← Browse all jobs
MI

Threat Modelling Security Specialist (Healthcare) 10+ years of experience

Maarut Inc
Toronto, OntarioOn-site3 weeks ago
Apply Now →

About this role

• In-depth knowledge of risk management frameworks (e.g., ISO 31000, NIST RMF) and threat modelling methodologies (e.g., STRIDE, DREAD). • Expertise in identifying, evaluating, and prioritizing threats and vulnerabilities across physical, cyber, and operational domains. • Strong analytical skills to assess potential impacts and likelihoods of various threat scenarios. • Proficiency risk assessment matrices • Excellent communication and reporting abilities to effectively present findings and risk mitigation strategies to both technical teams and executive stakeholders. • Familiarity with legal, regulatory, and compliance requirements, ensuring assessments align with organizational and industry standards (e.g., PHIPAA). • Proactive mindset and situational awareness to anticipate and adapt to emerging threats in a dynamic risk environment. Responsibilities: The Senior Security Specialist will be responsible for conducting Threat Risk Assessments (TRA) plays a critical role in identifying, evaluating, and mitigating security risks across the organization’s systems, processes, and assets. That includes participating in end-to-end risk assessment initiatives, developing and applying threat models, and working closely with stakeholders to understand business objectives and risk tolerance. The Senior Security Specialist will analyze vulnerabilities, assess potential threats, and determine the likelihood and impact of various risk scenarios, and will also be responsible for compiling detailed TRA reports, maintaining risk registers, and proposing actionable mitigation strategies and alignment with regulatory, industry, and organizational security standards, and effectively communicate findings to both technical teams and executive leadership. Additionally, the Security Specialist will contribute to the continuous improvement of risk management frameworks, support audit and compliance activities, and stay informed about emerging threats and security best practices. Deliverables: • TRA Report: A comprehensive document outlining identified threats, vulnerabilities, risks, and proposed mitigation strategies, tailored to the organization’s context. • Risk Register: A structured log of all identified risks, including severity, likelihood, risk rating, responsible owners, and mitigation actions. • Threat Modeling Diagrams: Visual representations of systems, data flows, and potential threat vectors using models like STRIDE or attack trees. • Risk Assessment Matrix: A visual tool mapping the likelihood and impact of risks to prioritize them effectively. • Asset Inventory & Classification: A list of assets in scope (e.g., systems, applications, data) categorized by value and sensitivity. • Vulnerability Assessment Results: A summary of technical vulnerabilities discovered during the assessment, often with outputs from tools like Nessus or OpenVAS. • Gap Analysis: Identification of discrepancies between current security posture and industry standards, best practices, or regulatory requirements. • Mitigation & Remediation Plan: Detailed action plans with timelines and responsibilities for reducing identified risks to acceptable levels. • Executive Summary: A high-level summary tailored for senior leadership, focusing on key findings, business impact, and strategic recommendations. • Compliance Mapping: Documentation showing how risks and controls align with regulatory or standards frameworks (e.g., NIST, ISO 27001, SOC 2). • Presentation Deck: Slide-based briefing to communicate findings, risks, and recommendations to stakeholders in a clear and digestible format. Must Haves: 10+ years experience: • In-depth knowledge of risk management frameworks (e.g., ISO 31000, NIST RMF) and threat modelling methodologies (e.g., STRIDE, DREAD). • Expertise in identifying, evaluating, and prioritizing threats and vulnerabilities across physical, cyber, and operational domains. • Strong analytical skills to assess potential impacts and likelihoods of various threat scenarios. • Proficiency risk assessment matrices • Excellent communication and reporting abilities to effectively present findings and risk mitigation strategies to both technical teams and executive stakeholders. • Familiarity with legal, regulatory, and compliance requirements, ensuring assessments align with organizational and industry standards (e.g., PHIPAA). • Proactive mindset and situational awareness to anticipate and adapt to emerging threats in a dynamic risk environment.
Want to see how well you match this job?
Get AI-scored for free →