RQ00483 - Security Specialist - Senior at S M Software Solutions Inc

Job Title

RQ00483 - Security Specialist - Senior

Start Date

2026-02-09

Client

Supply Ontario

End Date

2026-10-02

Work Location:

525 University Avenue, Toronto, ON, Canada

Extension

Probable after the initial mandate

Job Type

Hybrid

Hours Per Day Or Week

7.25 hours per day (5 Days)

Must Haves

• 7+ years Experience in risk management models for assessing and mitigating various aspects of risk exposure.
• 7+ years Experience Analysis of the assessment’s reports based on NIST CSF.
  
  

Description

Background Information

• The purpose of this request is to acquire a Sr. Security Specialist to support and deliver on multiple initiatives related to Security Governance, Risk and Compliance and Cyber Defence Operations. This includes leading multiple initiatives related to security strategy, security audit and compliance requirements and findings, security governance including policies, standards and processes development and security risk management procedures.
  
  

Must Haves

• Experience in risk management models for assessing and mitigating various aspects of risk exposure.
• Analysis of the assessment’s reports based on NIST CSF.
• Risk assessment methodologies such as HTRA (Harmonized Threat Risk Assessment) and NIST CSF, and frameworks such as ISO 27001/2.
• Experience with security governance including developing policies, standards, processes and procedures.
• Experience in working with various compliance and audit frameworks including, PHIPA, SOC 2 Type II, Information Privacy Commissioner (IPC) triennial audits, Ontario Auditor General Office (OAGO)
• Experience with Security frameworks such as NIST CSF 2.0 and ISO 27001.
• An adept team player who is action oriented, with a record of accomplishment of motivating other team members to achieve higher goals.
  
  

Responsibilities

• Take a subject matter expert role in various security risk management initiatives and providing security expertise, facilitating collaboration and performing Risk Assessment.
• Analyze proposed solution architectures, technology, design and IT development processes to identify potential threats and vulnerabilities, and to recommend options that enhance the security of solutions and business processes. Identify, analyze, and recommend options for risk management at appropriate levels within the enterprise and the health care sector.
• Present topic areas and relevant security materials to product and digital solution groups.
• Coordinate with members and teams in Ontario Health to develop and implement recommended security policies and related controls.
• Track the security control implementation to meet compliance requirements and audit findings.
• Coordinate internal and external information security initiatives as a subject matter expert to reach feasible security solutions for issues across the health care sector.
• Take a leading role in offensive security practices and provide guidance to the teams with methodologies, tools, and processes.
• Contribute to the ongoing development and maturing of the OH security program, consulting and assurance practices.
• Demonstrate the ability to effectively negotiate and resolve conflicts with individuals or teams in a professional and collaborative manner.
• Utilize strong communication and negotiation skills to effectively persuade individuals with differing perspectives and conflicting interests towards a mutually beneficial resolution on a regular basis.
• Implement tools and processes to manage workflow and materials related to the information security risk management.
• Stay abreast of any changes to industry best practices or legislative regulations and assess the resulting impact to the organization.
• Deep knowledge of the methodologies, frameworks, and processes in Information Security domain.
• Good Experience in conducting Threat Risk Assessments using various Framework / Methodologies / Standards such as (NIST / HTRA / ISO).
• Risk management models for assessing and mitigating various aspects of risk exposure.
• Generate risk maps to help, guide the risk owners and keep the stakeholders in the communication.
  
