Back to Search Results

TPRM Security Consultant

Post Date

Apr 06, 2026

Location

Toronto,
Ontario

ZIP/Postal Code

M5E 1
Canada
Jun 25, 2026 Insight Global

Job Type

Contract

Category

Security Engineering

Req #

TOR-bdfe9c21-21d6-48bb-a64f-71d423f8d81c

Pay Rate

$54 - $68 (hourly estimate)

Who Can Apply

  • Candidates must be legally authorized to work in Canada

Job Description

Insight Global is looking for an Information Security Consultant to help remediate OSFI regulations findings for a large financial services company.

The primary finding was that third party suppliers should not have a document with facts stating the company's statement/answers that is too outdated due the high likelihood that this information has changed over time.

You will define and maintain risk acceptance and evidence currency criteria, including formal acceptance standards for SOC 1, SOC 2, business continuity, disaster recovery, and ISO reports. Establish and document clear thresholds (e.g., SOC 2 reports must be issued within an acceptable timeframe such as within 12 months of the assessment period end or aligned to the start of the risk assessment) and escalate exceptions where criteria are not met.
Interpret and operationalize OSFI regulatory expectations, translating supervisory guidance into actionable program requirements, procedures, and control documentation. Ensure regulatory intent is clearly reflected in TPRM workflows, governance artifacts, and evidence retention practices.
Build and continuously improve risk rating criteria across inherent risk, residual risk, and criticality tiers, ensuring consistency across vendor domains, control areas, and lines of business.
Design, implement, and execute a formal QA and quality assurance review process across third‑party risk assessments, control evaluations, and supporting documentation. Validate completeness, accuracy, timeliness, and alignment to regulatory and internal policy standards.


Establish and document evidence lifecycle management procedures, including how long SOC reports, business continuity plans, third‑party contingency plans, and related artifacts remain valid in the system before renewal or re‑assessment is required, in line with OSFI expectations.


Provide expert guidance on control procedures related to third‑party risk, including information security, business continuity, disaster recovery, operational resilience, and compliance controls. Partner with internal stakeholders and suppliers to remediate gaps and clarify expectations.


Lead program enhancements and modifications, identifying opportunities to strengthen the TPRM framework based on regulatory feedback, audit findings, emerging risks, and industry best practices.

Modify and optimize TPRM workflows, tooling, and approval processes to improve efficiency, consistency, and auditability while maintaining strong governance and risk oversight.

Develop, maintain, and update TPRM documentation, including frameworks, standards, procedures, operating guides, and governance materials. Ensure documentation clearly supports regulatory reviews, audits, and senior management reporting.

Prepare and deliver clear, concise updates to senior leadership and executives, including risk posture summaries, acceptance decisions, material issues, and program maturity insights.

We are a company committed to creating diverse and inclusive environments where people can bring their full, authentic selves to work every day. We are an equal opportunity/affirmative action employer that believes everyone matters. Qualified candidates will receive consideration for employment regardless of their race, color, ethnicity, religion, sex (including pregnancy), sexual orientation, gender identity and expression, marital status, national origin, ancestry, genetic factors, age, disability, protected veteran status, military or uniformed service member status, or any other status or characteristic protected by applicable laws, regulations, and ordinances. If you need assistance and/or a reasonable accommodation due to a disability during the application or recruiting process, please send a request to HR@insightglobal.com.To learn more about how we collect, keep, and process your private information, please review Insight Global's Workforce Privacy Policy: https://insightglobal.com/workforce-privacy-policy/.

Required Skills & Experience

- 7-15 years of experience within risk or cybersecurity with a recent focus (last 4-5 years+ within TPRM)
- Experience working with major North American banks
- Understanding end to end TPRM
- Experience with regulation projects (OSFI, CDIC, FRB)
- Create risk rating criteria
- Building out QA process for control and risk domains on working with third party suppliers
- Guidance on control procedures
- Experience with SOC 1, SOC 2, business continuity, disaster recovery, ISO certifications
- Documentation of frameworks, modifying workflows, and updating executives
- Excellent communication with the ability to retrieve information from various stakeholders, as well as to present to various stakeholders and executies
- Ability to go on-site downtown Toronto up to 2 days per week

Benefit packages for this role will start on the 1st day of employment and include medical, dental, and vision insurance, as well as HSA, FSA, and DCFSA account options, and 401k retirement account access with employer matching. Employees in this role are also entitled to paid sick leave and/or other paid time off as provided by applicable law.

Save
Print Save
Apply