Job Description: IT - Security Specialist V Start Date: ASAP Duration: 8 months with possible extension Work Location 2 days on site, 3 days work from home – 4 days on site at some point in 2026. There is a possibility of working at a different Hub location within Ontario, however, the Toronto office is highly preferred. Anchor Days: Flexible Address: 310-320 Front Street West Corporate, Toronto, Ontario Travel Required: No Possibility of any Additional Upcoming Furlough: Standard Story Behind the Need Reason for Request / Why Opened: Project support Scope of Project: uplifting reporting space within GRC groups Team Size / Culture: 10 people, collaborative working environment Training Period: Client onboarding and hit the ground running Selling Points of Position (CVP): Opportunity for long-term, very high visibility work with leadership team, opportunity to network and grow within bank Candidate Profile Details Degree / Level of Education: Post secondary is a nice to have – work experience is more important Certifications Required: Nothing required Years of Overall Experience: 8+ years with flexibility How Performance Will Be Measured: hitting deliverables and timelines Preferred / Ideal Candidate Background: banking or financial experience is an asset, strong BI tool experience and advanced level Excel skills Role Summary The Technology & Cyber Issues Reporting and Insights Lead is responsible for developing and delivering executive-level reporting and insights for cybersecurity and technology issues management, including control gaps, audit findings, regulatory matters requiring attention, risk acceptances/exceptions (as applicable), and corrective action plan progress. This role synthesizes inputs from the Three Lines of Defense (3LoD) to create a consistent, defensible view of technology and cyber issue health: severity, aging, trends, root causes, themes/patterns, and risk impact. This includes deep analysis of systemic issues and recurring control gaps and presenting these insights to senior leadership and risk committees. This role does not own issue remediation execution. It owns the portfolio intelligence, reporting integrity, and governance-facing narrative. Typical Day-to-Day Responsibilities 25% of their day will be spent in meetings Interacting with internal partners Will the contractor have access to any customer data? No Key Responsibilities Issues Portfolio Reporting & Governance Packs Produce recurring issues management reporting for: Technology Risk Committees Cyber Governance forums Operational risk committees Senior leadership and board-level reporting as required Create standardized portfolio views including: issue aging (by severity, domain, owner) SLA breaches and overdue CAPs open vs closed trends issue reopen rates / repeat issues thematic/systemic issues and recurring control gaps 3LoD Alignment & Reporting Integrity Integrate and normalize reporting across the Three Lines of Defense: 1LoD: technology/cyber control owners, remediation teams 2LoD: cyber GRC / operational risk oversight 3LoD: internal audit results and findings Ensure consistent “language of risk” across lines: severity/criticality tiers materiality thresholds taxonomy alignment (risk/control/requirement) defensible classification between issue vs control gap vs improvement item Control Gap & Issues Trend Analysis (Patterns + Root Cause Themes) Identify patterns such as: recurring failures in the same control objectives systemic breakdowns (process, tooling, accountability) concentration risk (teams or platforms driving issue volume) persistent audit repeats or remediation failures Perform thematic analyses across: domains (IAM, VM, SOC, Cloud, AppSec, Data Protection) technology types (legacy platforms, SaaS, endpoints) control families (access, logging, change mgmt, third party) Develop “what’s driving this?” insights and forward-looking risk signals. Executive Narratives & Committee Readouts Translate issue portfolio data into: clear storylines drivers/root causes risk impact narratives (“why this matters”) clear asks and decisions Develop meeting talking points and executive briefs for the CISO / CIO / CRO. Challenge owners’ narratives when unsupported, unclear, or inconsistent with data. Issues Data Quality, Evidence & Defensibility Own portfolio reporting controls and evidence trails: reconciliation between issue system-of-record and reports data quality checks (missing owners, dates, severities) audit-ready documentation supporting committee materials Maintain standard definitions for reporting measures such as: aging calculation rules breach logic reopen logic issue closure evidence expectations Continuous Improvement & Automation Enablement Improve issues reporting through: better visuals and templates automation of reporting feeds (e.g., Archer, ServiceNow IRM/GRC) better taxonomy and structured issue capture Define requirements for dashboards and analytics (but not responsible for building ETL pipelines). Core Skills & Competencies Excellent risk writing and executive storytelling Strong judgment: materiality, severity, and escalation triggers Deep attention to accuracy and consistency (reporting defensibility) Ability to influence and challenge across 1LoD/2LoD/3LoD Strong process governance and delivery rigor (deadlines / committees) Key Deliverables Monthly/quarterly Technology & Cyber Issues Portfolio Pack Executive dashboards: aging, breaches, themes, repeats, closure health Thematic control gap reporting and systemic issue analysis Committee briefing notes, risk narratives, and action/decision logs Definitions document + reporting controls for defensibility Success Measures Improved transparency and consistency in issue portfolio reporting Reduction in reporting disputes due to strong definitions + data controls Earlier detection of thematic/systemic control gaps Strong audit/regulatory defensibility of committee materials Leadership confidence in issue health interpretation and prioritization Must-Have Hard Skills 1.) 8+ years of experience in cyber/technology risk, issues management, audit reporting, cyber GRC, or enterprise operational risk. 2.) Demonstrated experience building leadership reporting packs for: issue health audit/regulatory outcomes control performance and remediation execution tracking 3.) Strong understanding of: issues management lifecycle (identify → validate → remediate → verify/close) CAP governance issue severity rating frameworks risk/control relationships and materiality Soft Skills 1.) Exceptional written communication and storytelling skills (ability to produce executive-ready narratives). 2.) Strong executive presence with the ability to challenge and influence senior stakeholders. 3.) Strong attention to detail Nice-to-Have 1.) Experience working in a 3LoD operating model in a highly regulated environment (financial services/insurance/healthcare). 2.) Familiarity with control frameworks: NIST 800-53 / NIST CSF ISO 27001 COBIT 3.) Tooling exposure: Archer / ServiceNow IRM / MetricStream Jira for engineering remediation tracking Power BI/Tableau (consumption and report formatting) 4.) Certifications (nice-to-have): CRISC, CISA, CISSP, CISM Applicant Notices & Disclaimers For information on benefits, equal opportunity employment, and location-specific applicant notices, click here At SPECTRAFORCE, we are committed to maintaining a workplace that ensures fair compensation and wage transparency in adherence with all applicable state and local laws. This position’s starting pay is: $ 80.00/hr.