Overview
Our Client is seeking two Senior Security Specialists with extensive experience in Threat Risk Assessments (TRA), threat modeling, vulnerability assessment, and security risk management.
The successful candidates will support the growth and maturity of the Security Risk Management and Information Security Office by conducting end-to-end risk assessments, identifying security risks, developing threat models, and recommending mitigation strategies aligned with industry standards and regulatory requirements.
Key Responsibilities
- Conduct comprehensive Threat Risk Assessments (TRAs) across systems, applications, business processes, and organizational assets.
- Identify, evaluate, and prioritize security threats and vulnerabilities.
- Develop and apply threat modeling methodologies to assess risk exposure.
- Analyze the likelihood and impact of security threats and risk scenarios.
- Maintain risk registers and document identified risks, owners, and remediation plans.
- Produce detailed assessment reports and executive-level summaries.
- Collaborate with business and technical stakeholders to understand risk tolerance and business objectives.
- Recommend practical mitigation and remediation strategies.
- Support security governance, audit, compliance, and risk management initiatives.
- Ensure alignment with organizational, regulatory, and industry security standards.
- Contribute to continuous improvement of security risk management practices and frameworks.
- Stay current with emerging cybersecurity threats, vulnerabilities, and best practices.
Mandatory Qualifications (10+ Years)
Candidates Must Demonstrate - Deep knowledge of risk management frameworks such as:
- ISO 31000
- NIST Risk Management Framework (RMF)
- Strong experience with threat modeling methodologies such as:
- Expertise in:
- Threat identification and analysis
- Vulnerability assessment
- Risk prioritization across cyber, physical, and operational environments
- Strong analytical and risk assessment capabilities, including:
- Risk assessment matrices
- Risk scoring methodologies
- Excellent communication and reporting skills with experience presenting findings to:
- Technical teams
- Senior leadership
- Executive stakeholders
- Knowledge of legal, regulatory, and compliance requirements, including:
- PHIPA/PHIPAA
- Industry security standards
- Ability to proactively identify emerging threats and adapt to changing risk landscapes.
Desired Skills & Experience
Risk Management & Assessment (10 15 Years) - Conducting TRAs using frameworks such as:
Threat Modeling (10 15 Years) - Experience with:
- Creation of:
- Data flow diagrams
- Attack trees
- Threat models
Information Security Governance (7+ Years) - Strong understanding of:
- ISO 27001
- NIST Cybersecurity Framework (CSF)
- CIS Controls
Communication & Reporting (10+ Years)
- Executive reporting
- Technical documentation
- Risk registers
- Stakeholder presentations
Key Deliverables
The Consultant Will Be Expected To Produce
- Threat Risk Assessment (TRA) Reports
- Risk Registers
- Threat Modeling Diagrams
- Risk Assessment Matrices
- Asset Inventory and Classification Documentation
- Vulnerability Assessment Reports
- Security Gap Analysis Reports
- Mitigation and Remediation Plans
- Executive Summaries
- Compliance Mapping Documentation
- Stakeholder Presentation Decks
