CanCareer

4,012 jobs across Canada

Coffee Bar Server -Reg. PTUSobeys · Grande Prairie, AB · Today
Part-time
Meat & Seafood Teammate-Reg. PTSobeys · Shelburne, NS · Today
Part-time$15–20/yr
Pharmacist - PTSobeys · Calgary, AB · Today
Part-time
Pharmacy Assistant II - PTSobeys · Sherwood Park, AB · Today
Part-time
Pharmacist - TermSobeys · Moncton, NB · Today
Part-time
Meat Cutter-Reg. PTSobeys · Calgary, AB · Today
Part-time
Pharmacist Regional Relief - FTSobeys · Mississauga, ON · Today
Full-time$50–53/yr
Replenishment Teammate-PTSobeys · Saint John, NB · Today
Part-time$15.30–19.85/hr
Clerk Sales/Service -Reg. PTUSobeys · Edmonton, AB · Today
Part-time
Project Manager, ITSToronto Community Housing · Toronto/Downtown · Today
$2k/yr
Security Advisor, Governance, Risk and ComplianceToronto Community Housing · Toronto/Downtown · Today
$2k/yr✓ No degree needed
IIA Senior Associate, ScotiaMcLeodScotiabank · Toronto, ON · TodayScotiaMcLeod Investment Associate - Montreal, QCScotiabank · Montreal, QC · Today
✓ Entry-level✓ No degree needed
Senior Financial Advisor - Richmond Hill Main Branch, ONScotiabank · Richmond Hill, ON · TodayFinancial Advisor, Investment & Retirement Planning - Laval and NorthScotiabank · Montreal, QC · TodayMortgage Specialist - GuelphScotiabank · Guelph, ON · TodayVirtual Mortgage Specialist - Ottawa, ON (Bilingual)Scotiabank · Ottawa, ON · TodayManager, Credit Documentation, Canadian Commercial Banking MontrealScotiabank · Montreal, QC · TodaySenior Oracle Database AdministratorScotiabank · Toronto, ON · TodayAssociate, Credit Documentation, Canadian Commercial Banking, MontrealScotiabank · Montreal, QC · Today
✓ Entry-level✓ No degree needed
← All jobs

Security Advisor, Governance, Risk and Compliance

Toronto Community Housing · Toronto/Downtown · Today

$2k/yr✓ No degree needed

See how your resume scores against this role — free, no account needed.

What we offer

In addition to a competitive salary and a rewarding career where you can truly make a difference, we offer a comprehensive package that meets the various needs of our diverse employees, including:

  • Ability to participate in inclusive employee-led networks to educate, inspire, amplify voices, build relationships and provide development opportunities;
  • Minimum three (3) weeks of paid annual vacation days, increasing with years of service;
  • Four (4) paid personal days;
  • Defined benefit pension plan with OMERS, includes 100-per-cent employer matching;
  • Health and dental benefits, including a health spending account available upon your start date;
  • Employee and family assistance program;
  • Maternity and parental leave top up (93% of base salary);
  • Training and development programs including tuition reimbursement of $1500 per calendar year.
  • Fitness membership discount;​

This job offers the opportunity to work from home as part of a hybrid work arrangement. This arrangement will allow you to work some days at a TCHC work location and the rest of the time from home. The amount of time required to work at a TCHC work location is flexible, while considering operational and service delivery requirements.

Make a difference

Reporting to the Senior Manager, Governance, Risk and Compliance (GRC), the Security Advisor is responsible for establishing and governing a risk-based vulnerability management lifecycle covering identification, assessment, prioritization, remediation tracking, validation, reporting, and continuous improvement. The position translates technical vulnerabilities into business risk, ensures SLA/SLO adherence, manages exception and risk acceptance processes, and delivers executive-level reporting on cyber risk exposure.

