Role: Senior Information Security Advisor
Location: North York, ON
Type: Contract
Rate: CAD55/hr - CAD65/hr
Note: Reliability Clearance in a must have.
Role Overview:
We are seeking an experienced Senior Information Security Advisor to support enterprise initiatives by assessing information security risks, providing security consulting, and ensuring compliance with organizational security policies and industry best practices. The successful candidate will partner with business and technology teams to identify, evaluate, and mitigate security risks across projects, applications, cloud environments, and third-party vendors.
Key Responsibilities
- Conduct Information Security Risk Assessments (ISRAs) for business initiatives, applications, and technology projects.
- Perform security reviews of third-party vendors and suppliers, identifying risks and recommending mitigation measures.
- Review contracts and agreements to ensure appropriate security requirements and controls are incorporated.
- Provide guidance on information security best practices and support the implementation of effective security controls.
- Evaluate proposed solutions and initiatives for alignment with organizational security policies, standards, and regulatory requirements.
- Partner with business, technology, compliance, legal, privacy, and risk management teams to address security concerns and improve overall security posture.
- Assess cloud-based platforms, SaaS solutions, and technology services from a security and risk perspective.
- Identify, document, track, and report information security risks and support remediation efforts with risk owners.
- Prepare reports and presentations outlining assessment findings, risk levels, remediation recommendations, and ongoing security activities.
- Support policy exception reviews and provide recommendations regarding security-related decisions.
- Stay current with emerging cybersecurity threats, vulnerabilities, technologies, and industry trends.
Required Qualifications
- Minimum 7+ years of experience in Information Security, Cybersecurity, Information Technology, or a related field.
- Strong background in Information Security Risk Management and security assessment methodologies.
- Deep understanding of security principles, frameworks, standards, and best practices.
- Experience assessing and mitigating security risks across enterprise applications, infrastructure, and technology initiatives.
- Strong knowledge of cybersecurity technologies such as:
- Encryption
- Firewalls and Web Application Firewalls (WAF)
- Intrusion Detection and Prevention Systems (IDS/IPS)
- Data Loss Prevention (DLP)
- Security Information and Event Management (SIEM)
- Advanced Threat Protection solutions
- DDoS mitigation technologies
- Experience conducting cloud security assessments in AWS, Azure, and SaaS environments.
- Knowledge of common cyber threats, attack vectors, and corresponding security controls.
- Experience reviewing security requirements within contracts, vendor agreements, or procurement processes.
- Bachelor's degree, college diploma, or equivalent education/training in Computer Science, Information Technology, Cybersecurity, Information Security, Risk Management, or a related discipline.
Preferred Qualifications
- Professional certifications such as:
- CISSP
- CCSP
- CISM
- CISA
- Other relevant cybersecurity certifications
- Experience working in highly regulated enterprise environments.
- Familiarity with security governance, risk, and compliance practices.
Skills & Competencies
- Excellent verbal and written communication skills.
- Ability to communicate complex technical concepts to non-technical stakeholders.
- Strong analytical, problem-solving, and risk assessment capabilities.
- Exceptional stakeholder management and consulting skills.
- Ability to influence decisions and drive consensus across cross-functional teams.
- Self-motivated with the ability to work independently and manage multiple priorities.
- Strong report-writing, documentation, and presentation skills.
- Strategic thinker with a proactive approach to security risk management.
Nice to Have
- Knowledge of security frameworks such as NIST, ISO 27001, CIS Controls, or similar standards.
- Experience with enterprise cloud security governance and architecture reviews.
- Exposure to privacy, regulatory compliance, and third-party risk management programs.