CAN – Security Specialist V (Cyber Risk Reporting / GRC) (Contract)
Start Date: ASAP
Duration: 8 months
Extension: Possible (based on business needs and performance)
Conversion: Possible (based on business needs and performance)
Schedule: Mon–Fri, core business hours (37.5 hrs/week)
Location: Hybrid – Toronto, ON (2 days onsite; may increase to 4 days)
Overtime: No
Role Overview
Seeking a senior Security Specialist to lead the design, governance, and operationalization of cybersecurity metrics and reporting across GRC and security domains. This role owns the full lifecycle of KRIs/KPIs—from strategy and design through implementation, data quality, executive reporting, and continuous improvement—partnering with domain leaders to translate security strategy and risk appetite into actionable, trusted metrics.
Key Responsibilities
- Define and standardize security metrics (KRIs/KPIs), including taxonomy, thresholds, and escalation logic
- Facilitate stakeholder alignment on metric definitions, ownership, and performance expectations
- Drive implementation and automation of metrics into BI/reporting workflows
- Develop executive-ready dashboards and reporting with clear narratives and insights
- Establish data quality controls, documentation, and governance to ensure metric integrity
- Reduce manual reporting and improve adoption and trust across domains
Required Qualifications
- 8+ years of experience in cybersecurity metrics, cyber risk reporting, GRC, or BI supporting InfoSec/IT
- Strong understanding of security domains (SOC/IR, Vulnerability, IAM/PAM, Cloud, AppSec, Third-Party Risk)
- Advanced Excel and strong PowerPoint (executive storytelling)
- Experience with at least one BI tool (Power BI, Tableau, or Qlik)
- Strong written/verbal communication; comfortable presenting to executives
Nice to Have
- Knowledge of frameworks (NIST CSF/800-53, ISO 27001, CIS Controls)
- Experience with automation/data sources (ServiceNow IRM/GRC/SecOps, Archer, Splunk/Sentinel, CrowdStrike, Qualys/Tenable)
- Certifications (CISSP, CISM, CRISC, Security+, ITIL)
- Experience building KPI/KRI governance programs
- Banking/financial services experience
Note: We use AI tools to obtain basic information, detect plagiarism, false employment history or references, categorize skills, and perform an initial match against the job posting.
