We are seeking a highly accomplished Senior Security Specialist to lead multiple initiatives across Security Governance, Risk, and Compliance (GRC) and Cyber Defense Operations. In this role, you will hold complete technical ownership over security strategy, audit alignment, policy development, and security risk management frameworks. Operating within highly regulated environments, you will drive regulatory compliance, conduct comprehensive threat and risk assessments, and establish robust control frameworks to protect complex technology ecosystems from evolving cyber threats.
...
Location: Remote (Canada)
Duration: 12-month contract
Public Sector Experience: Required
Advantages
High-Impact Autonomy: Own the strategic defense and risk posture for highly sensitive public systems.
Diverse GRC Sandbox: Lead deep-dive audits, policy designs, and risk registers using modern security frameworks (NIST CSF, HTRA, ISO 27001).
C-Suite Visibility: Drive high-visibility briefings, presenting clear risk-remediation options directly to executive steering committees.
Full Remote Flexibility: Work from anywhere while remaining deeply integrated with key security leadership.
Responsibilities
Threat and Risk Assessments (TRA): Lead and execute comprehensive TRAs to isolate system vulnerabilities, evaluate business impacts, and deliver actionable mitigation blueprints to technical and business stakeholders.
Security Audit & Compliance Governance: Act as the principal authority for highly specialized regulatory audits, coordinating evidence collection, response workflows, and remediation planning.
Policy & Standards Engineering: Formulate, write, and implement enterprise-level information security policies, procedures, and architectural standards in strict alignment with privacy legislative requirements and industry best practices.
Gap Analysis & Risk Remediation: Evaluate active security postures against leading industry frameworks to identify, document, and remediate compliance gaps.
Executive-Level Strategy & Reporting: Author high-quality technical risk briefings, build cybersecurity program roadmaps, and maintain enterprise risk registers.
Security Testing & Scan Review: Review complex security diagnostics, including vulnerability assessments, penetration testing reports, and automated scans, converting findings into prioritizable mitigation tasks.
Enterprise GRC Tool Deployment: Support the strategic rollout, configuration, and optimization of modern enterprise governance, risk, and compliance software suites.
Stakeholder Advisory & Briefings: Lead strategic alignment workshops and steering discussions to communicate risk management concepts clearly to both engineering squads and executive leadership.
Qualifications
Information Security Audit Mastery: Minimum 8 years of direct, hands-on experience navigating and executing complex IPC (Information Privacy Commissioner) triennial audits and OAGO (Office of the Auditor General) audits (Strictly Required).
Threat and Risk Assessment Expertise: Minimum 5 years of comprehensive experience conducting formal security Threat and Risk Assessments (TRAs) using NIST CSF, HTRA, and ISO 27001 frameworks (Strictly Required).
Security Governance & Policy Engineering: Minimum 5 years of dedicated experience architecting information security governance programs, authoring policies, and running gap analyses against industry standards (Strictly Required).
Executive Advisory & Risk Reporting: 5+ years of professional experience authoring executive briefings, designing security program metrics, and maintaining enterprise risk registers (Strictly Required).
Public Sector Compliance Alignment: Deep, functional familiarity working within public-sector-adjacent compliance frameworks, including PHIPA legislative rules, SOC 2 Type II, and provincial security standards.
Technical Security Literacy: Solid working knowledge of security controls, cryptographic safeguards, network vulnerability testing, and IT management models (such as COBIT and SABSA).
Soft Skills: Outstanding consultative facilitation, technical writing, and communication mechanics, with an established history of translating complex vulnerabilities into clean, business-oriented risk mitigation steps.
Nice to Have:
Professional security designations (such as CISSP, CISA, CISM, CRISC, or CCSP).
Bachelor's or Master’s degree in Computer Science, Cyber Security, Information Technology, or a related quantitative field.
Summary
f you're interested in the "Senior Security Specialist" role based in Toronto, we encourage you to apply online at www.randstad.ca. Only qualified candidates will be contacted for the next steps. We look forward to hearing from you!
Randstad Canada is committed to fostering a workforce reflective of all peoples of Canada. As a result, we are committed to developing and implementing strategies to increase the equity, diversity and inclusion within the workplace by examining our internal policies, practices, and systems throughout the entire lifecycle of our workforce, including its recruitment, retention and advancement for all employees. In addition to our deep commitment to respecting human rights, we are dedicated to positive actions to affect change to ensure everyone has full participation in the workforce free from any barriers, systemic or otherwise, especially equity-seeking groups who are usually underrepresented in Canada's workforce, including those who identify as women or non-binary/gender non-conforming; Indigenous or Aboriginal Peoples; persons with disabilities (visible or invisible) and; members of visible minorities, racialized groups and the LGBTQ2+ community.
Randstad Canada is committed to creating and maintaining an inclusive and accessible workplace for all its candidates and employees by supporting their accessibility and accommodation needs throughout the employment lifecycle. We ask that all job applications please identify any accommodation requirements by sending an email to accessibility@randstad.ca to ensure their ability to fully participate in the interview process.
