Contract Duration: 18 months with possibility of extension
Job Description:
- Lead the creation, drafting, and finalization of comprehensive cyber system risk reports for internal clients and stakeholders.
- Translate and synthesize complex technical findings from Threat and Risk Assessments (TRAs) and penetration tests into clear, actionable business insights for non-technical stakeholders.
- Quickly integrate into the existing Assurance team workflow and manage the cyber risk reporting queue for the duration of the engagement.
- Apply industry-standard cyber risk frameworks, including National Institute of Standards and Technology (NIST) and the Harmonized Threat and Risk Assessment (HTRA) methodology, to assess, document, and communicate risk.
- Document, track, and report cyber risks in ServiceNow Governance, Risk Compliance (GRC), including risk register entries, treatment plans, exceptions, and remediation tracking.
- Convert technical vulnerability and threat findings into clear business impact statements and risk treatment recommendations for senior stakeholders.
- Support governance forums, internal audit, and regulatory inquiries with clear written and verbal communication of cyber risk posture.
- Maintain the quality, consistency, and timeliness of the Assurance team's reporting outputs across the engagement.
- Provide guidance to team members on report quality, framework alignment, and effective risk articulation, as required.
- Produce documentation, artifacts, and reporting required for stakeholders, governance forums, and leadership.
- Other activities and deliverables, as required.
Required Skills:- University Degree or College Diploma in computer science, information security, risk management, or a related field.
- A minimum of five (5) years of recent demonstrated experience in cyber security, technology risk, or a related discipline.
- A minimum of three (3) years of recent demonstrated experience producing executive-grade cyber risk reports for senior business and technology stakeholders.
- Demonstrated working knowledge and practical application of (NIST) cyber security risk frameworks (e.g., NIST CSF, NIST SP 800-30, NIST SP 800-53).
- Demonstrated working knowledge and practical application of the Harmonized Threat and Risk Assessment (HTRA) methodology.
- Demonstrated recent hands-on experience using ServiceNow GRC for documenting, tracking, and reporting on cyber risks, including risk register and issue management modules.
- Demonstrated experience interpreting penetration test and Threat & Risk Assessment (TRA) outputs and converting them into clear, actionable business language.
- Demonstrated strong written and verbal communication skills, with the ability to deliver sensitive risk information to business leaders in a clear, objective, and consultative manner.
- Demonstrated strong knowledge of common cyber vulnerabilities, exploit methods, and risk remediation strategies, with the ability to map technical risks to business impact.
- Demonstrated ability to work independently, manage competing priorities, and integrate quickly into an existing team's workflow.
- Demonstrated ability to enforce consistency in language, risk articulation, and formatting across multiple reports, ensuring alignment with enterprise reporting expectations.
- Demonstrated experience leveraging AI-assisted tools to support analysis, content generation, or data processing, with a focus on maintaining accuracy, confidentiality, and alignment with organizational standards.
- Demonstrated strong data comprehension, including the ability to differentiate between structured and unstructured data, understand relationships across data elements, and apply data management principles to ensure consistent, accurate, and reusable reporting outputs.
Desired Skills:- Demonstrated experience working in financial services, central banking, or other regulated environments and aligning to supervisory expectations.
- Demonstrated knowledge of ISO/IEC 27001 / 27002 / 27005 and other risk management frameworks.
- Demonstrated experience supporting third-party risk management, cloud risk management, or vendor assurance activities.
- Demonstrated experience working alongside vulnerability management, red/blue team, or incident response functions.
- Demonstrated experience integrating ServiceNow GRC with related modules (e.g., ServiceNow Vulnerability Response, IRM) to streamline risk reporting.
- Demonstrated experience converting cloud and emerging-technology risks (e.g., Azure, hybrid cloud, AI) into executive ready risk reporting.
- Demonstrated familiarity with the bank operating environment and Canadian federal cyber security requirements and expectations.
- Relevant certifications are considered an asset (e.g., CISSP, CISM, CRISC, CISA, ISO/IEC 27001 Lead Auditor, ServiceNow Certified Implementation Specialist - Risk and Compliance).
About US Tech Solutions:
US Tech Solutions is a global staff augmentation firm providing a wide range of talent on-demand and total workforce solutions. To know more about US Tech Solutions, please visit www.ustechsolutions.com
US Tech Solutions is an Equal Opportunity Employer. All qualified applicants will receive consideration for employment without regard to race, colour, religion, sex, sexual orientation, gender identity, national origin, disability, or status as a protected veteran.
AI Statement: By applying, you acknowledge that AI-assisted tools may be used during hiring.
