Threat Risk Assessment Consultant to Evaluate Security of MD365 in Public Sector

Location: Hamilton, ON – Hybrid (2 Days Onsite: Tuesdays and Wednesdays)

Responsibilities:

• Lead and conduct a comprehensive Threat Risk Assessment (TRA) of the MD365 platform.
• Review the technical configuration, security settings, and customizations of existing applications on the platform.
• Conduct interviews with stakeholders and technical teams to gather necessary assessment data.
• Analyze authorization models, integrations, portal configurations, and data security frameworks.
• Prepare a formal TRA report with findings and actionable recommendations.
• Present results to business stakeholders in a clear, non-technical manner.
• Conduct follow-ups as needed to clarify assessment results and next steps.
• Document the TRA output and ensure final reports are uploaded to the designated SharePoint repository.

Must Haves:

• Strong experience conducting Threat Risk Assessments, ideally in government or regulated environments.
• Experience with Microsoft Dynamics 365 and understanding of its security architecture (authorization, permissions, integrations, Azure connections, etc.).
• Strong knowledge of Microsoft ecosystem security (e.g., Azure AD, API security, GRC controls).
• Ability to communicate technical findings to both technical teams and non-technical business stakeholders.
• Experience assessing platforms with multiple components across security domains.
• Previous experience conducting TRAs for government or public sector clients is preferred.
• Ability to independently produce high-quality documentation, reports, and recommendations.

Nice to Haves:

• Previous experience conducting TRAs for government or public sector clients is preferred.