Senior Security Consultant

仕事内容

Senior Security Consultant (Contract Position)

Number of Positions: 1 Filled: 0 Duration: 8 months

Location: Markham, ON, CA

Must be eligible to work in Canada

Hybrid position, 2 days in Markham office

Roles and responsibilities:

As the Lead Consultant, Security Advisory Service (SAS), this role will primarily involve reviewing, and where required, conducting Information Security Risk Assessments

(ISRAs) for internal solutions, technology projects; and Third-Party Information Security Assessments

The role is to perform TPISA, Third Party Information Security Assessments, to evaluate the business partners’ security posture and contractual obligations to protect the client and it clients. The Senior Consultant will need to identify and manage cybersecurity risks, policy exception requests,

and a wide-range of cybersecurity consulting requests for the client’s technology and business teams.

• Provide oversight on assessments, risk identification and risk management, processes, and

tools for managing and reporting risks, and improve the quality of services

• Identify gaps in existing processes and technology and develop remediation plans to address

risks

• Assist in the development of cybersecurity risk reporting including the ongoing development

and improvement of Key Risk Indicators (KRIs)

• Provide leadership and mentoring to team members.

• Provide oversight on a wide variety of security solutions, projects, and new technologies

Other key responsibilities include:

• Provide senior management and executives with information security trends, the status of

identified risks, and the effectiveness of work activities

• Increase visibility of cybersecurity risks where and when appropriate with the respective

collaborators when risk action plan target dates are not met

• Manage the pen test and PCI compliance attestation programs

• Preparing for internal Risks and Control Assessments

Must have skills / experiences

• Minimum 10+ years’ of progressive experience in cybersecurity risk management, vendor

assessments, and application security design & architecture

• Strong understanding of cybersecurity industry standards, principles and practices, as well as

risk concepts

• Proven management and leadership skills in communication, prioritization and developing

talent

• Ability to understand complex processes and make sound judgement calls.

• Ability to negotiate and influence others to achieve optimal results.

• Knowledge of Ariba, Archer GRC or equivalent platforms.

• Post-secondary education in Computer Science, Computer Engineering, IT security, risk

management, or comparable professional training.

• Professional designation relating to cybersecurity or IT risk (e.g. CISSP, CISA, CISM, CCSP/CCSK, GIAC) preferred.