This list contains only the countries for which job offers have been published in the selected language (e.g., in the French version, only job offers written in French are displayed, and in the English version, only those in English).
We are seeking a highly credentialed Sr. Cybersecurity Analyst for a 24-month engagement in Toronto. This role is focused on the Governance, Risk, and Compliance (GRC) aspects of both Information Technology (IT) and Operational Technology (OT) environments. You will lead critical risk mitigation efforts, conduct comprehensive Privacy Impact Assessments (PIAs), and establish robust security governance frameworks to protect the City's infrastructure and critical cyber systems.
Job Responsibility
Risk Assessment Leadership: Conduct end-to-end security and privacy risk assessments for new and existing systems, analyzing controls and evaluating security architecture across IT and Industrial (OT) environments
Privacy & Compliance: Lead Privacy Impact Assessments (PIAs) and ensure strict adherence to Canadian regulations including PHIPA, MFIPPA, CASL, and the Critical Cyber Systems Protection Act (CCSPA)
Governance Frameworks: Develop, enhance, and communicate enterprise-wide security policies, standards, and procedures aligned with frameworks such as NIST CSF, ISO 27001/2, and ISA/IEC 62443
Vulnerability Management: Analyze security controls and perform gap assessments to validate program compliance, facilitating the remediation of control gaps and escalating critical risks to leadership
Third-Party Risk Management (TPRM): Perform due diligence on third-party vendors and review security sections of procurement documents (RFIs/RFPs, Contracts, POs) to ensure vendor adherence to security standards
Compliance Design: Design and document technical, administrative, and physical controls to meet both the requirements and the intent of regulatory obligations
Predictive Risk Analytics: Provide focused risk analytics to de-risk business strategies, optimize capital use, and ensure business objectives are met securely
Requirements
10+ years in Information Technology, with 7+ years of dedicated Cybersecurity experience in GRC and 5+ years specifically conducting Privacy Risk/Impact Assessments
Must hold either CRISC or CISSP
Deep knowledge of NIST CSF, ISO/IEC 27001, ISA/IEC 62443 (OT/ICS), NERC CIP, and SOC2
Strong background in Security Architecture (Cloud/Hybrid/OT) and networking principles (TCP/IP, SAMLv2, OAuth, SSL/TLS)
Expert application of Canadian privacy and cyber security legislation
University degree in Computer Science, Cybersecurity, or a related field
Exceptional written and verbal communication skills with fastidious attention to detail and a proven ability to manage multiple priorities in a fast-paced environment
What we offer
Long-Term Impact: A 24-month term allows for the deep implementation of a mature security posture across a large municipal ecosystem
OT/IT Convergence: Gain high-value experience protecting both traditional enterprise IT and critical industrial operational technology
Strategic Visibility: Influence high-level policy and strategy while providing predictive analytics to senior leadership
Professional Growth: Work at the intersection of privacy law and technical cybersecurity, a high-demand niche in the current market