Sr. IT Security Specialist, Third Party Risk - 55747

Annex Consulting Group

$90K — $130K *
Information Technology
8 - 10 years of experience
Job Overview by Ladders

Qualifications

  • Bachelor's degree or relevant certifications in Information Security or a related field.
  • 8+ years of experience in cyber risk assessment and risk management.
  • 3+ years specifically in third-party cyber risk assessment experience.
  • In-depth knowledge of IT security disciplines and risk management practices.
  • Ability to influence and communicate effectively with various stakeholders at all levels.

Responsibilities

  • Lead and execute third-party cyber risk assessments for global suppliers.
  • Coordinate with stakeholders to scope and plan assessments based on risk levels.
  • Communicate assessment findings to both internal and external parties.
  • Develop and validate risk mitigation strategies and remediation plans.
  • Ensure compliance with internal standards and industry best practices during assessments.
  • Contribute to the development of a global third-party cybersecurity framework.
  • Identify opportunities for process improvements within the cyber risk assessment function.

Benefits

  • Hybrid work model with 2 days in-office based in Toronto.
  • Opportunity to work in a leading financial institution.
  • Engagement with a diverse team of 25 professionals.
  • Involvement in complex and high-impact projects.
  • Potential for influence on technology risk management culture.
Full Job Description
# of positions: 1

Business Unit: 4 - Chief Information Security Office

Duration: Jan 30th 2026

Extension possible: Yes

Conversion Possible: No

Interview Process: 1 round Virtual ( format = Panel )

Work Location: HYBRID, Toronto, Ontario ( In office 2 days a week )

CANDIDATE PROFILE DETAILS:

Degree/Certifications Required:

Years of experience: 8yrs +

Reason for request/why opened: Replacement

% Interaction with Stakeholders: 70%

Project Scope: BAU

Team Size: 25 ppl

Selling Points of Position: Working within a leading FI organization

SUMMARY OF DAY TO DAY RESPONSIBILITIES:

About the role: We are looking for someone to lead and execute third party cyber risk assessments of global suppliers. The assessor will provide specialized expertise and guidance on assessing risks, identifying potential gaps and providing security solutions to mitigate risks and protect the bank. The assessor may also participate in department initiatives of moderate to high complexity and provide complex reporting, analysis, and assessments at the functional, business line or enterprise level.
• Coordinate with key risk stakeholders to initiate, scope and plan third party cyber risk assessments of new and existing suppliers of all risk levels.
• Lead or contribute to the completion of third-party cyber risk assessments at the business application, portfolio, or overall enterprise level.,
• Communicate the cyber risk assessment results to internal and external stakeholders.
• Coordinate with risk stakeholders to identify appropriate risk mitigation and remediation plans. Perform validation of the risk mitigation and remediation plans upon implementation.
• Complete assessments in accordance with internal procedures and standards, industry frameworks and best practices.
• Guide partners on a broad range of specific Technology Controls and Information Security programs, policies, standards and incidents.
• Contribute to the definition, development, and oversight of a global third-party cyber security management strategy and framework.
• Adhere to internal policies and procedures, technology control standards, and applicable regulatory guidelines.
• Contribute to the review of internal processes and activities and assist in identifying potential opportunities for improvement.
• Influence behavior to reduce risk and foster a strong technology risk management culture throughout the enterprise.

Must haves:

3+ years of third party cyber risk assessment/assessor experience.

Expert knowledge of IT security and risk disciplines and practices.

Advanced knowledge of organization, technology controls, security and risk issues.

Demonstrated ability to participate in complex, comprehensive or large projects and initiatives.

Ability to serve as a lead expert resource in technology controls and information security for project teams, the business, organization and outside vendors.

NICE TO HAVE

Information Security Certification / Accreditation is an asset.

Similar Jobs

More Information Technology Jobs

Find similar Sr. IT Security Specialist, Third Party Risk - 55747 jobs: