IT - Security Specialist V
Spectraforce
Toronto, Ontario
2 hours ago
Job Description
Job Description: IT - Security Specialist V
Start Date: ASAP
Duration: 8 months with possible extension
Work Location
Possibility of any Additional Upcoming Furlough: Standard
Story Behind the Need
Reason for Request / Why Opened: Project support
Scope of Project: uplifting reporting space within GRC groups
Team Size / Culture: 10 people, collaborative working environment
Training Period: Client onboarding and hit the ground running
Selling Points of Position (CVP): Opportunity for long-term, very high visibility work with leadership team, opportunity to network and grow within bank
Candidate Profile Details
Degree / Level of Education: Post secondary is a nice to have – work experience is more important
Certifications Required: Nothing required
Years of Overall Experience: 8+ years with flexibility
How Performance Will Be Measured: hitting deliverables and timelines
Preferred / Ideal Candidate Background: banking or financial experience is an asset, strong BI tool experience and advanced level Excel skills
Role Summary
The Technology & Cyber Issues Reporting and Insights Lead is responsible for developing and delivering executive-level reporting and insights for cybersecurity and technology issues management, including control gaps, audit findings, regulatory matters requiring attention, risk acceptances/exceptions (as applicable), and corrective action plan progress.
This role synthesizes inputs from the Three Lines of Defense (3LoD) to create a consistent, defensible view of technology and cyber issue health: severity, aging, trends, root causes, themes/patterns, and risk impact. This includes deep analysis of systemic issues and recurring control gaps and presenting these insights to senior leadership and risk committees.
This role does not own issue remediation execution. It owns the portfolio intelligence, reporting integrity, and governance-facing narrative.
Typical Day-to-Day Responsibilities
Key Responsibilities
Issues Portfolio Reporting & Governance Packs
Produce recurring issues management reporting for:
3LoD Alignment & Reporting Integrity
Integrate and normalize reporting across the Three Lines of Defense:
Control Gap & Issues Trend Analysis (Patterns + Root Cause Themes)
Identify patterns such as:
Executive Narratives & Committee Readouts
Translate issue portfolio data into:
Challenge owners’ narratives when unsupported, unclear, or inconsistent with data.
Issues Data Quality, Evidence & Defensibility
Own portfolio reporting controls and evidence trails:
Continuous Improvement & Automation Enablement
Improve issues reporting through:
Core Skills & Competencies
Key Deliverables
Success Measures
Must-Have Hard Skills
1.) 8+ years of experience in cyber/technology risk, issues management, audit reporting, cyber GRC, or enterprise operational risk.
2.) Demonstrated experience building leadership reporting packs for:
Soft Skills
1.) Exceptional written communication and storytelling skills (ability to produce executive-ready narratives).
2.) Strong executive presence with the ability to challenge and influence senior stakeholders.
3.) Strong attention to detail
Nice-to-Have
1.) Experience working in a 3LoD operating model in a highly regulated environment (financial services/insurance/healthcare).
2.) Familiarity with control frameworks:
At SPECTRAFORCE, we are committed to maintaining a workplace that ensures fair compensation and wage transparency in adherence with all applicable state and local laws. This position’s starting pay is: $ 80.00/hr.
Start Date: ASAP
Duration: 8 months with possible extension
Work Location
- 2 days on site, 3 days work from home – 4 days on site at some point in 2026.
- There is a possibility of working at a different Hub location within Ontario, however, the Toronto office is highly preferred.
- Anchor Days: Flexible
- Address: 310-320 Front Street West Corporate, Toronto, Ontario
Possibility of any Additional Upcoming Furlough: Standard
Reason for Request / Why Opened: Project support
Scope of Project: uplifting reporting space within GRC groups
Team Size / Culture: 10 people, collaborative working environment
Training Period: Client onboarding and hit the ground running
Selling Points of Position (CVP): Opportunity for long-term, very high visibility work with leadership team, opportunity to network and grow within bank
Degree / Level of Education: Post secondary is a nice to have – work experience is more important
Certifications Required: Nothing required
Years of Overall Experience: 8+ years with flexibility
How Performance Will Be Measured: hitting deliverables and timelines
Preferred / Ideal Candidate Background: banking or financial experience is an asset, strong BI tool experience and advanced level Excel skills
The Technology & Cyber Issues Reporting and Insights Lead is responsible for developing and delivering executive-level reporting and insights for cybersecurity and technology issues management, including control gaps, audit findings, regulatory matters requiring attention, risk acceptances/exceptions (as applicable), and corrective action plan progress.
