Senior Specialist, Cyber Compliance Program

Senior Specialist, Cyber Compliance Program

Location: Toronto, ON (Hybrid)

Estimated Duration: 6 months

Senior Specialist – Cyber Compliance (IT/OT)
The Senior Specialist – Cyber Compliance Program will assess cybersecurity compliance, supporting the CISO division, and relevant stakeholders. This role ensures alignment with cybersecurity standards and frameworks.
Duties

• Conduct cybersecurity compliance assessments of the Client and their affiliates' environments  
• Participate in regular cybersecurity compliance review to assess and improve the Client's cyber security posture. 
• Contribute to the development of Cyber Compliance Program, IT & OT methodologies, and processes for improving security assessments. 
• Assess IT and OT systems, networks, and applications to identify potential vulnerabilities, risks, and areas of improvement. 
• Evaluate security frameworks, policies, and controls against industry standards and regulatory requirements (e.g., NIST, ISA-62443, etc). 
• Prepare detailed reports documenting findings, including identified vulnerabilities, risks, and recommendations for mitigation strategies. 
• Work closely with Business, OT, IT, network security, and other stakeholders to ensure security practices are integrated into systems and projects. 
• Assist with preparing compliance documentation for reviews. 
• Test and validate security controls such as firewalls, encryption, access controls, and intrusion detection/prevention systems (IDS/IPS) for effectiveness. 
• Recommend improvements to the cybersecurity posture based on test results. 
• Provide expert guidance on security best practices, risk management, and threat mitigation to internal teams and management. 
• Document assessment processes, findings, and remediation steps in clear, concise, and comprehensive reports. 

Experience and Qualifications

• Post-secondary degree or diploma in Engineering or Technology or a related discipline 
• A minimum of 6-8 years hands-on experience with securing IT and OT domains in Government jurisdictions and or large private sector organizations. 
• Strong foundational Operational Technology, IT and cybersecurity knowledge 
• Extensive experience with Industrial Control Systems, PLCs, and SCADA Systems 
• Technical expertise in IT/OT integration and convergence. 
• Expertise in security protection solutions including firewall, intrusion detection and protection systems, web application firewalls, anti-virus, and security monitoring solutions. 
• Cyber Certifications are an asset such as?CISSP, CCSP, CISM, ISA, GIAC, GRID 
• Experience with Incident Response planning in IT and preferably OT environments. 
• Strong Proficiency in MS Office specifically MS Visio, Excel, PowerPoint, Project, SharePoint 
• Tenacious and willing to support the team during peak volumes and workloads with various activities. 
• Ability to achieve business objectives through influencing and effectively working with key stakeholders. 
• Excellent written & verbal communication skills (comfortable & confident communicating at all levels including business partners, leadership and vendors 
• Demonstrated ability to prioritize and effectively manage competing priorities and projects in flight and planned. 

Deliverables

• Track cyber risks / create and maintain cyber risk registry and Action Plan with assignment, due date etc. for remediation of cyber risks in CI environments.
• Design, review and make recommendations to improve on secure network architecture and technology roadmaps.
• Reports and presentations for all levels of management and stakeholders.
• Provide input to cyber Incident Response processes and artefacts applicable to CIs.
• Provide input to cyber Governance artefacts (policies, standards) and practices applicable to CIs.
• Other duties/deliverables as assigned for CI cybersecurity governance and compliance.