Cyber Risk Assessor

89054
Toronto, ON
Contract
7 hours ago
Cyber Risk Assessor
Hybdrid, 3 days on site, Toronto ON
Contract Duration: 6 months + 6 months

Description of Assignment

The Cyber Risk Assessor will support the Division by providing subject matter expertise and operational support across security architecture review, Identity and Access Management (IAM), and cloud security assessment within the Cyber Architecture and Applications portfolio.

The Cyber Risk Assessor will conduct security and architecture assessments, threat modeling, and design/solution reviews across applications, platforms, and cloud environments. The role will identify cybersecurity and IAM control gaps, evaluate risks against the client security standards and best practices, and recommend actionable remediation options to strengthen the client’s overall security posture. As a member of the  Division, the Cyber Risk Assessor will provide resource augmentation and specialized expertise in cyber advisory services and risk assessment delivery.

The successful candidate will be an experienced cyber risk management professional with strong technical and business transformation acumen, demonstrated solution delivery leadership, and a proven track record of driving alignment between business and technical stakeholders. This role will enable consistent execution of security architecture and IAM priorities including secure design, identity governance, privileged access, and secure cloud adoption through practical guidance, clear risk articulation, and effective stakeholder engagement.
The Specialist will be working a hybrid work model but is subject to change, the Specialist is required to work from Metro Hall located at 55 John Street in Toronto – minimum 3 days per week. The current hybrid work arrangement can change due to the client mandate and/or at discretion of  Senior Management and may be required to report to work at specified location up to 5 days per week during the term of the contract. The successful candidate will be working seven
(7) hours per day, five (5) days per week based on normal working Business Hours.

The client reserves the right to disqualify any resource proposed by a Supplier if that resource has previously been engaged as a contractor with the client.Assignment Duties
 

Conduct security architecture reviews for new and existing technology solutions (applications, integrations, infrastructure, and cloud services), ensuring designs align with enterprise security standards, architectural principles, and secure?by?design practices.

 

???????Perform cyber risk assessments and control gap analyses across programs and projects, documenting risk statements, likelihood/impact, and recommended mitigations that are practical within public sector delivery constraints.

 

???????Lead threat modeling activities (e.g., data flow analysis, trust boundaries, misuse/abuse cases) to identify design weaknesses early, reduce downstream remediation effort, and strengthen overall solution resilience.

 

  1. Assess and advise on IAM architecture and controls, including authentication and authorization patterns, least privilege, role/entitlement design, privileged access management (PAM), identity lifecycle processes (joiner/mover/leaver), and segregation of duties.
  2.  
  3. Evaluate cloud security architecture and posture across IaaS/PaaS/SaaS implementations, including landing zone and guardrail controls, encryption and key management, secrets management, logging/monitoring, network segmentation, and secure configuration baselines.
  4.  
  5. Support enterprise governance and assurance gates by producing and maintaining required security artifacts (e.g., security assessment reports, threat models, control mappings, risk acceptances, conditions of approval) and contributing to architecture/security review forums.

 

  1. Collaborate with cross?functional stakeholders (delivery teams, enterprise architecture, infrastructure/operations, privacy, legal, procurement, and service owners) to translate security requirements into implementable solutions and ensure operational readiness.
  2.  
  3. Assess third?party and vendor solution risks by reviewing security architecture, IAM integration approaches, cloud control claims, and evidence of control effectiveness, supporting procurement and due diligence activities as needed.
  4.  
  5. Provide clear, defensible documentation and communication for technical and non?technical audiences, including executive summaries that articulate risk, trade?offs, residual exposure, and decision points to support accountable decision?making.
????
Track remediation actions and risk treatment outcomes, validating closure of security findings, confirming implementation of compensating controls where required, and escalating material risks through appropriate governance channels.

 

  1. Contribute to continuous improvement by identifying recurring systemic gaps (architecture, IAM, cloud), recommending updates to standards/patterns, and promoting reusable security reference architectures and templates
  2.  
  3. Experience and Qualifications

 

  1. ???????Post-secondary degree in Business, Technology, Information Security, Computer Science, Engineering, or a related discipline; or an equivalent combination of education and demonstrated experience.

 

    1. Extensive experience conducting security architecture reviews, cyber risk assessments, and threat modeling for enterprise-scale solutions (applications, integrations, infrastructure, and cloud services) in a large, complex environment.

 

    1. Demonstrated expertise in Identity and Access Management (IAM), including authentication and authorization design, RBAC/ABAC patterns, privileged access management (PAM), identity lifecycle processes (joiner/mover/leaver), and segregation of duties.

 

    1. Strong understanding of security frameworks, industry standards, and control baselines, such as NIST (CSF/800-series), ISO/IEC 27001/27002, CIS Controls/Benchmarks, CSA Cloud Controls Matrix (CCM), and relevant privacy/security requirements.

 

    1. Experience assessing security controls across cloud and hybrid environments (IaaS/PaaS/SaaS), including secure landing zones/guardrails, encryption and key management, logging/monitoring, vulnerability management, secrets management, and secure configuration practices.
    2. Working knowledge of cloud platforms and security services (e.g., Microsoft Azure, AWS, Google Cloud), including native IAM capabilities and security tooling used to enforce and monitor controls.

 

    1. Experience with application and platform security concepts, including secure SDLC, CI/CD considerations, container and/or serverless patterns, API security, network segmentation, and secure integration design.
    2. Proven ability to produce clear, defensible security documentation and artifacts (e.g., risk assessments, threat models, control mappings, security requirements, residual risk statements, and risk acceptance recommendations) suitable for governance, audit, and executive reporting.

 

    1. Demonstrated knowledge of governance and assurance processes in regulated or public sector environments, including support for security/privacy review gates, procurement/vendor risk due diligence, and evidence-based decision making.

 

    1. Demonstrated ability to communicate and coordinate effectively across diverse stakeholders, including internal teams, senior leadership, business partners, and external vendors.

 

    1. Proven ability to influence outcomes and achieve objectives through collaboration, stakeholder engagement, and sound judgment.

 

    1. Demonstrated critical thinking, problem solving, and strategic planning skills, applied across diverse types of work and delivery contexts.
    2. Preferred certifications (at least two): CISSP, CISM, CRISC, CCSP, CCSK, GIAC (e.g., GCSA/GCLD), TOGAF, ISO 27001 (LA/LI), or vendor-specific cloud security certifications (e.g., Azure/AWS Security).

 

  1. Deliverables

 

    1. Status reports and risk assessments reports
    2. All deliverables outlined in Section 2 – Assignment Duties
    3. Other deliverables as directed by management

The pay range that the employer reasonably expects to pay for this position is between CA$80.00 and CA$110.00

Our voluntary benefits offering includes medical, dental, vision and retirement benefits.

This posting is for an existing vacancy.

If you believe this post to be fraudulent, please report by clicking here

Tundra Technical Solutions is a global workforce and technology delivery firm, ranked by Staffing Industry Analysts as one of the largest in North America. At Tundra, we aren't just hiring top talent at the world's most recognizable brands; we are pioneers of social recruitment. We are an equal opportunity employer, and we do not discriminate on the basis of race, religion, color, national origin, sex, sexual orientation, age, veteran status, disability, genetic information, or other legally protected characteristics. We welcome and encourage diversity in the workplace.

We use artificial intelligence tools to help our recruiters screen and assess talent. These tools do not replace human decision making in the process.

Not interested in this position, but know somebody who might be? Check out our Referral Reward Program, referrals are a big secret behind our success. As always, we’re on the lookout for great people. And we know that you know great people!