We are seeking an expert Senior Security Specialist to spearhead advanced threat risk engineering, architecture modeling, and governance optimization. In this role, you will take absolute technical ownership of discovering, evaluating, and mitigating complex security liabilities across physical, cyber, and operational domains. Serving as a senior authority within the Information Security Office, you will establish next-generation workflows, build comprehensive system threat models, and author defensive security roadmaps to expand the long-term risk maturity of enterprise application environments.
...
Location: Toronto, ON (Up to 5 days onsite; subject to hiring manager's discretion)
Duration: 9-month contract
Advantages
Strategic Influence: Shape the core risk workflow and security posture of a highly regulated enterprise infrastructure.
Advanced Threat Stack: Command advanced threat modeling strategies (STRIDE, MITRE ATT&CK) over diverse cyber and operational domains.
Executive Visibility: Act as a key security advisor, presenting critical risk matrices and strategic remediation roadmaps directly to senior leadership.
High-Impact Engagement: Drive a specialized, master-tier security track focused on defense-in-depth maturity and compliance optimization.
Responsibilities
Threat Risk Assessment Governance: Lead end-to-end Threat Risk Assessment (TRA) initiatives to discover and prioritize system vulnerabilities, mapping systemic exposures against established risk tolerance thresholds.
Advanced Threat Modeling: Design and build complex system threat models and visual architecture data flow diagrams using frameworks to map out potential attack vectors and mitigation entry points.
Risk Register & Architecture Tracking: Construct and maintain structured corporate risk registers, tracking asset classifications, vulnerability scores, remediation ownership, and compliance dependencies.
Security Gap Analysis: Conduct detailed technical gap analyses to identify systemic discrepancies between current infrastructure postures and global security frameworks, regulatory guidelines, or industry standards.
Remediation Strategy Engineering: Formulate detailed operational remediation blueprints, action timelines, and security controls to systematically lower identified risks to acceptable organizational levels.
Vulnerability Assessment Management: Review, interpret, and summarize deep technical telemetry and infrastructure scan outputs originating from platform vulnerability assessment utilities.
Executive & Technical Advisory: Distill dense infrastructure vulnerabilities into high-level executive summaries, compliance mapping briefs, and technical documentation, presenting findings directly to engineering teams and executive leadership.
Continuous Framework Improvement: Contribute to the continuous expansion and modernization of information security governance policies, ensuring ongoing readiness for external security audits.
Qualifications
Core Security Seniority: 10+ years of progressive professional experience leading enterprise-level Threat Risk Assessments (TRA) and Information Security governance initiatives.
Risk Framework Mastery: 10+ years of deep technical knowledge developing risk assessment matrices utilizing global industry frameworks (e.g., ISO 31000, NIST RMF, FAIR, or ISO 27001).
Threat Modeling Expertise: 10+ years of practical experience implementing structural threat modeling methodologies (e.g., STRIDE, DREAD, PASTA, or MITRE ATT&CK), including attack tree development.
Vulnerability & Data Analysis: Profound analytical capability evaluating technical vulnerabilities across physical, cyber, and operational domains to determine likelihood and business impact.
Regulatory & Compliance Savvy: Solid familiarity aligning technical security controls with industry compliance mandates and health privacy legislations (such as PHIPAA).
Governance Tooling Competency: Minimum of 7+ years of experience structuring security policies and defensive controls in alignment with NIST CSF and CIS Controls.
Communication Excellence: Outstanding verbal, written, and presentation skills with a proven track record of authoring executive-level summary decks and running technical stakeholder briefings.
Nice to Have:
Prior professional Information Security experience operating within a public sector or government I&IT infrastructure framework.
Summary
If you're interested in the "Senior Security Specialist" role based in Toronto, we encourage you to apply online at www.randstad.ca. Only qualified candidates will be contacted for the next steps. We look forward to hearing from you!
Randstad Canada is committed to fostering a workforce reflective of all peoples of Canada. As a result, we are committed to developing and implementing strategies to increase the equity, diversity and inclusion within the workplace by examining our internal policies, practices, and systems throughout the entire lifecycle of our workforce, including its recruitment, retention and advancement for all employees. In addition to our deep commitment to respecting human rights, we are dedicated to positive actions to affect change to ensure everyone has full participation in the workforce free from any barriers, systemic or otherwise, especially equity-seeking groups who are usually underrepresented in Canada's workforce, including those who identify as women or non-binary/gender non-conforming; Indigenous or Aboriginal Peoples; persons with disabilities (visible or invisible) and; members of visible minorities, racialized groups and the LGBTQ2+ community.
Randstad Canada is committed to creating and maintaining an inclusive and accessible workplace for all its candidates and employees by supporting their accessibility and accommodation needs throughout the employment lifecycle. We ask that all job applications please identify any accommodation requirements by sending an email to accessibility@randstad.ca to ensure their ability to fully participate in the interview process.
This posting is for existing and upcoming vacancies.
show more
We are seeking an expert Senior Security Specialist to spearhead advanced threat risk engineering, architecture modeling, and governance optimization. In this role, you will take absolute technical ownership of discovering, evaluating, and mitigating complex security liabilities across physical, cyber, and operational domains. Serving as a senior authority within the Information Security Office, you will establish next-generation workflows, build comprehensive system threat models, and author defensive security roadmaps to expand the long-term risk maturity of enterprise application environments.
Location: Toronto, ON (Up to 5 days onsite; subject to hiring manager's discretion)
Duration: 9-month contract
Advantages
Strategic Influence: Shape the core risk workflow and security posture of a highly regulated enterprise infrastructure.
Advanced Threat Stack: Command advanced threat modeling strategies (STRIDE, MITRE ATT&CK) over diverse cyber and operational domains.
Executive Visibility: Act as a key security advisor, presenting critical risk matrices and strategic remediation roadmaps directly to senior leadership.
...
High-Impact Engagement: Drive a specialized, master-tier security track focused on defense-in-depth maturity and compliance optimization.
Responsibilities
Threat Risk Assessment Governance: Lead end-to-end Threat Risk Assessment (TRA) initiatives to discover and prioritize system vulnerabilities, mapping systemic exposures against established risk tolerance thresholds.
Advanced Threat Modeling: Design and build complex system threat models and visual architecture data flow diagrams using frameworks to map out potential attack vectors and mitigation entry points.
Risk Register & Architecture Tracking: Construct and maintain structured corporate risk registers, tracking asset classifications, vulnerability scores, remediation ownership, and compliance dependencies.
Security Gap Analysis: Conduct detailed technical gap analyses to identify systemic discrepancies between current infrastructure postures and global security frameworks, regulatory guidelines, or industry standards.
Remediation Strategy Engineering: Formulate detailed operational remediation blueprints, action timelines, and security controls to systematically lower identified risks to acceptable organizational levels.
Vulnerability Assessment Management: Review, interpret, and summarize deep technical telemetry and infrastructure scan outputs originating from platform vulnerability assessment utilities.
Executive & Technical Advisory: Distill dense infrastructure vulnerabilities into high-level executive summaries, compliance mapping briefs, and technical documentation, presenting findings directly to engineering teams and executive leadership.
Continuous Framework Improvement: Contribute to the continuous expansion and modernization of information security governance policies, ensuring ongoing readiness for external security audits.
Qualifications
Core Security Seniority: 10+ years of progressive professional experience leading enterprise-level Threat Risk Assessments (TRA) and Information Security governance initiatives.
Risk Framework Mastery: 10+ years of deep technical knowledge developing risk assessment matrices utilizing global industry frameworks (e.g., ISO 31000, NIST RMF, FAIR, or ISO 27001).
Threat Modeling Expertise: 10+ years of practical experience implementing structural threat modeling methodologies (e.g., STRIDE, DREAD, PASTA, or MITRE ATT&CK), including attack tree development.
Vulnerability & Data Analysis: Profound analytical capability evaluating technical vulnerabilities across physical, cyber, and operational domains to determine likelihood and business impact.
Regulatory & Compliance Savvy: Solid familiarity aligning technical security controls with industry compliance mandates and health privacy legislations (such as PHIPAA).
Governance Tooling Competency: Minimum of 7+ years of experience structuring security policies and defensive controls in alignment with NIST CSF and CIS Controls.
Communication Excellence: Outstanding verbal, written, and presentation skills with a proven track record of authoring executive-level summary decks and running technical stakeholder briefings.
Nice to Have:
Prior professional Information Security experience operating within a public sector or government I&IT infrastructure framework.
Summary
If you're interested in the "Senior Security Specialist" role based in Toronto, we encourage you to apply online at www.randstad.ca. Only qualified candidates will be contacted for the next steps. We look forward to hearing from you!
Randstad Canada is committed to fostering a workforce reflective of all peoples of Canada. As a result, we are committed to developing and implementing strategies to increase the equity, diversity and inclusion within the workplace by examining our internal policies, practices, and systems throughout the entire lifecycle of our workforce, including its recruitment, retention and advancement for all employees. In addition to our deep commitment to respecting human rights, we are dedicated to positive actions to affect change to ensure everyone has full participation in the workforce free from any barriers, systemic or otherwise, especially equity-seeking groups who are usually underrepresented in Canada's workforce, including those who identify as women or non-binary/gender non-conforming; Indigenous or Aboriginal Peoples; persons with disabilities (visible or invisible) and; members of visible minorities, racialized groups and the LGBTQ2+ community.
Randstad Canada is committed to creating and maintaining an inclusive and accessible workplace for all its candidates and employees by supporting their accessibility and accommodation needs throughout the employment lifecycle. We ask that all job applications please identify any accommodation requirements by sending an email to accessibility@randstad.ca to ensure their ability to fully participate in the interview process.
This posting is for existing and upcoming vacancies.
show more
