IT Security Risk & Compliance Specialist

LeverageTek Staffing Solutions is seeking an IT Security Risk & Compliance Specialist for a 6-month contract based in Ottawa.

Work Location: The candidate must work 1x/week onsite at the Ottawa client location.

1. Develop and perform cybersecurity risk, compliance, and threat management, focusing on threat risk assessments and risk management involving vendors, partners, and technology solutions.
2. Provide IT security and risk advisory support, including vendor and supply-chain security, SDLC, and project risks.
3. Contribute to security risk and compliance management programs, governance frameworks, and processes.
4. Conduct IT security risk assessments, prepare assessment reports, and deliver summary presentations.
5. Perform supply chain security assessments for IT products, SaaS, hosted services, and third-party partners to ensure security controls meet business needs.
6. Improve risk assessment processes and governance documentation continuously.
7. Support integration of security risk and compliance into IT architecture, engineering, and SDLC processes.
8. Prepare high-standard reports, policies, standards, and cybersecurity guidance documentation.
9. Develop and document cybersecurity policies, guidelines, and operational procedures.
10. Provide high-quality support to IT and internal stakeholders, responding promptly and professionally.
11. Perform other related duties as needed.

1. 8+ years in IT security threat and risk assessments, with formal reporting experience.
2. Expertise in assessing compliance against IT security frameworks, standards, or audit objectives.
3. Experience in developing IT security policies, standards, and guidelines.

1. University degree in Computer Science/Engineering or College diploma.
2. Experience in risk, compliance, and security program planning and reporting.
3. Knowledge of industry standards like NIST, ISO/IEC 27001/2, COBIT, SOC 2, PCI-DSS, etc.
4. Experience with security controls for SaaS, Azure, Microsoft 365, on-premises infrastructure, and mobile devices.
5. Proficiency in Azure and M365 compliance, vulnerability management, and security scoring.
6. Experience with governance frameworks and documentation for security risk management.
7. Knowledge of Microsoft Purview and information protection controls.
8. Ability to develop security strategies and maturity assessments.
9. Experience with GCP security concepts.
10. Excellent communication skills and project management abilities.

• French language skills are a strong asset.

Founded in 2003, LeverageTek provides staffing solutions across North America, specializing in technology, accounting, finance, sales, HR, supply chain, and legal talent acquisition. We offer both contract and permanent staffing, executive search, and related services.

LeverageTek is committed to diversity, inclusion, and equal opportunity employment. Accessibility accommodations are available upon request.