Day To Day Responsbilities:

• The Manager will lead end-to-end security and technology risk assessments for third-party vendors, SaaS platforms, enterprise applications, and emerging AI-based solutions.
• This includes reviewing vendor documentation and evidence such as SOC 2 reports, ISO 27001 certifications, and other security artifacts to evaluate security posture and identify potential control gaps.
• They will conduct vendor interviews and technical validation sessions, reviewing architecture diagrams, data flows, and integration patterns to identify potential risks related to data protection, identity access management, multi-tenancy, and cloud architecture design.
• The role also involves translating technical findings into clear risk statements, remediation requirements, or compensating controls that can be communicated to business stakeholders.
• The Manager will also support AI and GenAI solution assessments, evaluating how vendors handle data usage, governance, model integration, and security controls to ensure responsible and secure adoption of emerging technologies.
• In addition to third-party reviews, the role will perform periodic security control assessments of internal enterprise systems and applications, ensuring continued alignment with enterprise security standards.
• The individual will also participate in cross-functional control reviews across key domains such as IAM and PAM to identify systemic security gaps and improve overall control maturity across the organization. Strong communication and stakeholder management skills are critical, as the role requires presenting findings and recommendations to both technical teams and executive stakeholders, often defending risk positions and escalating concerns when necessary.

Must Haves: 

• 10–15+ years of experience in Cybersecurity, Technology Risk, or Information Security 
• Strong experience performing third-party/vendor security assessments and technology risk reviews
• Deep understanding of SaaS security, cloud architectures, and vendor product security evaluations
• Experience reviewing architecture diagrams, data flows, and integration models to identify risk
• Knowledge of security frameworks such as NIST, ISO 27001, SOC 2, CIS, OWASP, or COBIT
• Experience evaluating security controls across IAM, data protection, application security, vulnerability management, and incident response  Strong stakeholder communication and presentation skills with ability to translate technical risk into business decisions
• Experience producing structured risk assessment reports and executive summaries.
• pay range : 80-86/hr without benefits

We may use AI-enabled and/or automated tools to support parts of our recruitment process, including application screening, interview scheduling, and candidate communications. These tools are used to enhance consistency and efficiency. All hiring decisions involve human review and are not based solely on automated processing.

The Company offers a total rewards package in accordance with all applicable federal, provincial, and local laws and requirements. Benefit eligibility and offerings vary based on role, employment status, and work location. For contractor positions, benefits are limited to those entitlements and protections required by applicable law, which may include (as applicable) vacation pay, public holidays, leaves of absence, and other legally mandated benefits or payments.