We are seeking a highly credentialed Sr. Cybersecurity Analyst for a 24-month engagement in Toronto. This role is focused on the Governance, Risk, and Compliance (GRC) aspects of both Information Technology (IT) and Operational Technology (OT) environments. You will lead critical risk mitigation efforts, conduct comprehensive Privacy Impact Assessments (PIAs), and establish robust security governance frameworks to protect the City's infrastructure and critical cyber systems.
...
Duration: 24-month contract
Location: Toronto, ON (Hybrid – 2 to 3 days onsite per week)
Rate: $63.85-$70.51/hr
Advantages
Long-Term Impact: A 24-month term allows for the deep implementation of a mature security posture across a large municipal ecosystem.
OT/IT Convergence: Gain high-value experience protecting both traditional enterprise IT and critical industrial operational technology.
Strategic Visibility: Influence high-level policy and strategy while providing predictive analytics to senior leadership.
Professional Growth: Work at the intersection of privacy law and technical cybersecurity, a high-demand niche in the current market.
Responsibilities
Risk Assessment Leadership: Conduct end-to-end security and privacy risk assessments for new and existing systems, analyzing controls and evaluating security architecture across IT and Industrial (OT) environments.
Privacy & Compliance: Lead Privacy Impact Assessments (PIAs) and ensure strict adherence to Canadian regulations including PHIPA, MFIPPA, CASL, and the Critical Cyber Systems Protection Act (CCSPA).
Governance Frameworks: Develop, enhance, and communicate enterprise-wide security policies, standards, and procedures aligned with frameworks such as NIST CSF, ISO 27001/2, and ISA/IEC 62443.
Vulnerability Management: Analyze security controls and perform gap assessments to validate program compliance, facilitating the remediation of control gaps and escalating critical risks to leadership.
Third-Party Risk Management (TPRM): Perform due diligence on third-party vendors and review security sections of procurement documents (RFIs/RFPs, Contracts, POs) to ensure vendor adherence to security standards.
Compliance Design: Design and document technical, administrative, and physical controls to meet both the requirements and the intent of regulatory obligations.
Predictive Risk Analytics: Provide focused risk analytics to de-risk business strategies, optimize capital use, and ensure business objectives are met securely.
Qualifications
Experience: 10+ years in Information Technology, with 7+ years of dedicated Cybersecurity experience in GRC and 5+ years specifically conducting Privacy Risk/Impact Assessments.
Mandatory Certification: Must hold either CRISC (Certified in Risk and Information Systems Control) or CISSP (Certified Information Systems Security Professional).
Framework Expertise: Deep knowledge of NIST CSF, ISO/IEC 27001, ISA/IEC 62443 (OT/ICS), NERC CIP, and SOC2.
Technical Breadth: Strong background in Security Architecture (Cloud/Hybrid/OT) and networking principles (TCP/IP, SAMLv2, OAuth, SSL/TLS).
Regulatory Knowledge: Expert application of Canadian privacy and cyber security legislation.
Education: University degree in Computer Science, Cybersecurity, or a related field.
Soft Skills: Exceptional written and verbal communication skills with fastidious attention to detail and a proven ability to manage multiple priorities in a fast-paced environment.
Deliverables
Comprehensive Security & Privacy Risk Assessment reports.
Updated Security Governance and Compliance standards.
Third-party Cyber Risk Management due diligence reports.
Documented technical and administrative control designs.
Project-specific GRC advisory artifacts.
Summary
If you are a GRC expert with a passion for protecting critical infrastructure and a deep understanding of the Canadian regulatory landscape, we encourage you to apply today!
Randstad Canada is committed to fostering a workforce reflective of all peoples of Canada. As a result, we are committed to developing and implementing strategies to increase the equity, diversity and inclusion within the workplace by examining our internal policies, practices, and systems throughout the entire lifecycle of our workforce, including its recruitment, retention and advancement for all employees. In addition to our deep commitment to respecting human rights, we are dedicated to positive actions to affect change to ensure everyone has full participation in the workforce free from any barriers, systemic or otherwise, especially equity-seeking groups who are usually underrepresented in Canada's workforce, including those who identify as women or non-binary/gender non-conforming; Indigenous or Aboriginal Peoples; persons with disabilities (visible or invisible) and; members of visible minorities, racialized groups and the LGBTQ2+ community.
Randstad Canada is committed to creating and maintaining an inclusive and accessible workplace for all its candidates and employees by supporting their accessibility and accommodation needs throughout the employment lifecycle. We ask that all job applications please identify any accommodation requirements by sending an email to accessibility@randstad.ca to ensure their ability to fully participate in the interview process.
This posting is for existing and upcoming vacancies.
show more
We are seeking a highly credentialed Sr. Cybersecurity Analyst for a 24-month engagement in Toronto. This role is focused on the Governance, Risk, and Compliance (GRC) aspects of both Information Technology (IT) and Operational Technology (OT) environments. You will lead critical risk mitigation efforts, conduct comprehensive Privacy Impact Assessments (PIAs), and establish robust security governance frameworks to protect the City's infrastructure and critical cyber systems.
Duration: 24-month contract
Location: Toronto, ON (Hybrid – 2 to 3 days onsite per week)
Rate: $63.85-$70.51/hr
Advantages
Long-Term Impact: A 24-month term allows for the deep implementation of a mature security posture across a large municipal ecosystem.
OT/IT Convergence: Gain high-value experience protecting both traditional enterprise IT and critical industrial operational technology.
Strategic Visibility: Influence high-level policy and strategy while providing predictive analytics to senior leadership.
Professional Growth: Work at the intersection of privacy law and technical cybersecurity, a high-demand niche in the current market.
...
Responsibilities
Risk Assessment Leadership: Conduct end-to-end security and privacy risk assessments for new and existing systems, analyzing controls and evaluating security architecture across IT and Industrial (OT) environments.
Privacy & Compliance: Lead Privacy Impact Assessments (PIAs) and ensure strict adherence to Canadian regulations including PHIPA, MFIPPA, CASL, and the Critical Cyber Systems Protection Act (CCSPA).
Governance Frameworks: Develop, enhance, and communicate enterprise-wide security policies, standards, and procedures aligned with frameworks such as NIST CSF, ISO 27001/2, and ISA/IEC 62443.
Vulnerability Management: Analyze security controls and perform gap assessments to validate program compliance, facilitating the remediation of control gaps and escalating critical risks to leadership.
Third-Party Risk Management (TPRM): Perform due diligence on third-party vendors and review security sections of procurement documents (RFIs/RFPs, Contracts, POs) to ensure vendor adherence to security standards.
Compliance Design: Design and document technical, administrative, and physical controls to meet both the requirements and the intent of regulatory obligations.
Predictive Risk Analytics: Provide focused risk analytics to de-risk business strategies, optimize capital use, and ensure business objectives are met securely.
Qualifications
Experience: 10+ years in Information Technology, with 7+ years of dedicated Cybersecurity experience in GRC and 5+ years specifically conducting Privacy Risk/Impact Assessments.
Mandatory Certification: Must hold either CRISC (Certified in Risk and Information Systems Control) or CISSP (Certified Information Systems Security Professional).
Framework Expertise: Deep knowledge of NIST CSF, ISO/IEC 27001, ISA/IEC 62443 (OT/ICS), NERC CIP, and SOC2.
Technical Breadth: Strong background in Security Architecture (Cloud/Hybrid/OT) and networking principles (TCP/IP, SAMLv2, OAuth, SSL/TLS).
Regulatory Knowledge: Expert application of Canadian privacy and cyber security legislation.
Education: University degree in Computer Science, Cybersecurity, or a related field.
Soft Skills: Exceptional written and verbal communication skills with fastidious attention to detail and a proven ability to manage multiple priorities in a fast-paced environment.
Deliverables
Comprehensive Security & Privacy Risk Assessment reports.
Updated Security Governance and Compliance standards.
Third-party Cyber Risk Management due diligence reports.
Documented technical and administrative control designs.
Project-specific GRC advisory artifacts.
Summary
If you are a GRC expert with a passion for protecting critical infrastructure and a deep understanding of the Canadian regulatory landscape, we encourage you to apply today!
Randstad Canada is committed to fostering a workforce reflective of all peoples of Canada. As a result, we are committed to developing and implementing strategies to increase the equity, diversity and inclusion within the workplace by examining our internal policies, practices, and systems throughout the entire lifecycle of our workforce, including its recruitment, retention and advancement for all employees. In addition to our deep commitment to respecting human rights, we are dedicated to positive actions to affect change to ensure everyone has full participation in the workforce free from any barriers, systemic or otherwise, especially equity-seeking groups who are usually underrepresented in Canada's workforce, including those who identify as women or non-binary/gender non-conforming; Indigenous or Aboriginal Peoples; persons with disabilities (visible or invisible) and; members of visible minorities, racialized groups and the LGBTQ2+ community.
Randstad Canada is committed to creating and maintaining an inclusive and accessible workplace for all its candidates and employees by supporting their accessibility and accommodation needs throughout the employment lifecycle. We ask that all job applications please identify any accommodation requirements by sending an email to accessibility@randstad.ca to ensure their ability to fully participate in the interview process.
This posting is for existing and upcoming vacancies.
show more
