Security Specialist Threat Risk Assessment 10341-0910
Toronto, ON
JobCard.seniorityLevels.senior_level
JobCard.employmentTypes.contract
About the role
HM Note: This contract role is remote, and candidates work remotely. Candidates must reside in Ontario, Canada. Candidate resumes must include first and last name, email and telephone contact information. This role commences April 1, 2026.
Description
- Manage and maintain Information Security Management System (ISMS) design and implementation of new information security controls, processes, continuous improvement and documentation
- Provide ongoing operations as required by ISO/IEC27001:2013 including, developing annual information security plan, monitoring performance of ISMS, preparing monthly status report, conducting annual audit and managing
- Lead and support creation of change Security and Privacy impact assessments for system changes Liaison between users and other team members
- Implement and maintain security and privacy audit management program and framework
- Primary point of contact for coordinating and communicating between Security and Privacy resources and technical implementation and business teams
- Work with operation Leads and stakeholders to identify and manage security standards, privacy legislation, compliance and business risks
- Provide operational support for application systems â (MIS) Management Information Systems, and (HRIS) Human Resource Information Systems. Ensure compliance with security and privacy best practices ISO 27000.
Skills
Experience and Skill Set Requirements
Public Sector Experience
- 2+ years of experience working in the healthcare industry
- Knowledge of personal health information protection legislative requirements and how they apply to developing and maintaining healthcare systems containing personal health
Technical Skills
- 5+ years of experience as a privacy expert including:
- Managing privacy risks in the collection, use, and disclosure of assessment information within and between HSP's
- Leading end-to-end operational risk assessments, including selecting risk methodologies, identifying privacy compliance gaps, priorities, dependencies and redundancies, and recommending process remediation or simplification implementing information privacy best practices in the operation of healthcare systems containing personal health information
- Developing, implementing and operating information security and privacy risk management programs based on the ISO/IEC 17799/27001/27799 standards, including strategic planning, benefits-driven approaches, performance evaluations and implementation plans
- Implementing information security and privacy best practices, including but not restricted to, risks to the security of data (such as financial information) and risks to the privacy of personal information
- Experience with commonly used business software (e.g. word processing, spreadsheet, database management in order to develop complete systems, user and operations documentation
Privacy Impact Assessment (PIA) Skills
- Extensive experience in conducting conceptual, logical and physical Privacy Impact Analysis (PIA's), Threat Risk Analysis (TRA's);
- Experience in testing privacy and security functions
- Extensive experience of implementing and operating security technologies and conducting vulnerability assessments and penetration testing
Stakeholder Engagement and Communication Skills
- Proven track record for building strong working relationships
- Strong interpersonal, and verbal and written communication skills
- Excellent customer service skills, including tact and diplomacy to ensure client needs are managed effectively
- Excellent analytical, problem-solving and decision-making skills
- Ability to apply strong listening skills to facilitate issue resolution
- A motivated, flexible, creative team player with perseverance, excellent multi-tasking abilities and a proven track record for meeting strict deadlines
Must Haves:
- Leading end-to-end operational risk assessments, including selecting risk methodologies, identifying privacy compliance gaps, priorities, dependencies and redundancies, and recommending process remediation or simplification implementing information privacy best practices in the operation of healthcare systems containing personal health information
- Developing, implementing and operating information security and privacy risk management programs based on the ISO/IEC 17799/27001/27799 standards, including strategic planning, benefits-driven approaches, performance evaluations and implementation plans
About Foilcon
IT Services and IT Consulting
1-10
At Foilcon, we are focused on delivering results to our clients. To be their go to partner for technical services, application developement, integration and training. This leads us to our goals of being a great partner and being the good guys.
With our global resources, we bring the rest of the world within reach to our customers.
Our nimble, experienced team moves from ideas to execution rapidly.
Our motto..There is always a way
Security Specialist Threat Risk Assessment 10341-0910
Toronto, ON
JobCard.seniorityLevels.senior_level
JobCard.employmentTypes.contract
About the role
HM Note: This contract role is remote, and candidates work remotely. Candidates must reside in Ontario, Canada. Candidate resumes must include first and last name, email and telephone contact information. This role commences April 1, 2026.
Description
- Manage and maintain Information Security Management System (ISMS) design and implementation of new information security controls, processes, continuous improvement and documentation
- Provide ongoing operations as required by ISO/IEC27001:2013 including, developing annual information security plan, monitoring performance of ISMS, preparing monthly status report, conducting annual audit and managing
- Lead and support creation of change Security and Privacy impact assessments for system changes Liaison between users and other team members
- Implement and maintain security and privacy audit management program and framework
- Primary point of contact for coordinating and communicating between Security and Privacy resources and technical implementation and business teams
- Work with operation Leads and stakeholders to identify and manage security standards, privacy legislation, compliance and business risks
- Provide operational support for application systems â (MIS) Management Information Systems, and (HRIS) Human Resource Information Systems. Ensure compliance with security and privacy best practices ISO 27000.
Skills
Experience and Skill Set Requirements
Public Sector Experience
- 2+ years of experience working in the healthcare industry
- Knowledge of personal health information protection legislative requirements and how they apply to developing and maintaining healthcare systems containing personal health
Technical Skills
- 5+ years of experience as a privacy expert including:
- Managing privacy risks in the collection, use, and disclosure of assessment information within and between HSP's
- Leading end-to-end operational risk assessments, including selecting risk methodologies, identifying privacy compliance gaps, priorities, dependencies and redundancies, and recommending process remediation or simplification implementing information privacy best practices in the operation of healthcare systems containing personal health information
- Developing, implementing and operating information security and privacy risk management programs based on the ISO/IEC 17799/27001/27799 standards, including strategic planning, benefits-driven approaches, performance evaluations and implementation plans
- Implementing information security and privacy best practices, including but not restricted to, risks to the security of data (such as financial information) and risks to the privacy of personal information
- Experience with commonly used business software (e.g. word processing, spreadsheet, database management in order to develop complete systems, user and operations documentation
Privacy Impact Assessment (PIA) Skills
- Extensive experience in conducting conceptual, logical and physical Privacy Impact Analysis (PIA's), Threat Risk Analysis (TRA's);
- Experience in testing privacy and security functions
- Extensive experience of implementing and operating security technologies and conducting vulnerability assessments and penetration testing
Stakeholder Engagement and Communication Skills
- Proven track record for building strong working relationships
- Strong interpersonal, and verbal and written communication skills
- Excellent customer service skills, including tact and diplomacy to ensure client needs are managed effectively
- Excellent analytical, problem-solving and decision-making skills
- Ability to apply strong listening skills to facilitate issue resolution
- A motivated, flexible, creative team player with perseverance, excellent multi-tasking abilities and a proven track record for meeting strict deadlines
Must Haves:
- Leading end-to-end operational risk assessments, including selecting risk methodologies, identifying privacy compliance gaps, priorities, dependencies and redundancies, and recommending process remediation or simplification implementing information privacy best practices in the operation of healthcare systems containing personal health information
- Developing, implementing and operating information security and privacy risk management programs based on the ISO/IEC 17799/27001/27799 standards, including strategic planning, benefits-driven approaches, performance evaluations and implementation plans
About Foilcon
IT Services and IT Consulting
1-10
At Foilcon, we are focused on delivering results to our clients. To be their go to partner for technical services, application developement, integration and training. This leads us to our goals of being a great partner and being the good guys.
With our global resources, we bring the rest of the world within reach to our customers.
Our nimble, experienced team moves from ideas to execution rapidly.
Our motto..There is always a way