Title - Cyber Security Controls Tester & Consultant Location - Downtown Toronto, 2x per week in office
Duration: Contract, 6 months to start -

The role:

We currently have an opportunity for a contract Cyber Security Controls Tester & Consultant working for one of our consulting clients.

-

About the Role:
Our client is seeking an experienced IT Security Controls Tester & Consultant to support the identification and mitigation of operational, IT, and regulatory risks. This role is essential in implementing enterprise-wide risk management initiatives, improving IT security controls, and ensuring compliance with industry standards. As a key player in cybersecurity and risk management, you will work across multiple business units, driving strategic security improvements and ensuring that technology risks are managed effectively.

This is a senior-level position, offering exposure to enterprise-wide risk programs, and providing opportunities to influence IT security strategies and regulatory compliance efforts.

Key Responsibilities - Control Testing & Risk Assessment

• Execute risk-based control assessments to evaluate the design, implementation, and effectiveness of IT and operational controls.
• Participate in all phases of the internal control monitoring process, including planning, testing, risk evaluation, and mitigation strategies.
• Perform concurrent control testing engagements, ensuring quality standards, timelines, and best practices are met.
• Document control testing results, issues, and recommendations in a clear and concise manner.

- Stakeholder Collaboration & Reporting

• Establish and maintain strong working relationships with business units, IT teams, and risk management functions.
• Act as a trusted advisor, guiding teams on control documentation and compliance best practices.
• Collaborate with 2nd and 3rd Lines of Defense (2LOD & 3LOD), including internal audit teams, to align security controls with regulatory expectations.
• Aggregate, analyze, and articulate findings and recommendations to senior leadership and regulatory bodies.

- Control Deficiency Management & Risk Mitigation

• Coordinate with stakeholders to log, manage, and track control deficiencies, ensuring timely remediation.
• Assess remediation plans to confirm they are designed to effectively reduce risk and align with organizational risk appetite.
• Verify corrective actions and provide oversight to ensure risk mitigation strategies are successfully implemented.

- Industry & Regulatory Compliance

• Maintain an in-depth understanding of IT security frameworks, cybersecurity regulations, and industry best practices, including:
  • ISO 27001, NIST 800-53, NIST CSF, NIST 800-171, COBIT, SOC 2
  • OSFI, FINRA, SEC, OCC, FRBNY, and other financial services regulations
• Support regulatory examinations and audits, providing expertise on IT control environments.
• Ensure IT security controls align with financial services regulations, hybrid cloud security requirements, and risk management expectations.

What You Need to Succeed

• Bachelor's degree in Computer Science, Engineering, Information Security, or a related field.
• Preferred Certifications like: CRISC, CISA, CISSP
• 5+ years of experience in IT Security, IT Risk Management, IT Audit, or Cybersecurity, with at least 3 years focused on controls testing, compliance, or security assessments.
• Experience within financial services, public accounting (Big 4), or IT regulatory environments.

Technical Skills & Knowledge:

• Strong understanding of IT risk management, cybersecurity frameworks, and regulatory compliance requirements.
• Experience with control testing methodologies for Cybersecurity, Cloud Security, IT Operations, and Network Security.
• Familiarity with hybrid cloud environments and enterprise security controls.

Nice-to-Have Qualifications:

Industry Frameworks & Regulations:

• Experience working with ISO 27001, NIST 800-53, NIST CSF, NIST 800-171, COBIT.
• Knowledge of financial sector compliance (OSFI, FINRA, SEC, OCC).
• Understanding of hybrid cloud security requirements and enterprise risk management.

Additional Experience:

• Big 4 consulting or IT risk audit experience (Nice to Have)
• Prior experience working in cybersecurity or IT risk management teams.

--
CorGTA is an equal opportunity employer, please apply with an updated resume and ensure the required skills you are able to speak to for this position are included.

For more roles like this please go to www.corgta.com/find-a-job/