Security Specialist

GTT, LLC • Contract • Toronto, Ontario, Canada • C$ 90 - C$ 100 / hour • 5d ago

Primary Job Title:
Security Specialist

Alternate/Related Job Titles:
Cyber Risk Reporting Lead
Technology Risk Reporting Manager
Cyber Governance Reporting Lead
Issues Management & Insights Lead

Location:
Toronto, ON

Onsite Flexibility:
Hybrid (2 days onsite, 3 days remote; may increase to 4 days onsite in 2026)

Contract Details:

Position Type: Contract
Contract Duration: 8 months
Start: As Soon As Possible
Shift: M–F, core business hours (37.5 hours per week, 7.5 hours per day)
Pay Rate: C$90 – C$100/hr

Job Summary:
The Technology & Cyber Issues Reporting and Insights Lead is responsible for developing and delivering executive-level reporting and insights for cybersecurity and technology issues management, including control gaps, audit findings, regulatory matters requiring attention, risk acceptances/exceptions (as applicable), and corrective action plan progress.

This role synthesizes inputs from the Three Lines of Defense (3LoD) to create a consistent, defensible view of technology and cyber issue health including severity, aging, trends, root causes, themes/patterns, and risk impact. The role performs deep analysis of systemic issues and recurring control gaps and presents insights to senior leadership and risk committees. This position owns portfolio intelligence, reporting integrity, and governance-facing narrative, but does not own issue remediation execution.

Key Responsibilities:

Issues Portfolio Reporting & Governance Packs

Produce recurring issues management reporting for Technology Risk Committees, Cyber Governance forums, Operational risk committees, and senior leadership/board-level reporting as required
Create standardized portfolio views including issue aging (by severity, domain, owner), SLA breaches and overdue CAPs, open vs closed trends, issue reopen rates/repeat issues, thematic/systemic issues and recurring control gaps

3LoD Alignment & Reporting Integrity

Integrate and normalize reporting across the Three Lines of Defense:
- 1LoD: technology/cyber control owners, remediation teams
- 2LoD: cyber GRC/operational risk oversight
- 3LoD: internal audit results and findings
Ensure consistent “language of risk” across lines including severity tiers, materiality thresholds, taxonomy alignment, and defensible classification between issue vs control gap vs improvement item

Control Gap & Issues Trend Analysis (Patterns + Root Cause Themes)

Identify recurring failures in control objectives, systemic breakdowns, concentration risk, persistent audit repeats, or remediation failures
Perform thematic analyses across domains (IAM, VM, SOC, Cloud, AppSec, Data Protection), technology types, and control families
Develop forward-looking risk signals and insights into root causes and drivers

Executive Narratives & Committee Readouts

Translate portfolio data into clear storylines, drivers/root causes, risk impact narratives, and decision asks
Develop executive briefs and talking points for CISO/CIO/CRO
Challenge owners’ narratives when unsupported or inconsistent with data

Issues Data Quality, Evidence & Defensibility

Own portfolio reporting controls and evidence trails
Perform reconciliation between system-of-record and reporting outputs
Execute data quality checks and maintain audit-ready documentation
Maintain standard definitions for aging, breach logic, reopen logic, and closure evidence expectations

Continuous Improvement & Automation Enablement

Improve reporting through enhanced visuals, templates, automation of reporting feeds (e.g., Archer, ServiceNow IRM/GRC), and improved taxonomy
Define requirements for dashboards and analytics (not responsible for ETL pipeline builds)

Required Experience:

8+ years of cyber/technology risk or issues management experience
Demonstrated experience building leadership reporting packs covering issue health, audit/regulatory outcomes, and remediation tracking
Strong understanding of issues management lifecycle (identify validate remediate verify/close)
Strong knowledge of CAP governance, issue severity frameworks, and risk/control relationships
Exceptional written communication and executive storytelling skills
Strong executive presence and ability to influence senior stakeholders
Strong attention to detail and reporting defensibility

Nice-to-Have Experience:

Experience operating within a 3LoD model in a highly regulated industry (financial services, insurance, healthcare)
Familiarity with NIST 800-53, NIST CSF, ISO 27001, COBIT
Exposure to Archer, ServiceNow IRM, MetricStream, Jira
Experience consuming/reporting via Power BI or Tableau
Post-secondary education preferred
Certifications such as CRISC, CISA, CISSP, CISM

Required Skills:

Executive risk reporting and storytelling
Issues lifecycle governance and CAP oversight
Risk severity and materiality assessment

Preferred Skills:

3LoD operating model alignment
Control framework knowledge (NIST, ISO, COBIT)
GRC tooling familiarity

Additional Skills:

Strong judgment around escalation triggers
Strong process governance and delivery rigor
Ability to synthesize large volumes of complex data
Ability to influence and challenge across multiple stakeholder groups
Will not have access to customer data
Approximately 25% of time spent in meetings with internal partners
Disqualifiers: job hopping, short contracts, unexplained employment gaps

About the Client:
Top 10 bank in Canada and North America offering comprehensive financial solutions. Providing retail, commercial, wealth management, and wholesale banking services, the organization helps clients thrive in today’s evolving market.

About GTT:
GTT is a minority-owned staffing firm and a subsidiary of Chenega Corporation, a Native American-owned company in Alaska. We highly value diverse and inclusive workplaces and support Fortune 500 organizations across banking, financial services, technology, life sciences, biotech, utilities, and retail sectors throughout the U.S. and Canada.