  

Desired Skills

• 10+ years’ experience in various security domains including third-party risk management, IT audits and/or Security Governance, Risk and Compliance (GRC)
• Bachelor’s or master’s degree in computer science, Information Technology, Cyber Security, Systems or other related field, or equivalent work experience.
• Professional certifications in information/cyber security (e.g. CISSP, CCSP, CISA, CISM, CRISC) is required.
• Knowledge of prevalent industry standards (ISO 27001/27002, NIST, CIS, COBIT)
  
  

Required Skills

• An understanding of risk assessment methodologies such as HTRA and CSF, and frameworks such as NIST and ISO 27001/2.
• Knowledge and experience developing and working with security architecture, and IT management frameworks such as SABSA, and CoBIT.
• Knowledge and experience working with compliance and audit frameworks including PHIPA, SOC 2 TII, IPC Triennial audits, OAGO audits.
• Strong understanding and ability to interpret and communicate risk management concepts.
• Good experience & knowledge of TRA methodologies and other risk assessment methodologies and tools, and familiarity with related security tests and test methodologies
• Knowledge of a wide variety of information systems and security technologies including Operating Systems security, LAN and WAN, Internet protocols and applications, secure communications, firewalls, IDS/IPS, PKI, identity management, identification and authentication techniques, role-based access control, malware defenses, etc.
• Deep Understanding of typical security threats, vulnerabilities and safeguards relevant to application development, test and QA environments, and IT (datacenter) operations.
• Experience in writing and presenting subject matter information that is both comprehensive and easy to understand.
• Excellent communication and reporting abilities to effectively present findings and risk mitigation strategies to both technical teams and executive stakeholders.
• Experience and working knowledge of risk management lifecycle, processes, and concepts.
• Strong analytical skills to assess potential impacts and likelihoods of various threat scenarios.
  
  

Evaluation Criteria

• Minimum 5 years extensive experience on conducting comprehensive security Threat and Risk Assessment (TRA) using frameworks such as NIST CSF, HTRA, and ISO 27001. Risk Assessment, mitigation recommendations and management with a strong focus on identifying vulnerabilities, analyzing potential impacts, and delivering actionable risk mitigation to stakeholders Risk management such as FAIR model.: 30 Points
• Minimum 5 years of extensive experience with Information security governance, with a strong ability to identify gaps between the current security posture and industry standards, best practices, and regulatory requirements.: 30 Points
• Minimum 5 years of hands-on experience with audit frameworks including IPC Audits, OAGO audits and SOC 2 Type II.: 20 Points
• 5+ years of experience authoring executive-level reports, developing cyber security program and risk registers, and delivering presentations to stakeholders and senior leadership. : 20 Points
• Total evaluation criteria: 100 Points
  
  

Deliverables

Deliverables include, but are not limited to:

• Development of security policies, standards, procedures, processes.
• Development of frameworks and models for select security capabilities
• Support implementation of new enterprise governance, risk and compliance tool.
• Support development of a cyber security strategy and key aspects of program development including program performance reporting.
• Support on completion of security assessment using tools based on NIST CSF.
• Review of Threat Risk Assessment, Vulnerability Assessment scan report, Penetration Test report and other security documents.
  
  

Notes

Assignment Type: This position is currently listed as "Hybrid". The resource under this request will be required to work onsite as per Hiring Manager sole discretion.

Term: The term of this Engagement Assignment is 81 Business Days.The Engagement Assignment may be extended for unused Business Days at Ontario Health's discretion.

The resource will comply with Ontario Health policies and procedures.

Ontario Health systems cannot be accessed from outside the province of Ontario, and Ontario Health assets including laptops and related equipment cannot be removed from the province of Ontario, without prior written approval from Ontario Health.

Location: Up to 3 days onsite (subject to HM’s discretion)

Public Sector Experience: Nice to Have

Eligibility and Application Steps

If you are enthusiastic about this exciting opportunity, we kindly request you to provide the following documents: [email protected]

Without mandatory documents, we cannot submit a candidate.

• Updated Resume in word format (Mandatory)
• Skills Matrix and References (Mandatory)
• Expected hourly rate (Mandatory)
• Visa Status (Mandatory)
• LinkedIn ID (Mandatory)
  
  

Please only apply if you meet the qualifications mentioned above. Feel free to share with your network or tag someone who fits for this role!

If you have any questions or need further clarification, feel free to call or text at (647) 408-1348.