This role synthesizes inputs from the Three Lines of Defense (3LoD) to create a consistent, defensible view of technology and cyber issue health: severity, aging, trends, root causes, themes/patterns, and risk impact. This includes deep analysis of systemic issues and recurring control gaps and presenting these insights to senior leadership and risk committees.
This role does not own issue remediation execution. It owns the portfolio intelligence, reporting integrity, and governance-facing narrative.
- 25% of their day will be spent in meetings
- Interacting with internal partners
- Will the contractor have access to any customer data? No
Issues Portfolio Reporting & Governance Packs
Produce recurring issues management reporting for:
- Technology Risk Committees
- Cyber Governance forums
- Operational risk committees
- Senior leadership and board-level reporting as required
- issue aging (by severity, domain, owner)
- SLA breaches and overdue CAPs
- open vs closed trends
- issue reopen rates / repeat issues
- thematic/systemic issues and recurring control gaps
Integrate and normalize reporting across the Three Lines of Defense:
- 1LoD: technology/cyber control owners, remediation teams
- 2LoD: cyber GRC / operational risk oversight
- 3LoD: internal audit results and findings
- severity/criticality tiers
- materiality thresholds
- taxonomy alignment (risk/control/requirement)
- defensible classification between issue vs control gap vs improvement item
Identify patterns such as:
- recurring failures in the same control objectives
- systemic breakdowns (process, tooling, accountability)
- concentration risk (teams or platforms driving issue volume)
- persistent audit repeats or remediation failures
- domains (IAM, VM, SOC, Cloud, AppSec, Data Protection)
- technology types (legacy platforms, SaaS, endpoints)
- control families (access, logging, change mgmt, third party)
Translate issue portfolio data into:
- clear storylines
- drivers/root causes
- risk impact narratives (“why this matters”)
- clear asks and decisions
Challenge owners’ narratives when unsupported, unclear, or inconsistent with data.
Own portfolio reporting controls and evidence trails:
- reconciliation between issue system-of-record and reports
- data quality checks (missing owners, dates, severities)
- audit-ready documentation supporting committee materials
- aging calculation rules
- breach logic
- reopen logic
- issue closure evidence expectations
Improve issues reporting through:
- better visuals and templates
- automation of reporting feeds (e.g., Archer, ServiceNow IRM/GRC)
- better taxonomy and structured issue capture
- Excellent risk writing and executive storytelling
- Strong judgment: materiality, severity, and escalation triggers
- Deep attention to accuracy and consistency (reporting defensibility)
- Ability to influence and challenge across 1LoD/2LoD/3LoD
- Strong process governance and delivery rigor (deadlines / committees)
- Monthly/quarterly Technology & Cyber Issues Portfolio Pack
- Executive dashboards: aging, breaches, themes, repeats, closure health
- Thematic control gap reporting and systemic issue analysis
- Committee briefing notes, risk narratives, and action/decision logs
- Definitions document + reporting controls for defensibility
- Improved transparency and consistency in issue portfolio reporting
- Reduction in reporting disputes due to strong definitions + data controls
- Earlier detection of thematic/systemic control gaps
- Strong audit/regulatory defensibility of committee materials
- Leadership confidence in issue health interpretation and prioritization
1.) 8+ years of experience in cyber/technology risk, issues management, audit reporting, cyber GRC, or enterprise operational risk.
2.) Demonstrated experience building leadership reporting packs for:
- issue health
- audit/regulatory outcomes
- control performance and remediation execution tracking
- issues management lifecycle (identify → validate → remediate → verify/close)
- CAP governance
- issue severity rating frameworks
- risk/control relationships and materiality
1.) Exceptional written communication and storytelling skills (ability to produce executive-ready narratives).
2.) Strong executive presence with the ability to challenge and influence senior stakeholders.
3.) Strong attention to detail
1.) Experience working in a 3LoD operating model in a highly regulated environment (financial services/insurance/healthcare).
2.) Familiarity with control frameworks:
- NIST 800-53 / NIST CSF
- ISO 27001
- COBIT
- Archer / ServiceNow IRM / MetricStream
- Jira for engineering remediation tracking
- Power BI/Tableau (consumption and report formatting)
- CRISC, CISA, CISSP, CISM
Applicant Notices & Disclaimers
- For information on benefits, equal opportunity employment, and location-specific applicant notices, click here
At SPECTRAFORCE, we are committed to maintaining a workplace that ensures fair compensation and wage transparency in adherence with all applicable state and local laws. This position’s starting pay is: $ 80.00/hr.