détails d'emploi
Do you have 5-7 years experience of risk management frameworks (e.g., ISO 31000, NIST RMF – Risk Management Framework) and threat modelling methodologies (e.g., STRIDE, DREAD)? Do you have 5-7 years experience assessing potential impacts and likelihoods of various threat scenarios? If so, this would be a great opportunity for you!
...
Our client is looking for a Senior Security Specialist for a 6 month contract in Toronto.
This is a hybrid role.
Advantages
• Earn a competitive rate within the industry
• Location: 2 days onsite/3 days remote
Responsibilities
• Lead end-to-end Threat Risk Assessment (TRA) initiatives across systems, processes, and assets.
• Develop and apply threat models to assess organizational security posture.
• Collaborate with stakeholders to align assessments with business objectives and risk tolerance.
• Analyze vulnerabilities and assess threats to determine likelihood and potential impact.
• Produce detailed TRA reports, documenting findings, recommendations, and risk ratings.
• Maintain risk registers and track remediation efforts.
• Propose actionable mitigation strategies based on assessment outcomes.
• Ensure alignment with:
- Regulatory requirements
- Industry standards
- Organizational security policies
• Communicate findings effectively to both technical teams and executive leadership.
• Support audit and compliance activities as needed.
• Contribute to the continuous improvement of risk management frameworks and methodologies.
• Stay informed on emerging threats, vulnerabilities, and security best practices.
Qualifications
Must Haves:
• 5-7 years experience of risk management frameworks (e.g., ISO 31000, NIST RMF – Risk Management Framework) and threat modelling methodologies (e.g., STRIDE, DREAD).
• 5-7 years experience identifying, evaluating, and prioritizing threats and vulnerabilities across physical, cyber, and operational domains.
• 5-7 years experience assessing potential impacts and likelihoods of various threat scenarios.
Nice to have:
• Familiarity with legal, regulatory, and compliance requirements, ensuring assessments align with organizational and industry standards (e.g., PHIPAA - Personal Health Information Protection Act).
Must haves:
· In-depth knowledge of risk management frameworks (e.g., ISO 31000, NIST RMF – Risk Management Framework) and threat modelling methodologies (e.g., STRIDE, DREAD).
· Expertise in identifying, evaluating, and prioritizing threats and vulnerabilities across physical, cyber, and operational domains.
· Strong analytical skills to assess potential impacts and likelihoods of various threat scenarios.
· Proficiency risk assessment matrices
· Excellent communication and reporting abilities to effectively present findings and risk mitigation strategies to both technical teams and executive stakeholders.
· Familiarity with legal, regulatory, and compliance requirements, ensuring assessments align with organizational and industry standards (e.g., PHIPAA - Personal Health Information Protection Act).
· Proactive mindset and situational awareness to anticipate and adapt to emerging threats in a dynamic risk environment.
Desired Skills:
· Demonstrated expertise in enterprise risk analysis, with a solid background in applying risk management frameworks such as ISO 31000, FAIR, and NIST RMF to identify, evaluate, and prioritize organizational security risks.
· Hands-on experience conducting structured threat analysis, utilizing methodologies like STRIDE, PASTA (Process for Attack Simulation and Threat Analysis), and MITRE ATT&CK. Familiarity with creating threat models, mapping attack surfaces, and visualizing system flows to uncover security weaknesses.
· Strong command of cybersecurity governance practices, including the development and enforcement of information security policies and standards. Practical understanding of how to align internal controls with recognized frameworks like ISO 27001, NIST CSF, and the CIS Critical Security Controls.
· Proven ability to translate technical risk findings into clear business language, producing high-quality documentation such as executive summaries, detailed risk reports, and stakeholder presentations. Skilled in managing communication between technical teams and leadership to drive informed decision-making.
Required Skills:
· Risk Management & Assessment – 5–7 years
Proven experience in conducting threat risk assessments using frameworks like ISO 31000, NIST RMF, or Factor Analysis of Information Risk (FAIR).
· Threat Modeling – 3–5 years
Practical knowledge of threat modeling techniques (e.g., STRIDE, PASTA, MITRE ATT&CK), including development of data flow diagrams and attack vectors.
· Information Security Governance – 5+ years
Strong understanding of security policies, standards, and controls aligned with ISO 27001, NIST CSF, and CIS Controls.
· Communication & Reporting – 5+ years
Skilled in writing technical and executive-level reports, risk registers, and presenting to stakeholders and leadership.
Summary
If you are interested in the Senior Security Specialist role in Toronto, please apply online at www.randstad.ca. Qualified candidates will be contacted.
Randstad Canada is committed to fostering a workforce reflective of all peoples of Canada. As a result, we are committed to developing and implementing strategies to increase the equity, diversity and inclusion within the workplace by examining our internal policies, practices, and systems throughout the entire lifecycle of our workforce, including its recruitment, retention and advancement for all employees. In addition to our deep commitment to respecting human rights, we are dedicated to positive actions to affect change to ensure everyone has full participation in the workforce free from any barriers, systemic or otherwise, especially equity-seeking groups who are usually underrepresented in Canada's workforce, including those who identify as women or non-binary/gender non-conforming; Indigenous or Aboriginal Peoples; persons with disabilities (visible or invisible) and; members of visible minorities, racialized groups and the LGBTQ2+ community.
Randstad Canada is committed to creating and maintaining an inclusive and accessible workplace for all its candidates and employees by supporting their accessibility and accommodation needs throughout the employment lifecycle. We ask that all job applications please identify any accommodation requirements by sending an email to accessibility@randstad.ca to ensure their ability to fully participate in the interview process.
voir plus
Do you have 5-7 years experience of risk management frameworks (e.g., ISO 31000, NIST RMF – Risk Management Framework) and threat modelling methodologies (e.g., STRIDE, DREAD)? Do you have 5-7 years experience assessing potential impacts and likelihoods of various threat scenarios? If so, this would be a great opportunity for you!
