Senior Cyber Security Specialist

Join to apply for the Senior Cyber Security Specialist role at Sobeys

Join to apply for the Senior Cyber Security Specialist role at Sobeys

Get AI-powered advice on this job and more exclusive features.

Requisition ID: 189040

Career Group: Corporate Office Careers

Job Category: Cyber Security GRC

Travel Requirements: 0 - 10%

Job Type: Full-Time

Country: Canada (CA)

Province: Nova Scotia; Alberta; Ontario

City: Dartmouth / Stellarton / Calgary / Mississauga

Location: Tahoe Office, Calgary Office, Dartmouth Office, Foord St. Office

Embark on a rewarding career with Sobeys Inc., celebrated among Canada’s Top 100 employers, where your talents contribute to our commitment to excellence and community impact.

Our family of 128,000 employees and franchise affiliates share a collective passion for delivering exceptional shopping experiences and amazing food to all our customers. Our mission is to nurture the things that make life better – great experiences, families, communities, and our employees. We are a family nurturing families.

A proudly Canadian company, we started in a small town in Nova Scotia but we are now in communities of all sizes across this great country. With over 1,600 stores in all 10 provinces, you may know us as Sobeys, Safeway, IGA, Foodland, FreshCo, Thrifty Foods, Lawtons Drug Stores or another of our great banners but we are all one extended family.

Ready to Make an impact?

Sobeys is full of exciting opportunities, and we are always looking for bright new talent to join our team! We currently have a full-time opportunity for a Senior Cyber Security Specialist. This role can be based out of one our main offices including: Stellarton, NS; Mississauga, ON.

Here’s Where You’ll Be Focusing

Senior Cyber Security Specialist – GRC | TPRM

Responsibilities

• Lead the execution and continuous improvement of the Third-Party Risk Management (TPRM) program.
• Manage and triage the intake process for third-party cybersecurity assessments, ensuring timely and efficient handling of requests from business units.
• Collaborate closely with procurement, legal, privacy, enterprise risk, and business stakeholders to evaluate and onboard vendors in alignment with cybersecurity and risk requirements.
• Conduct thorough cybersecurity risk assessments of third-party vendors and service providers, including cloud and SaaS providers.
• Review and assess third-party control documentation (e.g., SOC 2, ISO 27001, SIG, CAIQ) to determine adequacy and alignment with organizational risk tolerance.
• Drive risk remediation activities by working with third parties and internal stakeholders to address identified gaps or weaknesses.
• Maintain a centralized inventory of critical third-party relationships, including risk ratings and assessment statuses.
• Monitor the threat landscape for third-party-related risks, emerging vulnerabilities, or data breaches.
• Contribute to the development and refinement of TPRM policies, standards, procedures, and assessment tools.
• Develop, monitor, and report on KPIs and KRIs related to third-party risk management to ensure program effectiveness and alignment with enterprise risk objectives.
• Create dashboards and regular reports for leadership and governance committees, tracking assessment completion rates, remediation timelines, vendor risk tiering, and emerging threats.
• Analyze KPI trends to identify areas for program improvement and provide recommendations for process optimization.
• Act as a key liaison between cybersecurity and other departments to ensure third-party risk considerations are embedded into procurement, contracting, and business planning processes.
• Support internal and external audit activities related to third-party cybersecurity risks.
• Demonstrate strong attention to detail when reviewing assessment documentation, tracking vendor statuses, and recording risk decisions.
• Ensure the accuracy, completeness, and consistency of risk assessments and related documentation, maintaining high-quality standards across all deliverables.
• Support the Manager, Cybersecurity GRC, with tasks related to Enterprise and IT Risk Management and broader GRC initiatives.
  
  

Requirements

What you have to offer:

• 5+ years of experience in cybersecurity, risk management, or IT audit, with at least 3 years focused on third-party/vendor risk.
• A professional designation in information security, control, or governance (e.g., CISA, CISSP, CRISC, CTPRP) is desirable.
• University degree in Computer Science, Information Security, Risk Management, or a related field.
• Strong working knowledge and experience with IT risk frameworks and standards such as NIST, ISO 27001, SIG, and CSA CCM.
• Proficient in assessing cybersecurity controls and identifying gaps in third-party environments.
• Proven experience in writing cybersecurity and risk policies, procedures, and assessment reports.
• Experience using third-party risk management platforms (e.g., ServiceNow, Archer, OneTrust, ProcessUnity, BitSight, or similar).
• Excellent analytical, communication, and interpersonal skills, with the ability to influence and collaborate across cross-functional teams.
  
  

At Sobeys we require our teammates to have the ability to adhere to a hybrid work model that requires your presence at one of our office locations at least three days per week. This requirement is integral to our commitment to team collaboration and the overall success of our office culture.

We offer a comprehensive Total Rewards package, which varies by role and designed to help our teammates to live better – physically, financially and emotionally.

Some websites share our job opportunities and may provide salary estimates without our knowledge. These estimates are based on similar jobs and postings for general comparison, but these numbers are not provided by our organization nor monitored for accuracy.

We will consider factors such as your working location, work experience and skills as well as internal equity, and market conditions to ensure the selected candidate is paid fairly and competitively. We look forward to discussing the specific compensation details relevant to this role with candidates who are selected to move forward in the recruitment process.

Our Total Rewards programs, for full-time teammates, goes well beyond your paycheque:

• Competitive Benefits Package, tailored to meet your needs, including health and dental coverage, life, short- and long-term disability insurance.
• Access to Virtual Health Care Platform and Employee and Family Assistance Program.
• A Retirement and Savings Plan that provides you with the opportunity to build and add value to your savings.
• A 10% in-store discount at our participating banners and access to a wide range of other discount programs, making your purchases more affordable.
• Learning and Development Resources to fuel your professional growth.
• Parental leave top-up
• Paid Vacation and Days-off
  
  

We are committed to accommodating applicants with disabilities throughout the hiring process and will work with applicants requesting accommodation at any stage of this process.

• Seniority level
  Mid-Senior level

• Employment type
  Full-time

• Job function
  Engineering and Information Technology
• Industries
  Retail

Referrals increase your chances of interviewing at Sobeys by 2x

Get notified about new Cyber Security Specialist jobs in Calgary, Alberta, Canada.

We’re unlocking community knowledge in a new way. Experts add insights directly into each article, started with the help of AI.