Cyber Security Supply‑Chain Risk Specialist

Job Description

Company: Bevertec

Location: Montreal, CA

Job Title: Cyber Security Supply‑Chain Risk Specialist

Location: Greater Montreal Area (On‑site)

Contract: 12 months.

Fluent written and spoken English and Spanish (required)

The Cyber Security Supply‑Chain Risk Specialist ensures that third‑party services across North, Central, and South America meet business, regulatory, and cybersecurity standards. This role partners closely with Relationship Managers, Vendor Management, and global security teams to translate vendor due‑diligence findings into effective local mitigation plans, operate continuous‑monitoring programs, and lead third‑party security transformation initiatives.

Key Responsibilities:

Supply‑Chain Risk Management
• Review and understand third‑party services to define appropriate assessment scope using the internal vendor risk questionnaire.
• Conduct third‑party security assessments or collaborate with global teams to ensure assessments are properly scoped and executed.
• Deliver assessment results and documentation in both English and Spanish.
• Evaluate final assessment reports, determine risk ratings (Low/Moderate, Notable, High), and develop practical, locally applicable remediation actions based on the control environment.
• Present findings to business stakeholders, reach agreement on remediation approach, and document action plans in the system of record.
• Perform periodic follow‑ups with service providers to validate remediation progress, address emerging threats, and track open action items.

Transformation & Projects
• Develop a strong understanding of business priorities, key initiatives, and future programs, ensuring alignment with cybersecurity leadership and enterprise strategy.
• Lead initiatives and deliverables within the information security and third‑party risk domains.
• Manage end‑to‑end delivery of third‑party and information security projects, including design, development, testing, implementation, and ongoing operations.
• Identify opportunities for automation and process optimization through data analysis.

Operational Efficiency & Reporting
• Promote and support automation of repetitive and complex data‑management tasks across information security functions.
• Perform Extract, Transform, and Load (ETL) activities across mixed technical environments to support risk and performance analytics.
• Design, maintain, and enhance KPI dashboards to monitor third‑party risk posture and drive continuous improvement.

Required Qualifications

Experience
• Minimum 6 years of experience in information security, cyber risk, or risk management
• At least 2 years delivering security or technology‑risk projects

Education
• Bachelor’s degree in Computer Science, Information Security, Engineering, or equivalent professional experience

Technical Skills
• Experience with third‑party risk and security frameworks (e.g., NIST CSF, ISO 27001, SIG)
• Strong familiarity with security questionnaires (SIG, CAIQ)
• Basic scripting skills (PowerShell, Python, or equivalent)
• Experience with ETL and data‑analysis tools (SQL, Alteryx, Python/pandas)

Languages
• Fluent written and spoken English and Spanish (required)

Certifications (Preferred)
• CISSP, CISA, CRISC, or Certified Third‑Party Risk Professional (CTPRP)

Soft Skills
• Strong written and verbal communication skills
• Ability to clearly convey complex security concepts to diverse stakeholders
• Excellent stakeholder‑management and collaboration skills
• High attention to detail, adaptability, and strong documentation practices

Other Requirements
• Legal authorization to work in the Greater Montreal area (no sponsorship available)
• Ability to work on‑site as an essential function of the role

Preferred Qualifications
• Project‑management experience delivering IT or cybersecurity initiatives in a regulated or banking environment
• Prior internal or external audit experience
• Experience assessing cloud services (IaaS, PaaS, SaaS)

Note: AI-enabled tools may be used to sort applications based on job-related criteria. All AI generated results are vetted by our team and the decision of which candidates move forward is always made by a human

Source: LinkedIn