This posting is for existing and upcoming vacancies.
show more
We are seeking a highly accomplished Senior Security Specialist to lead multiple initiatives across Security Governance, Risk, and Compliance (GRC) and Cyber Defense Operations. In this role, you will hold complete technical ownership over security strategy, audit alignment, policy development, and security risk management frameworks. Operating within highly regulated environments, you will drive regulatory compliance, conduct comprehensive threat and risk assessments, and establish robust control frameworks to protect complex technology ecosystems from evolving cyber threats.
Location: Remote (Canada)
Duration: 12-month contract
Public Sector Experience: Required
Advantages
High-Impact Autonomy: Own the strategic defense and risk posture for highly sensitive public systems.
Diverse GRC Sandbox: Lead deep-dive audits, policy designs, and risk registers using modern security frameworks (NIST CSF, HTRA, ISO 27001).
C-Suite Visibility: Drive high-visibility briefings, presenting clear risk-remediation options directly to executive steering committees.
Full Remote Flexibility: Work from anywhere while remaining deeply integrated with key security leadership.
...
Responsibilities
Threat and Risk Assessments (TRA): Lead and execute comprehensive TRAs to isolate system vulnerabilities, evaluate business impacts, and deliver actionable mitigation blueprints to technical and business stakeholders.
Security Audit & Compliance Governance: Act as the principal authority for highly specialized regulatory audits, coordinating evidence collection, response workflows, and remediation planning.
Policy & Standards Engineering: Formulate, write, and implement enterprise-level information security policies, procedures, and architectural standards in strict alignment with privacy legislative requirements and industry best practices.
Gap Analysis & Risk Remediation: Evaluate active security postures against leading industry frameworks to identify, document, and remediate compliance gaps.
Executive-Level Strategy & Reporting: Author high-quality technical risk briefings, build cybersecurity program roadmaps, and maintain enterprise risk registers.
Security Testing & Scan Review: Review complex security diagnostics, including vulnerability assessments, penetration testing reports, and automated scans, converting findings into prioritizable mitigation tasks.
Enterprise GRC Tool Deployment: Support the strategic rollout, configuration, and optimization of modern enterprise governance, risk, and compliance software suites.
Stakeholder Advisory & Briefings: Lead strategic alignment workshops and steering discussions to communicate risk management concepts clearly to both engineering squads and executive leadership.
Qualifications
Information Security Audit Mastery: Minimum 8 years of direct, hands-on experience navigating and executing complex IPC (Information Privacy Commissioner) triennial audits and OAGO (Office of the Auditor General) audits (Strictly Required).
Threat and Risk Assessment Expertise: Minimum 5 years of comprehensive experience conducting formal security Threat and Risk Assessments (TRAs) using NIST CSF, HTRA, and ISO 27001 frameworks (Strictly Required).
Security Governance & Policy Engineering: Minimum 5 years of dedicated experience architecting information security governance programs, authoring policies, and running gap analyses against industry standards (Strictly Required).
Executive Advisory & Risk Reporting: 5+ years of professional experience authoring executive briefings, designing security program metrics, and maintaining enterprise risk registers (Strictly Required).
Public Sector Compliance Alignment: Deep, functional familiarity working within public-sector-adjacent compliance frameworks, including PHIPA legislative rules, SOC 2 Type II, and provincial security standards.
Technical Security Literacy: Solid working knowledge of security controls, cryptographic safeguards, network vulnerability testing, and IT management models (such as COBIT and SABSA).
Soft Skills: Outstanding consultative facilitation, technical writing, and communication mechanics, with an established history of translating complex vulnerabilities into clean, business-oriented risk mitigation steps.
Nice to Have:
Professional security designations (such as CISSP, CISA, CISM, CRISC, or CCSP).
Bachelor's or Master’s degree in Computer Science, Cyber Security, Information Technology, or a related quantitative field.
Summary
f you're interested in the "Senior Security Specialist" role based in Toronto, we encourage you to apply online at www.randstad.ca. Only qualified candidates will be contacted for the next steps. We look forward to hearing from you!
Randstad Canada is committed to fostering a workforce reflective of all peoples of Canada. As a result, we are committed to developing and implementing strategies to increase the equity, diversity and inclusion within the workplace by examining our internal policies, practices, and systems throughout the entire lifecycle of our workforce, including its recruitment, retention and advancement for all employees. In addition to our deep commitment to respecting human rights, we are dedicated to positive actions to affect change to ensure everyone has full participation in the workforce free from any barriers, systemic or otherwise, especially equity-seeking groups who are usually underrepresented in Canada's workforce, including those who identify as women or non-binary/gender non-conforming; Indigenous or Aboriginal Peoples; persons with disabilities (visible or invisible) and; members of visible minorities, racialized groups and the LGBTQ2+ community.
Randstad Canada is committed to creating and maintaining an inclusive and accessible workplace for all its candidates and employees by supporting their accessibility and accommodation needs throughout the employment lifecycle. We ask that all job applications please identify any accommodation requirements by sending an email to accessibility@randstad.ca to ensure their ability to fully participate in the interview process.
This posting is for existing and upcoming vacancies.
show more