We are looking for an experienced IT security consultant to perform technical security risk assessment on various systems, applications and IT projects, following the organization's standard security Threat and Risk Assessment (TRA) methodology. This is a contract position for a period of six months, reporting to the Director Information Security Governance, Risk management and Compliance.

Essential Functions:

  • Perform TRA for a list of IT systems—Analyze new systems, application and software in scope and identify security risks related to these systems
  • Perform manual, semi-automated or fully automated testing, including manually testing systems’ default settings and configurations, as well as using scanning tools
  • Determine technical and non-technical recommendations to address any identified risks with these systems
  • Document the results of the systems’ analysis, risks identified and recommendations in a TRA report
  • Communicate with internal and external stakeholders as necessary when conducting security TRAs, to gather information and clarify specific recommendations
  • Other duties as assigned


Required Experience, Skills and Abilities

  • Minimum three years of experience conducting security TRAs
  • Minimum five years of IT and security experience with exposure to a broad range of technologies, including networking, enterprise applications (either cloud-based, web-based, client-based or multi-tier), network domain, operating system, servers and databases.
  • Minimum two years of experience with the security of Microsoft Azure and Office365
  • Strong analytical and technical abilities to analyze system documentation, to directly test systems, including by using manual, semi-automated and fully automated testing procedures, and to identify security risks.
  • Up to date knowledge of existing and emerging threats, with a deep understanding of various attack vectors and commonly used tools and techniques to exploit vulnerabilities, default settings and unsecure systems configurations.
  • Experience in providing balanced and risk-based security recommendations
  • Ability to clearly articulate risks and recommendations in a formally documented report.
  • High-level of attention to detail and accuracy
  • Outstanding oral and written communication skills
  • Excellent interpersonal relationship skills
  • High degree of personal initiative and maturity with an ability to work with minimal supervision
  • Ability to prioritize tasks effectively, respect deadlines, and report any issues or conflict in the performance of operational activities, and the planning and scheduling of tasks and projects

Professional Security Certifications as follows are an asset:

  • CompTIA Security+
  • CEH

All offers of employment are conditional upon the satisfactory verification of a Canadian criminal record check. Determination of the factors that constitute satisfactory verification is within the sole discretion of Bennett Jones.

This position will remain open until a suitable candidate is found.

Bennett Jones is committed to the health, safety, and well-being of our Firm members. Effective October 1, 2021, Bennett Jones will require all Firm members to be fully vaccinated against COVID-19, in accordance with public health guidance, prior to entering the workplace, attending a firm sponsored event, attending at a client's workplace or travelling on Firm business. Bennett Jones welcomes applications from all applicants, including applicants who may requires a specific accommodation because of a disability or another protected ground. Any applicant requiring accommodation during the application process should contact email noted above.

Apply Here


Calgary, AB

Employment Type
Full Time

Posted on October 07, 2022