Job Description

Job Category: Compliance
:
Position Summary:
The Senior Risk Specialist, Cybersecurity plays a key role in identifying, assessing, and managing cybersecurity risks across the organization. This individual will support the ongoing maturity of the cybersecurity risk management program, ensuring alignment with business objectives, regulatory obligations, and industry best practices.
Requiring deep expertise in cybersecurity frameworks and risk management principles, this role provides actionable insights to guide risk-informed decision-making and strengthen the organization's overall security posture. The ideal candidate is analytical, collaborative, and capable of driving continuous improvement within a dynamic enterprise environment.
Key Accountabilities:
Risk Assessment & Analysis

• Lead comprehensive cybersecurity risk assessments across business units, applications, and infrastructure environments.
• Develop risk treatment plans in collaboration with control owners and track remediation progress.

Risk Management Framework

• Participate in the identification, documentation, and implementation of cybersecurity controls aligned with risk assessments and industry frameworks (NIST CSF, ISO 27001, SOC 2, CIS Controls, etc.).
• Support the implementation and maintenance of the organization's cybersecurity risk management framework.
• Contribute to the ongoing evolution and refinement of the Cybersecurity Risk Management function, identifying opportunities for improvement and automation.
• Maintain the enterprise risk register, ensuring risks are accurately rated, tracked, and reported.

SOC 2 & Compliance

• Support annual SOC 2 Type 2 audits and compliance activities by collecting evidence, monitoring controls, coordinating with auditors, and ensuring adherence to applicable regulations.

Third-Party Risk Management (TPRM)

• Manage vendor risk by conducting due diligence (new and existing vendors/sub-processors), assessing risk levels, documenting findings, tracking remediation efforts, and maintaining the Cybersecurity risk register. Conduct vendor due diligence and ongoing assessments for new and existing third parties and sub-processors.
• Evaluate vendor security posture, identify risks, and document findings.

Collaboration & Communication

• Work collaboratively with internal teams (e.g., business, IT, Legal, Compliance) and external partners to identify and assess cybersecurity risks, and to manage the organization's overall risk posture.

Audit Support

• Participate in the testing of design and operating effectiveness of controls, documenting results and recommending corrective actions.

Reporting & Documentation

• Prepare clear and concise reports for leadership, summarizing risk assessments, mitigation plans, and control effectiveness.

Qualifications & Experience:

• Ability to obtain registration as a Category 1 Gaming Assistant with the Alcohol and Gaming Commission of Ontario is a condition of employment for a successful applicant.

Education

• A post-secondary education in Cybersecurity, Information Technology, Computer Science, Business, or a related discipline, or an equivalent combination of education, training, and practical experience.

Technical Skills

• Strong understanding of cybersecurity principles, including identity and access management (IAM), network and endpoint security, vulnerability management, and cloud security fundamentals.
• Practical experience assessing and interpreting technical controls across IT infrastructure, applications, and cloud environments (e.g., Microsoft 365, Azure, AWS, or equivalent).
• Working knowledge of security architectures and configurations, including firewalls, encryption, authentication, and logging mechanisms.
• Experience conducting or supporting technical risk assessments, translating technical vulnerabilities into business impact.
• Familiarity with cybersecurity frameworks (NIST CSF, ISO 27001, CIS Controls, SOC 2, etc.) and applying them to real-world environments.
• Ability to review and interpret vulnerability scan results, configuration baselines, or audit evidence with a risk-based mindset.
• Experience with risk assessment and reporting tools, dashboards, and GRC platforms (e.g., Archer, ServiceNow GRC, OneTrust, Power BI, Tableau, Excel).
• Understanding of data protection and privacy obligations (e.g. PIPEDA) and their intersection with cybersecurity controls.
• Strong analytical and problem-solving skills with the ability to balance technical and business considerations.
• Excellent communication and presentation abilities - able to explain complex technical risks in clear business terms.
• Familiarity with development and design of APIs is a plus.

Communication & Leadership

• Ability to translate complex technical risks into clear, concise business insights and influence decision-making at various levels.
• Strong communication, interpersonal, and presentation skills.

Certifications (Preferred)

• Professional certifications such as CISA, CRISC, or CISSP are highly desirable.

About Us:
GREAT ENTERTAINMENT. GREAT PEOPLE. GREAT INVESTMENT. GREAT CANADIAN.
Since our inception in 1982, Great Canadian has grown to be one of the largest and most dynamic gaming and entertainment companies in Canada. With 25 properties across Ontario, British Columbia, Nova Scotia, and New Brunswick, our facilities include over 16,000 slot machines, 575 table games, 71 dining amenities and over 500 hotel rooms. Working closely alongside our crown agency partners, our team of ~8,000 strive to offer the very best gaming, entertainment, dining, and hospitality experiences.
Our Vision is to be the leading gaming, entertainment, and hospitality company in our chosen markets by providing superior entertainment value and exceptional experiences.
Our Mission is to provide outstanding experiences to our guests, rewarding opportunities for our team, and superior value to our shareholders.
What's in it for you?

• We have an inclusive and collaborative working environment that encourages creativity, curiosity, and celebrates success!
• We provide you with the tools and technology needed to delight your clients!
• You'll get to work with and learn from diverse industry leaders, who have hailed from top organizations around the world.
• Freedom to Innovate: supports new and better ways to be successful.
• Be your Authentic Self: environment that values diversity as a source of strength.
• This isn't your typical "corporate" job. We work hard and we have fun!

The only thing we don't play games with.....is your career!
Great Canadian Entertainment is committed to promoting an inclusive, accessible environment, where all employees and customers feel valued, respected, and supported. We are dedicated to employing a workforce that reflects the diversity of our communities in which we live and serve.
Qualified applicants will receive consideration without regard to race, color, religion, sex, national origin, age, sexual orientation, gender identity, gender expression, or disability.
Please note that due to the volume of applications, only those under consideration will be contacted for an interview.
Thank you for your interest in Great Canadian Entertainment!

Skills Required