Security Specialist - Senior at Innosystech Inc — NeverHard

Job Title: Security Specialist Senior Location: Toronto, Ontario Work Model: Hybrid Must Have 10+ years of experience in security risk management & threat assessments Strong knowledge of risk frameworks (ISO 31000, NIST RMF) Hands-on experience with threat modelling methodologies (STRIDE, DREAD) Expertise in identifying and prioritizing vulnerabilities across cyber, physical, and operational domains Experience with risk assessment matrices and risk evaluation techniques Strong reporting & stakeholder communication skills (technical + executive) Knowledge of regulatory/compliance frameworks (e.g., PHIPA) Description Responsibilities Conduct end-to-end Threat Risk Assessments (TRA) Develop and apply threat models and risk frameworks Identify vulnerabilities and assess risk likelihood & impact Maintain risk registers and assessment documentation Produce detailed TRA reports and mitigation strategies Collaborate with stakeholders to align security with business goals Support audit, compliance, and governance activities Perform gap analysis against standards and best practices Stay updated on emerging threats and security trends Contribute to continuous improvement of security risk management frameworks General Skills Strong analytical and critical thinking ability Excellent written and verbal communication Ability to work on complex, high-risk environments Strong documentation and reporting expertise Ability to manage priorities in fast-paced environments Proactive and adaptive mindset Desirable Skills Public sector experience Familiarity with ISO 27001, NIST CSF, CIS Controls Experience with tools like Nessus, OpenVAS Knowledge of MITRE ATT&CK, PASTA frameworks Primary Skills Threat Risk Assessment (TRA) Threat Modelling (STRIDE, DREAD) Risk Management Frameworks (ISO, NIST) Vulnerability Assessment Security Governance & Compliance Secondary Skills Gap Analysis Risk Register & Reporting Security Documentation Stakeholder Communication Audit & Compliance Support Skills Breakdown Technical & Functional 50% TRA execution and reporting Threat modelling and risk analysis Security frameworks and compliance Vulnerability and risk identification Stakeholder & Delivery 30% Business and executive communication Reporting and presentation Collaboration with cross-functional teams Professional Skills 20% Communication (written & verbal) Time management & prioritization Independent and team-based delivery