Risk Management Specialist – TRA, Cloud & Third-Party Security to support large cybersecurity project with client in public sector

Location: Hamilton, ON

Work Model: 2 Days Onsite Mandatory (Tues/Weds) / following week 3 days/week

Hours: 35/Week

Contract: 3-4 months + possibility of extension

• Lead and conduct Threat and Risk Assessments (TRAs) across on‑prem, cloud, and hybrid environments.
• Perform cloud security risk assessments for platforms such as AWS, Azure, or GCP, identifying architectural and configuration risks.
• Execute third‑party/vendor risk assessments, including review of security questionnaires, SOC reports, and supporting evidence.
• Document risk findings clearly and provide practical, prioritized mitigation recommendations.
• Partner with technical, business, and compliance teams to ensure risks are understood and addressed.
• Ensure alignment with internal risk management policies and external regulatory or industry standards.

• Hands-on experience creating, contributing to, and delivering Threat and Risk Assessments (TRAs).
• Strong understanding of risk management frameworks and standards (e.g., NIST, ISO 27001, CIS).
• Working knowledge of cloud security concepts, shared responsibility models, and common cloud risks.
• Experience assessing third-party security posture and identifying supply chain risks.
• Ability to clearly communicate risk, impact, and remediation options to both technical and non-technical stakeholders.

• Intermediate to senior-level experience delivering TRAs in complex or regulated environments.
• Prior experience conducting TRAs for government or public sector organizations.
• Familiarity with regulatory requirements impacting cloud and third-party risk (e.g., privacy, data residency).
• Experience integrating risk assessment outcomes into broader enterprise risk management programs.