12 MO CONTRACT
2-3 days a week Downtown, Toronto
Required Skills & Experience
• 7+ years of experience in information security, technology risk, cybersecurity governance, audit, or compliance roles.
• Extensive experience working with Audit, Operational Risk Management (ORM), regulators, and risk stakeholders.
• Strong understanding of cybersecurity frameworks, technology controls, and regulatory requirements.
• Experience testing and assessing technology controls
• Experience developing remediation plans and managing enterprise-level risk initiatives.
• Proven ability to lead complex audit, compliance, and governance activities involving multiple stakeholders.
• Experience developing and reporting KPIs/KRIs related to security and risk management.
Nice to Have Skills & Experience
• CISSP, CISA, CISM, CRISC, or equivalent cybersecurity certifications.
• Experience with GRC platforms and governance tools such as Jira, Confluence, SharePoint, or similar solutions.
• Experience supporting large-scale vulnerability management, patching, or technology risk programs.
• Experience within banking, financial services, or another highly regulated industry.
• Exposure to enterprise security governance, risk reporting, and regulatory examinations
Job Description
The Information Security Specialist will serve as a senior subject matter expert within the Vulnerability Remediation Office (VRO), leading audit, regulatory, and enterprise risk initiatives. This individual will drive security governance activities, provide strategic guidance on technology controls, and partner with stakeholders across the organization to strengthen compliance and risk management practices.
Day-to-Day Responsibilities
• Lead regulatory and internal audit engagements, including evidence collection, reporting, and stakeholder management.
• Perform risk and control assessments and develop remediation strategies for identified control gaps.
• Advise technology and business partners on security controls, information security standards, and governance requirements.
• Support enterprise technology risk reporting, KPI/KRI development, and control effectiveness tracking.
• Collaborate with infrastructure, engineering, and security teams to ensure compliance with security policies and remediation standards.
• Contribute to the development and enhancement of security frameworks, standards, policies, and risk management practices.