Information Security Specialist (ID#5097)

Information Security Specialist (ID#5097)

New Value Solutions, a national IT consulting company, is seeking an Information Security Specialist to manage and deliver professional, technical, and analytical IT security services. This role will be responsible for providing strategic and tactical planning, development, evaluation, and coordination of the security systems and controls that support organizational business goals. Reporting directly to the Director of Information Technology, the specialist will lead the ongoing enhancement and protection of enterprise systems.

Location: Toronto, Ontario, Canada

• Own and manage all security systems, configurations, and related policies.
• Lead the Vulnerability Management program—analyzing threat data, validating control effectiveness, and recommending mitigation strategies.
• Monitor and assess emerging cybersecurity threats; ensure timely patching and configuration updates across systems.
• Analyze cybersecurity tools, alerts, and incidents to ensure compliance with security best practices and standards.
• Investigate cybersecurity events and incidents; conduct root cause analysis and develop prevention strategies.
• Perform security risk assessments and evaluate the effectiveness of existing security controls.
• Support penetration testing activities and lead remediation efforts.
• Ensure compliance with information security frameworks such as ISO 27001 and NIST; support internal and external audit processes.
• Correlate technical information across systems to assess potential security risks and incidents.
• Prepare periodic security posture reports.
• Assist in developing, testing, and maintaining business continuity and disaster recovery plans.
• Enforce policies related to antivirus, endpoint protection, firewall, vulnerability, and patch management.
• Maintain system compliance through regular scans for malware, phishing, and other threats.
• Respond to and resolve escalated security-related support tickets.
• Create and maintain security documentation and process records.
• Participate in broader IT initiatives as needed.

• Bachelor’s degree or college diploma in computer science, systems administration, engineering, or equivalent.
• 5+ years of relevant industry experience in information security.
• 5+ years in a similar role within a mid- to large-scale enterprise environment.
• 2+ years of operational support experience.
• 2+ years of experience managing vendors in a technical capacity.
• Industry certifications such as CompTIA Security+, GIAC GVA, CISSP, Cisco, VMware, or Microsoft are desirable.
• Equivalent combinations of education and experience may be considered.

• Proven experience managing a Vulnerability Management program.
• Familiarity with ISO 27001 / 27002, ISO 15408, and NIST Cybersecurity Framework.
• Deep understanding of network security and hands-on experience with Cisco platforms (ISE, AnyConnect, AMP, Meraki, SecureX, ASA, FirePower).
• Experience with Microsoft technologies (M365, Azure, Windows Server, Active Directory).
• Strong knowledge of operating systems (Windows, Linux) and web applications.
• Familiarity with email security and DLP tools (Mimecast, Proofpoint, Barracuda, Cisco ESG, EOP).
• Understanding of virtualization, data center technologies, backups, and DR solutions (Veeam, ComVault, ZERTO).
• Excellent communication and documentation skills.
• Strong analytical thinking and time management abilities.
• Familiarity with law firm environments is considered an asset.

• Not Applicable

• Full-time

• Information Technology

• IT Services and IT Consulting