IT Security Risk & Compliance Specialist

LeverageTek is actively seeking an IT Security Risk & Compliance Specialist for a 6-month contract with its Ottawa-based customer

Work Location

The successful candidate will be required to work 1x/week on-site at the customer location in Ottawa

Key Tasks

• Responsible for developing and performing cybersecurity risk, compliance, and threat management capabilities with a focus on threat risk assessments and risk management related to vendors, partners, and technology solutions
• Provide IT security and risk advisory support, including for domains of vendor and supply-chain security, SDLC and project risks
• Contribute to the development and performance of security risk and compliance management programs and associated governance frameworks and processes
• Perform IT security risk assessment processes, including completion of assessment report documentation and summary presentations as necessary
• Perform supply chain security assessments across IT products, SaaS and hosted services, and other 3rd party support services partners to ensure security controls are appropriate for business needs and the sensitivity of data involved
• Contribute to the development and continuous improvement of risk assessment processes and governance frameworks and documentation
• Support the integration and continuous improvement of IT security risk and compliance management into IT architecture, engineering, software, system integration, and system development lifecycle processes
• Prepare reports, policies, standards, and other documentation of a high standard regarding cyber security guidance and/or requirements
• Support the development and documentation of cybersecurity policies, guidelines and security operational procedures
• Provide high quality and customer-focused support to both IT and internal user/stakeholder clients by responding to requests and assignments in a timely, respectful, constructive, and responsive manner
• Perform other related duties as needed

Key Qualifications

• 8+ years experience conducting IT security threat and risk assessments (TRA) and preparing formal TRA reporting documentation
• Expertise assessing current state compliance against selected IT security and control frameworks, standards, or audit charter objectives
• Experience developing effective IT security policy, standard, and guideline documentation

Qualifications

• University degree in Computer Science/Engineering or College diploma
• Experience preparing risk, compliance, and/or security program planning and status reporting
• Experience selecting, implementing, and ensuring conformance with IT Security industry best practices and relevant standards and regulations (e.g., NIST Cybersecurity Framework, ISO/IEC 27001/2, COBIT, SOC 2, Information Security Forum, PCI-DSS, Cloud Security Alliance, SANS, CIS Benchmarks, etc.)
• Experience selecting, applying, and assessing security control implementation for the following: Commercial SaaS platforms and tools; Azure infrastructure services (including virtual machines, network security groups, and network zoning and infrastructure-as-code (IaC) automation); Azure native services (such as backup, encryption, and monitoring); Microsoft 365 services; On premise network infrastructures (including boundary protections, monitoring, and network zoning); Portable and mobile computing devices (including Windows and Mac laptops, and mobile iOS platforms)
• Experience implementing, monitoring, and reporting from Azure and M365 portals and tools for supporting compliance, vulnerability management, and security score posture optimization
• Expertise developing governance frameworks and associated documentation for IT security risk management or compliance programs
• Experience with Microsoft Purview, specifically related to label policy and information protection control implementation
• Experience developing future state security capability profiles and IT security strategy towards achieving desired future state
• Experience conducting security maturity and gap assessments against a desired target control posture state
• Experience applying IT security and compliance concepts to Google Cloud Platform (GCP) environments
• Excellent written and oral interpersonal communications skills
• Results oriented with excellent time and project management skills

Assets

• French considered a strong asset

About LeverageTek Staffing Solutions

Founded in 2003, LeverageTek provides end-to-end, cross-functional staffing solutions throughout North America. We are a trusted partner to leading private and public sector organizations and experts in talent solutions that create optimal business outcomes.

Don’t let our name fool you. Our roots are in technology, but we are also a proven leader in accounting and finance, sales and marketing, human resources, supply chain, and legal talent acquisition. We offer contract and permanent staffing, executive search, talent mapping, management consultancy, and contractor payroll management.

LeverageTek is an equal opportunity employer. We offer a welcoming and inclusive environment in service to one another, our customers, the candidates we represent, and the diverse communities we call home. We do all of this with kindness, empathy, and respect for each other. LeverageTek is committed to employment equity and creating a diverse and inclusive workplace. We welcome applications from all qualified individuals regardless of race, religion, gender, national origin, age, disability, and marital status.

Accessibility accommodations are available upon request