Information Security Risk Specialist

About Us:

At Beanfield, we’re not just building networks, we’re building communities. We’re dedicated to investing in our 100% Canadian-based employees, 100% Canadian-driven investments, and our 100% Canadian operations. We’ve spent over 35 years growing a fibre-optic network that connects people and businesses across Toronto, Montreal, and Vancouver. Beanfield has always challenged the status quo, believing that everyone deserves fast and reliable fibre internet. 

We are Challengers, leading the way, disrupting the industry with a startup mentality and a focus on building our own infrastructure.

We are United, operating as one team, where everyone's ideas are valued. 

We Care, prioritizing the well-being of our employees, partners, customers, and communities. We foster trust, communicate openly, and focus on our brand and customers. 

Come join our team as we continue to connect communities and foster choice, by providing fast and reliable fibre Internet to Canadians.

Position Summary:

The Information Security Risk Specialist plays a critical role in safeguarding Beanfield’s information assets by identifying, analyzing, and mitigating potential cyber threats. Reporting to the Director of Information Security, this role is responsible for overseeing governance, risk, and compliance (GRC) initiatives, managing vulnerabilities, monitoring for threats, and responding to security incidents. The Information Security Risk Specialist works closely with IT, network, and security teams to maintain a secure environment, ensuring the confidentiality, integrity, and availability of Beanfield’s critical information systems.

Key Responsibilities:

Governance, Risk & Compliance

• Align cybersecurity practices with compliance frameworks (SOC 2, NIST, CIS-CSC, ISO 27001).
• Map security controls to relevant processes and assets using ServiceNow IRM.
• Assess control effectiveness, identify gaps, and recommend corrective actions.
• Manage and maintain the organizational risk register.
• Provide expertise on risk acceptance, mitigation, and residual risk.
• Support internal and external security audits.
• Develop and deliver a security awareness program.

Vulnerability Management

• Conduct vulnerability assessments across infrastructure, applications, and systems.
• Partner with IT, Network, and Software teams to prioritize and remediate vulnerabilities.
• Maintain the organization’s vulnerability management program.
• Track KPIs such as MTTR, vulnerability aging, and scan coverage.
• Analyze vulnerability trends to recommend long-term security improvements.

Threat Monitoring & Incident Response

• Investigate and respond to cybersecurity incidents in line with the incident management framework.
• Collaborate with teams to lead incident response activities and manage escalations.
• Perform root cause analysis and contribute to problem management.

Security Operations & Continuous Improvement

• Support development and implementation of security policies, procedures, and controls.
• Monitor emerging threats and recommend security enhancements.
• Contribute to ITIL-based continual improvement initiatives.

Security Reporting & Documentation

• Maintain detailed security reports, assessments, and risk analyses.
• Document SOPs, incident response plans, and security policies.
• Provide regular security performance updates to leadership.

Skills & Qualifications:

Required:

• Bachelor’s degree in Cybersecurity, Information Technology, Computer Science, or related field.
• Experience in GRC or Information Security with a focus on compliance and risk management.
• Knowledge of compliance standards (NIST-CSF, CIS Controls, SOC 2) and regulatory frameworks.
• Hands-on experience with GRC/IRM tools (e.g., ServiceNow, Archer, LogicManager).
• Proficiency in vulnerability assessment tools (e.g., Nessus, Qualys, Rapid7, OpenVAS).
• Strong communication skills to convey complex security concepts to technical and non-technical audiences.
• Ability to perform under pressure and adapt to change.

Preferred:

• 5+ years in IT/security roles (Information Security, Network Operations, Systems Operations, Engineering).
• Familiarity with SIEM platforms, firewalls, IDS/IPS, and other cybersecurity tools.
• Experience with ITIL Incident and Problem Management processes.
• Scripting skills (Python, PowerShell, Bash) for automation.
• Experience managing a Security Awareness Training program.
• Certifications, such as ServiceNow CIS – Risk and Compliance, CISA, CISSP, or CISM, ITIL v4 Foundations, or CompTIA Security+

Additional Skills

• Required: Availability for on-call rotation and after-hours response when necessary.
• Preferred: Project/program management experience.

What's in it for you?

• Competitive base salary plus annual bonus based on company and individual performance.
• Permanent, full-time position.
• A comprehensive group insurance plan - medical, dental, vision care with health and lifestyle spending accounts.
• A fantastic parental leave top-up program.

At Beanfield, we are proud to be an equal-opportunity employer.

We are committed to fostering a diverse and inclusive workplace where all qualified applicants are considered for employment without regard to race, color, religion, gender, gender identity or expression, sexual orientation, national origin, genetics, disability, age, or any other protected status.

Beanfield is dedicated to providing access, equal opportunity, and reasonable accommodation for individuals with disabilities in all aspects of employment, as well as in our services, programs, and activities. If you require accommodation during the application or interview process, please contact us at recruitment@beanfield.com.

Please note that candidates must be legally eligible to work in Canada at this time. We regret that Beanfield is unable to sponsor employment Visas.

Please note that all communication regarding recruitment and hiring at Beanfield will come exclusively from email addresses ending in @beanfield.com. We urge candidates to be cautious of any unsolicited messages or offers and to remain vigilant against phishing attempts.