date: 2026-06-08 | End Date: 2027-06-04 | Department: Operations | Office Location: 200 Front St West, Toronto | Business Days: 260 | Location: 5 days onsite (subject to HM's discretion) | Public Sector Experience: No | Note: Provide after-hours support as required for security events or high-priority operational needs.

Must Haves

7+ years of hands‑on cyber security experience supporting security operations, incident response, threat intelligence, secure architecture, and other security assurance activities.

Experience designing, implementing, and securing cloud environments (e.g., Azure), including cloud‑native security controls and architecture best practices.

Strong experience supporting and coordinating incident response activities, including cross‑functional coordination and incident lifecycle management.

Demonstrated experience in project delivery, including planning, coordination, stakeholder engagement, and execution of security initiatives.

Strong business analysis skills, including requirements gathering, documentation, and translating business needs into security solutions and risk‑based recommendations.

About Supply Ontario

Supply Ontario is the province's centralized procurement agency that enables a holistic government approach to purchasing goods and services. At Supply Ontario, we believe that modernizing procurement is a key driver of success for Ontario's public sector. Our mandate is to strengthen supply chain management and procurement across the public sector, ensuring that Ontario ministries, provincial agencies, hospitals, school boards, children's aid societies and more have access to high‑quality, timely, reliable products at the best value.

As we mature the agency, we are looking for Fee‑for‑Service (FFS) resources to help support our cyber security program that will enable the organization to deliver on its mandate.

Project Overview

In response to the escalating cyber threats in today's digital landscape, Supply Ontario is maturing its strategic initiatives to expand its cyber security program. This initiative aims to strengthen the organization's security posture, safeguard sensitive data, and ensure continuity of operations in the face of evolving cyber risk.

The objective is to establish and mature a comprehensive cyber security program that supports Supply Ontario's core business functions. This includes continuous improvement of proactive and reactive security controls across Confidentiality, Integrity, and Availability (CIA). Key program areas include Cloud Security, Vulnerability Management, Cyber Risk Management, Security Operations, Incident Response, Threat Intelligence, Security Architecture, Policy Development, Compliance, and Training & Awareness.

The program will leverage industry best practices and modern security technologies to enhance resilience and ensure alignment with enterprise and public sector security expectations.

Experience Required

7+ years of hands‑on cyber security experience supporting security operations, incident response, threat intelligence, secure architecture, and other security assurance activities.

Experience designing, implementing, and securing cloud environments (e.g., Azure), including cloud‑native security controls and architecture best practices.

Strong experience supporting and coordinating incident response activities, including cross‑functional coordination and incident lifecycle management.

Demonstrated experience in project delivery, including planning, coordination, stakeholder engagement, and execution of security initiatives.

Strong business analysis skills, including requirements gathering, documentation, and translating business needs into security solutions and risk‑based recommendations.

Strong knowledge of cyber risk management frameworks and conducting threat risk assessments with associated mitigation strategies.

In‑depth knowledge of industry standards and frameworks such as NIST 800‑53, ISO/IEC 27001, and CIS Controls.

Experience working with SOC audit reports (including SOC 2 Type II) and supporting audit/compliance activities.

Strong understanding of cyber security concepts including vulnerabilities, threats, encryption, defense‑in‑depth, authentication, risk management, and security operations.

Knowledge of threat modeling and adversary frameworks such as Cyber Kill Chain, MITRE ATT&CK, Diamond Model, and IOCs.

Experience supporting vulnerability management, including scanning, prioritization, remediation tracking, and reporting.

Experience supporting cyber security awareness and training programs across organizations.

Strong experience managing cyber security vendors and service providers, including performance oversight and service level management.

Strong interpersonal and communication skills with the ability to engage technical teams, business stakeholders, and senior leadership.

Strong written and verbal communication skills with experience producing technical and business‑level documentation.

Ability to adapt to changing priorities in agile or evolving project environments.

Experience coordinating and supporting security architecture requirements for systems and enterprise IT projects.

Deliverables

The Senior Cyber Security Specialist will play a key role in delivering and maturing a robust cyber security program.

Responsibilities

Support the development and continuous improvement of a comprehensive cyber security program aligned to organizational needs, risk profile, and regulatory requirements.

Define and implement cloud security strategies, architectures, and controls to ensure secure adoption and operation of cloud services.

Support the maturity of Security Operations Center (SOC) capabilities, including monitoring, detection, investigation, and response processes.

Establish and support effective vulnerability management capabilities, including scanning, prioritization, remediation tracking, and risk reporting.

Coordinate cyber security projects and initiatives, including planning, scheduling, risk management, stakeholder communication, and delivery oversight.

Define, track, and report on cyber security KPIs and metrics to measure program effectiveness, support risk‑based decisions, and drive continuous improvement.

Support the development, maintenance, and governance of cyber security policies, standards, and procedures aligned to industry best practices.

Conduct and support cyber risk and threat assessments, including identification of vulnerabilities and development of mitigation strategies.

Support and coordinate incident response activities, including preparation, detection, containment, eradication, recovery, and post‑incident analysis.

Establish and maintain relationships with cyber security vendors and service providers, including performance monitoring and alignment to security requirements.

Support compliance activities, including regulatory alignment, internal/external audits, and security assessments.

Support cyber security awareness and training initiatives to strengthen organizational security culture.

Evaluate, recommend, and support implementation of cyber security tools, technologies, and controls to improve security posture.

Produce regular reporting on cyber security posture, risks, incidents, vulnerabilities, and compliance status for stakeholders.

Define, evaluate, and assess security architecture requirements for enterprise systems and IT projects, ensuring security‑by‑design principles are applied.

Ensure security and contingency measures are integrated into system development and operational processes.

Provide after‑hours support as required for security events or high‑priority operational needs.

Desirable Qualifications

Bachelor's degree in Information Technology, Computer Science, Cyber security, or related discipline.

Relevant certifications such as CISSP, CCSP, SSCP, Security+, or GIAC certifications.

#J-18808-Ljbffr