Senior Cyber Security Specialist

Project Overview

Supply Ontario is expanding and maturing its cyber security program to strengthen security posture, protect sensitive data, and ensure continuity of operations amid evolving cyber threats. The initiative will establish a comprehensive program with continuous improvement of proactive and reactive controls across confidentiality, integrity, and availability, spanning cloud security, vulnerability management, cyber risk management, security operations, incident response, threat intelligence, security architecture, policy, compliance, and training.

Key Responsibilities

• Support the development and continuous improvement of a comprehensive cyber security program aligned to organizational needs, risk profile, and regulatory requirements
• Define and implement cloud security strategies, architectures, and controls to ensure secure adoption and operation of cloud services
• Support the maturity of Security Operations Center (SOC) capabilities, including monitoring, detection, investigation, and response processes
• Establish and support effective vulnerability management capabilities, including scanning, prioritization, remediation tracking, and risk reporting
• Coordinate cyber security projects and initiatives, including planning, scheduling, risk management, stakeholder communication, and delivery oversight
• Define, track, and report on cyber security KPIs and metrics to measure program effectiveness, support risk-based decisions, and drive continuous improvement
• Support the development, maintenance, and governance of cyber security policies, standards, and procedures aligned to industry best practices
• Conduct and support cyber risk and threat assessments, including identification of vulnerabilities and development of mitigation strategies
• Support and coordinate incident response activities, including preparation, detection, containment, eradication, recovery, and post-incident analysis
• Establish and maintain relationships with cyber security vendors and service providers, including performance monitoring and alignment to security requirements
• Support compliance activities, including regulatory alignment, internal/external audits, and security assessments
• Support cyber security awareness and training initiatives to strengthen organizational security culture
• Evaluate, recommend, and support implementation of cyber security tools, technologies, and controls to improve security posture
• Produce regular reporting on cyber security posture, risks, incidents, vulnerabilities, and compliance status for stakeholders
• Define, evaluate, and assess security architecture requirements for enterprise systems and IT projects, ensuring security-by-design principles are applied
• Ensure security and contingency measures are integrated into system development and operational processes
• Provide after-hours support as required for security events or high-priority operational needs

Qualifications & Requirements

REQUIRED

• Must be able to work 5 days onsite per week
• 7+ years of hands-on cyber security experience supporting security operations, incident response, threat intelligence, secure architecture, and other security assurance activities
• Experience designing, implementing, and securing cloud environments (e.g., Azure), including cloud-native security controls and architecture best practices
• Strong experience supporting and coordinating incident response activities, including cross-functional coordination and incident lifecycle management
• Demonstrated experience in project delivery, including planning, coordination, stakeholder engagement, and execution of security initiatives
• Strong business analysis skills, including requirements gathering, documentation, and translating business needs into security solutions and risk-based recommendations
• Strong knowledge of cyber risk management frameworks and conducting threat risk assessments with associated mitigation strategies
• In-depth knowledge of industry standards and frameworks such as NIST 800-53, ISO/IEC 27001, and CIS Controls
• Experience working with SOC audit reports (including SOC 2 Type II) and supporting audit/compliance activities
• Strong understanding of cyber security concepts including vulnerabilities, threats, encryption, defense-in-depth, authentication, risk management, and security operations
• Knowledge of threat modeling and adversary frameworks such as Cyber Kill Chain, MITRE ATT&CK, Diamond Model, and IOCs
• Experience supporting vulnerability management, including scanning, prioritization, remediation tracking, and reporting
• Experience supporting cyber security awareness and training programs across organizations
• Strong experience managing cyber security vendors and service providers, including performance oversight and service level management
• Ability to adapt to changing priorities in agile or evolving project environments
• Experience coordinating and supporting security architecture requirements for systems and enterprise IT projects

NICE TO HAVE

• Bachelor’s degree in Information Technology, Computer Science, Cyber security, or related discipline
• Relevant certifications such as CISSP, CCSP, SSCP, Security+, or GIAC certifications

Key Skills & Competencies

Azure, Cloud security, Cloud architecture, Security operations, SOC, Incident response, Threat intelligence, Vulnerability management, Vulnerability scanning, Threat modeling, MITRE ATT&CK, Cyber Kill Chain, Diamond Model, IOCs, NIST 800-53, ISO/IEC 27001, CIS Controls, SOC 2 Type II, Cyber risk management, Threat risk assessments, Security architecture, Security controls, Encryption, Authentication, Defense-in-depth, Security policies, Compliance, Security assessments, Security awareness training, KPIs, Security metrics