Key areas of focus include:

  • Participate in security assessments on our in-house developed products as well as procured products.
  • Participate in the planning and design of enterprise security architecture, where appropriate.
  • Ensure vulnerability scans are scheduled and cover all in-scope assets.
  • Review vulnerability findings to confirm accuracy and remove false positives.
  • Apply risk-based prioritization to vulnerabilities using severity, exploitability, and business impact.
  • Track vulnerabilities through the full lifecycle from identification to closure and coordinate with IT, cloud, and application teams to clarify findings and confirm remediation actions.
  • Validate that vulnerabilities have been resolved by reviewing evidence and confirming re-scan results.
  • Identify recurring vulnerabilities or systemic issues such as patching gaps or misconfigurations.
  • Participate in the information security incident response process and support communication of TCHC’s cybersecurity program.
  • Knowledge of legislation (MFIPPA), regulations, policies, procedures, interpretations and apply applicable orders of the Information and Privacy Commissioner of Ontario.

The incumbent will work with a high degree of autonomy, engaging with stakeholders at all levels within TCHC and contributing to the continuous improvement of TCHC’s cyber security posture.

What you’ll do

  • Enterprise VM Governance & Leadership
  • Establish and govern VM framework, standards, procedures and lifecycle
  • Align VM program to IT and Cyber strategy
  • Monitor SLA, escalation and risk acceptance governance
  • Provide advisory to IT and business teams
  • Vulnerability Identification & Assessment
  • Oversee scanning across IT, OT, cloud and applications
  • Ensure asset coverage and scan completeness
  • Analyze vulnerabilities and assess business impact
  • Support Pen testing exercises
  • Risk Prioritization & Remediation Oversight
  • Develop prioritization models (CVSS + business context)
  • Coordinate with remediation teams
  • Track SLA adherence and escalate issues
  • Validate remediation through rescans
  • Improve scanning quality and reduce false positives
  • Conduct root cause analysis
  • Maintain vulnerability register and exceptions
  • Report KPIs (MTTR, SLA, backlog)
  • Produce executive dashboards including reporting, Metrics & KPIs
  • Ensure alignment to NIST, ISO and policies
  • Maintain procedures and documentation
  • Participates in after-hours and on-call schedule

What you’ll need

  • Undergraduate degree (or equivalent experience) in Information Technology, Computer Science, Engineering, Business, or a related field. Information security-specific coursework is an asset.
  • One or more security certifications in good standing, including but not limited to: CEH (Certified Ethical Hacker), EC-Council ECSA, GIAC/SANS certifications, CompTIA CySA+, CISSP, CCSK, or industry equivalents.
  • 5+ years of progressive information security experience in an enterprise environment including security program development, risk and vulnerability analyses, system design, and security architecture.
  • Minimum 2 years in an information security position within a medium to large organization.
  • Demonstrated experience conducting cyber risk assessments, maintaining risk registers, and producing risk reports for management audiences.
  • Exposure to security operations activities including SIEM, EDR, vulnerability management, or incident response support.
  • Demonstrable experience conducting security reviews, implementing information security recommendations, analyzing technical controls, and applying security control standards.
  • Experience working within regulatory or legislative compliance environments (MFIPPA, PIPEDA, or equivalent privacy legislation is an asset).
  • Experience working on solutions that support verticals such as government, finance, human resources, and information management is preferred.
  • Excellent written and verbal communication skills; ability to produce high-quality policies, reports, and proposals for both technical and non-technical audiences.
  • Ability to build effective working relationships with internal and external stakeholders and to affect change in a positive and constructive manner.

Nice to have:

  • Experience with vulnerability management platforms (e.g., Tenable, CrowdStrike, Zscaler, or similar).
  • Familiarity with cloud security principles and hybrid infrastructure risk considerations.
  • Experience with threat intelligence platforms and threat hunting methodologies.
  • Experience with threat intelligence platforms and contextualized risk prioritization methodologies.
  • Exposure to security investigation or digital forensics activities in an enterprise environment.
  • Additional security industry certifications or vendor-specific security product certifications would be considered an asset

What’s next

Once you apply, we’ll review your resume and contact you if we believe your skills and experience will make you successful in the role. If you are selected to move forward, the process will include one or more interviews and/or assessments and reference checks.

INDS