Job Information
Sobeys Senior Cyber Security Specialist in Mississauga, Ontario
Requisition ID: 189040
Career Group: Corporate Office Careers
Job Category: Cyber Security GRC
Travel Requirements: 0 - 10%
Job Type: Full-Time
Country: Canada (CA)
Province: Nova Scotia; Alberta; Ontario
City: Dartmouth / Stellarton / Calgary / Mississauga
Location: Tahoe Office, Calgary Office, Dartmouth Office, Foord St. Office
Embark on a rewarding career with Sobeys Inc., celebrated among Canada’s Top 100 employers, where your talents contribute to our commitment to excellence and community impact.
Our family of 128,000 employees and franchise affiliates share a collective passion for delivering exceptional shopping experiences and amazing food to all our customers. Our mission is to nurture the things that make life better – great experiences, families, communities, and our employees. We are a family nurturing families.
A proudly Canadian company, we started in a small town in Nova Scotia but we are now in communities of all sizes across this great country. With over 1,600 stores in all 10 provinces, you may know us as Sobeys, Safeway, IGA, Foodland, FreshCo, Thrifty Foods, Lawtons Drug Stores or another of our great banners but we are all one extended family.
Ready to Make an impact?
Sobeys is full of exciting opportunities, and we are always looking for bright new talent to join our team! We currently have a full-time opportunity for a Senior Cyber Security Specialist. This role can be based out of one our main offices including: Stellarton, NS; Mississauga, ON.
Here’s where you’ll be focusing:
Senior Cyber Security Specialist – GRC | TPRM
Responsibilities:
Lead the execution and continuous improvement of the Third-Party Risk Management (TPRM) program.
Manage and triage the intake process for third-party cybersecurity assessments, ensuring timely and efficient handling of requests from business units.
Collaborate closely with procurement, legal, privacy, enterprise risk, and business stakeholders to evaluate and onboard vendors in alignment with cybersecurity and risk requirements.
Conduct thorough cybersecurity risk assessments of third-party vendors and service providers, including cloud and SaaS providers.
Review and assess third-party control documentation (e.g., SOC 2, ISO 27001, SIG, CAIQ) to determine adequacy and alignment with organizational risk tolerance.
Drive risk remediation activities by working with third parties and internal stakeholders to address identified gaps or weaknesses.
Maintain a centralized inventory of critical third-party relationships, including risk ratings and assessment statuses.
Monitor the threat landscape for third-party-related risks, emerging vulnerabilities, or data breaches.
Contribute to the development and refinement of TPRM policies, standards, procedures, and assessment tools.
Develop, monitor, and report on KPIs and KRIs related to third-party risk management to ensure program effectiveness and alignment with enterprise risk objectives.
Create dashboards and regular reports for leadership and governance committees, tracking assessment completion rates, remediation timelines, vendor risk tiering, and emerging threats.
Analyze KPI trends to identify areas for program improvement and provide recommendations for process optimization.
Act as a key liaison between cybersecurity and other departments to ensure third-party risk considerations are embedded into procurement, contracting, and business planning processes.
Support internal and external audit activities related to third-party cybersecurity risks.
Demonstrate strong attention to detail when reviewing assessment documentation, tracking vendor statuses, and recording risk decisions.
Ensure the accuracy, completeness, and consistency of risk assessments and related documentation, maintaining high-quality standards across all deliverables.
Support the Manager, Cybersecurity GRC, with tasks related to Enterprise and IT Risk Management and broader GRC initiatives.
What you have to offer:
Requirements:
5+ years of experience in cybersecurity, risk management, or IT audit, with at least 3 years focused on third-party/vendor risk.
A professional designation in information security, control, or governance (e.g., CISA, CISSP, CRISC, CTPRP) is desirable.
University degree in Computer Science, Information Security, Risk Management, or a related field.
Strong working knowledge and experience with IT risk frameworks and standards such as NIST, ISO 27001, SIG, and CSA CCM.
Proficient in assessing cybersecurity controls and identifying gaps in third-party environments.
Proven experience in writing cybersecurity and risk policies, procedures, and assessment reports.
Experience using third-party risk management platforms (e.g., ServiceNow, Archer, OneTrust, ProcessUnity, BitSight, or similar).
Excellent analytical, communication, and interpersonal skills, with the ability to influence and collaborate across cross-functional teams.
At Sobeys we require our teammates to have the ability to adhere to a hybrid work model that requires your presence at one of our office locations at least three days per week. This requirement is integral to our commitment to team collaboration and the overall success of our office culture.
We offer a comprehensive Total Rewards package, which varies by role and designed to help our teammates to live better – physically, financially and emotionally.
Some websites share our job opportunities and may provide salary estimates without our knowledge. These estimates are based on similar jobs and postings for general comparison, but these numbers are not provided by our organization nor monitored for accuracy.
We will consider factors such as your working location, work experience and skills as well as internal equity, and market conditions to ensure the selected candidate is paid fairly and competitively. We look forward to discussing the specific compensation details relevant to this role with candidates who are selected to move forward in the recruitment process.
Our Total Rewards programs, for full-time teammates, goes well beyond your paycheque:
Competitive Benefits Package, tailored to meet your needs, including health and dental coverage, life, short- and long-term disability insurance.
Access to Virtual Health Care Platform and Employee and Family Assistance Program.
A Retirement and Savings Plan that provides you with the opportunity to build and add value to your savings.
A 10% in-store discount at our participating banners and access to a wide range of other discount programs, making your purchases more affordable.
Learning and Development Resources to fuel your professional growth.
Parental leave top-up
Paid Vacation and Days-off
We are committed to accommodating applicants with disabilities throughout the hiring process and will work with applicants requesting accommodation at any stage of this process.