Cyber Security Specialist

Cybersecurity Vendor Risk & Compliance Specialist

📍 Location: Toronto, ON (Hybrid – 2 days onsite)

📅 Contract Length: 7 months (CAD 70-75/Hour)

🔒 Security & GRC | Vendor Risk | Policy Governance

We are hiring an experienced Cybersecurity Vendor Risk & Compliance Specialist to support a fast-moving security team responsible for protecting enterprise operations from third-party and internal threats. This is a fantastic opportunity for someone who enjoys working across technical and business teams to shape cybersecurity programs and reduce risk.

You’ll play a key role in leading risk assessments, developing governance policies, and working directly with internal stakeholders and vendors to ensure security and compliance at every level of solution delivery.

🔍 What You’ll Do:

• Lead end-to-end vendor security assessments, including risk identification and mitigation planning
• Collaborate with internal teams to define cybersecurity requirements for third-party solutions
• Review vendor contracts during the RFP process to ensure compliance with internal security policies
• Develop and improve cybersecurity governance frameworks, policies, procedures, and control documentation
• Support internal audits, regulatory assessments, and readiness reporting
• Provide clear, well-documented risk reports and present findings to leadership
• Stay current on cybersecurity frameworks and best practices to support ongoing risk management efforts

✅ What You Bring:

• 7+ years of experience in cybersecurity, risk management, or GRC roles
• Strong background in vendor risk assessments and third-party risk management
• Hands-on knowledge of security standards such as PCI-DSS, NIST, ISO 27001
• Previous involvement in RFP, procurement, or contract security review cycles
• Experience working cross-functionally with legal, IT, procurement, and security teams
• Professional certifications such as CISSP, CISM, CCSP, or CISA are strongly preferred
• Excellent written and verbal communication skills — able to present risks and recommendations clearly
• Proficiency with tools like ServiceNow, OneTrust, or similar GRC platforms is a plus

🧩 Nice to Have:

• Experience in regulated or public sector environments
• Background in compliance training or cybersecurity awareness programs
• Familiarity with audit preparation and remediation