Job Specifications
Information Security Risk and Privacy Consultant (Contract, 4-6 Months)
Position Title: Information Security Risk and Privacy Consultant
Contract Duration: 4-6 months (with potential for extension) - downtown Toronto
Reports To: Information Security Risk Manager
Role Overview
We are seeking an experienced Information Security professional to join our team on a short-term contract. The successful candidate will be responsible for conducting vendor risk assessments and privacy impact assessments (PIAs) to ensure compliance with security, privacy, and regulatory standards. This role requires strong analytical skills, attention to detail, and a solid understanding of information security frameworks, data privacy laws, and vendor management practices.
Key Responsibilities
Perform vendor risk assessments to evaluate third-party security controls, policies, and procedures.
Conduct and document Privacy Impact Assessments (PIAs) for new and existing projects, products, and services.
Collaborate with internal stakeholders (procurement, legal, compliance, and IT teams) to assess risks and recommend mitigation strategies.
Review vendor contracts and agreements to identify potential security and privacy gaps.
Develop and present assessment reports with clear findings and actionable recommendations.
Ensure compliance with relevant regulations and standards (e.g., FIPPA, PHIPA, NIST, etc).
Provide guidance on privacy, cybersecurity controls, and risk management.
Qualifications & Skills
Bachelor's degree in Information Security, Computer Science, or a related field (or equivalent work experience).
Professional experience in information security, risk management, or privacy compliance.
Strong knowledge of information security frameworks and standards (ISO 27001, NIST, SOC 2, CIS Controls).
Hands-on experience conducting vendor risk assessments and privacy impact assessments.
Familiarity with global privacy regulations (GDPR, FIPPA, PIPEDA, PHIPA etc.).
Excellent written and verbal communication skills with the ability to present findings to both technical and non-technical stakeholders.
Strong organizational skills with the ability to manage multiple assessments simultaneously.
Experience in privacy impact assessments
Experience with conducting vendor risk assessments
Strong understanding of and experience in information security risk management processes
Excellent communication skills, strong attention to detail, and go getter mentality.
Contract Details
Duration: 4-6 months (potential extension based on business needs).
Hours: Full-time, 37.5 hours per week.
Location: Hybrid
About the Company
Alquemy challenges traditional thinking and drives innovation through expert delivery of IT consultants, contractors and permanent staff in the areas of IT operations, software development, security, infrastructure, cloud technologies, and IT transformation. Our team creates measurable business value to help your organization gain a competitive edge.
Alquemy has grown quickly since opening our doors; today Alquemy operates across Canada and is actively working with the top contract and full-time talent across North America....
Know more