Our client is looking for a Senior Security Specialist for a 6 month contract in Toronto.
This is a hybrid role.
Advantages
• Earn a competitive rate within the industry
• Location: 2 days onsite/3 days remote
Responsibilities
• Lead end-to-end Threat Risk Assessment (TRA) initiatives across systems, processes, and assets.
• Develop and apply threat models to assess organizational security posture.
• Collaborate with stakeholders to align assessments with business objectives and risk tolerance.
• Analyze vulnerabilities and assess threats to determine likelihood and potential impact.
• Produce detailed TRA reports, documenting findings, recommendations, and risk ratings.
• Maintain risk registers and track remediation efforts.
• Propose actionable mitigation strategies based on assessment outcomes.
...
• Ensure alignment with:
- Regulatory requirements
- Industry standards
- Organizational security policies
• Communicate findings effectively to both technical teams and executive leadership.
• Support audit and compliance activities as needed.
• Contribute to the continuous improvement of risk management frameworks and methodologies.
• Stay informed on emerging threats, vulnerabilities, and security best practices.
Qualifications
Must Haves:
• 5-7 years experience of risk management frameworks (e.g., ISO 31000, NIST RMF – Risk Management Framework) and threat modelling methodologies (e.g., STRIDE, DREAD).
• 5-7 years experience identifying, evaluating, and prioritizing threats and vulnerabilities across physical, cyber, and operational domains.
• 5-7 years experience assessing potential impacts and likelihoods of various threat scenarios.
Nice to have:
• Familiarity with legal, regulatory, and compliance requirements, ensuring assessments align with organizational and industry standards (e.g., PHIPAA - Personal Health Information Protection Act).
Must haves:
· In-depth knowledge of risk management frameworks (e.g., ISO 31000, NIST RMF – Risk Management Framework) and threat modelling methodologies (e.g., STRIDE, DREAD).
· Expertise in identifying, evaluating, and prioritizing threats and vulnerabilities across physical, cyber, and operational domains.
· Strong analytical skills to assess potential impacts and likelihoods of various threat scenarios.
· Proficiency risk assessment matrices
· Excellent communication and reporting abilities to effectively present findings and risk mitigation strategies to both technical teams and executive stakeholders.
· Familiarity with legal, regulatory, and compliance requirements, ensuring assessments align with organizational and industry standards (e.g., PHIPAA - Personal Health Information Protection Act).
· Proactive mindset and situational awareness to anticipate and adapt to emerging threats in a dynamic risk environment.
Desired Skills:
· Demonstrated expertise in enterprise risk analysis, with a solid background in applying risk management frameworks such as ISO 31000, FAIR, and NIST RMF to identify, evaluate, and prioritize organizational security risks.
· Hands-on experience conducting structured threat analysis, utilizing methodologies like STRIDE, PASTA (Process for Attack Simulation and Threat Analysis), and MITRE ATT&CK. Familiarity with creating threat models, mapping attack surfaces, and visualizing system flows to uncover security weaknesses.
· Strong command of cybersecurity governance practices, including the development and enforcement of information security policies and standards. Practical understanding of how to align internal controls with recognized frameworks like ISO 27001, NIST CSF, and the CIS Critical Security Controls.
· Proven ability to translate technical risk findings into clear business language, producing high-quality documentation such as executive summaries, detailed risk reports, and stakeholder presentations. Skilled in managing communication between technical teams and leadership to drive informed decision-making.
Required Skills:
· Risk Management & Assessment – 5–7 years
Proven experience in conducting threat risk assessments using frameworks like ISO 31000, NIST RMF, or Factor Analysis of Information Risk (FAIR).
· Threat Modeling – 3–5 years
Practical knowledge of threat modeling techniques (e.g., STRIDE, PASTA, MITRE ATT&CK), including development of data flow diagrams and attack vectors.
· Information Security Governance – 5+ years
Strong understanding of security policies, standards, and controls aligned with ISO 27001, NIST CSF, and CIS Controls.
· Communication & Reporting – 5+ years
Skilled in writing technical and executive-level reports, risk registers, and presenting to stakeholders and leadership.
Summary
If you are interested in the Senior Security Specialist role in Toronto, please apply online at www.randstad.ca. Qualified candidates will be contacted.
Randstad Canada is committed to fostering a workforce reflective of all peoples of Canada. As a result, we are committed to developing and implementing strategies to increase the equity, diversity and inclusion within the workplace by examining our internal policies, practices, and systems throughout the entire lifecycle of our workforce, including its recruitment, retention and advancement for all employees. In addition to our deep commitment to respecting human rights, we are dedicated to positive actions to affect change to ensure everyone has full participation in the workforce free from any barriers, systemic or otherwise, especially equity-seeking groups who are usually underrepresented in Canada's workforce, including those who identify as women or non-binary/gender non-conforming; Indigenous or Aboriginal Peoples; persons with disabilities (visible or invisible) and; members of visible minorities, racialized groups and the LGBTQ2+ community.
Randstad Canada is committed to creating and maintaining an inclusive and accessible workplace for all its candidates and employees by supporting their accessibility and accommodation needs throughout the employment lifecycle. We ask that all job applications please identify any accommodation requirements by sending an email to accessibility@randstad.ca to ensure their ability to fully participate in the interview process.
voir pluspartager l'offre d'emploi
