About this role
RQ00671 - 2 x Sr. Security Specialist 2 openings - 2 submissions 10-month contracts (195 business days)
ONSITE 5 days - 525 University Avenue Must Haves: 10+ years of experience in all of the following: • In-depth knowledge of risk management frameworks (e.g., ISO 31000, NIST RMF) and threat modelling methodologies (e.g., STRIDE, DREAD). • Expertise in identifying, evaluating, and prioritizing threats and vulnerabilities across physical, cyber, and operational domains. • Strong analytical skills to assess potential impacts and likelihoods of various threat scenarios. • Proficiency risk assessment matrices • Excellent communication and reporting abilities to effectively present findings and risk mitigation strategies to both technical teams and executive stakeholders. • Familiarity with legal, regulatory, and compliance requirements, ensuring assessments align with organizational and industry standards (e.g., PHIPAA). • Proactive mindset and situational awareness to anticipate and adapt to emerging threats in a dynamic risk environment. Nice-to-have: • Public Sector experience
Description: The Security Specialist for Threat Risk Assessment, Threat Modelling, Vulnerability Assessment, Risk Identification will develop new workflows and contribute to the growth and maturity of the Security Risk Management and Information Security Office growth and maturity Responsibilities: The Senior Security Specialist will be responsible for conducting Threat Risk Assessments (TRA) plays a critical role in identifying, evaluating, and mitigating security risks across the organization's systems, processes, and assets. That includes participating in end-to-end risk assessment initiatives, developing and applying threat models, and working closely with stakeholders to understand business objectives and risk tolerance. The Senior Security Specialist will analyze vulnerabilities, assess potential threats, and determine the likelihood and impact of various risk scenarios, and will also be responsible for compiling detailed TRA reports, maintaining risk registers, and proposing actionable mitigation strategies and alignment with regulatory, industry, and organizational security standards, and effectively communicate findings to both technical teams and executive leadership. Additionally, the Security Specialist will contribute to the continuous improvement of risk management frameworks, support audit and compliance activities, and stay informed about emerging threats and security best practices. Desired Skills: • Risk Management & Assessment ? 10?15 years • Proven experience in conducting threat risk assessments using frameworks like ISO 31000, NIST RMF, or FAIR. • Threat Modeling ? 10?15 years • Practical knowledge of threat modeling techniques (e.g., STRIDE, PASTA, MITRE ATT&CK), including development of data flow diagrams and attack vectors. • Information Security Governance ? 7+ years • Strong understanding of security policies, standards, and controls aligned with ISO 27001, NIST CSF, and CIS Controls. • Communication & Reporting ? 10+ years • Skilled in writing technical and executive-level reports, risk registers, and presenting to stakeholders and leadership. Deliverables: • TRA Report: A comprehensive document outlining identified threats, vulnerabilities, risks, and proposed mitigation strategies, tailored to the organization's context. • Risk Register: A structured log of all identified risks, inclu