1

Cyber Security Risk Management Jobs in Toronto, ON

We navigate the dynamic risk landscape across the areas of risk management, confidentiality & privacy, cyber security oversight, regulatory, independence & conflicts, and Anti-Corruption/financial ...

This is an exciting opportunity for an experienced information security professional who thrives at the intersection of cybersecurity, cloud technologies, risk management, and business enablement

Lead internal and external technology risk, cybersecurity, and ITGC audits, including stakeholder coordination, assurance requests, response management, and deliverable quality review. * Drive ...

... Risk Management (IRM). This role will provide technical and functional leadership to ensure scalable, secure, and sustainable solutions that align with enterprise governance, cybersecurity, risk, and ...

Risk Management * Conduct risk assessments of IT infrastructure, applications, third parties, and critical processes to identify, assess and report on technology and cybersecurity risks * Track and ...

Risk Management * Conduct risk assessments of IT infrastructure, applications, third parties, and critical processes to identify, assess and report on technology and cybersecurity risks * Track and ...

next page

Showing results 1-20

Cyber Security Risk Management information

See Toronto, ON salary details

$26.7K

$112.6K

$163.2K

How much do cyber security risk management jobs pay per year?

As of Jul 15, 2026, the average yearly pay for cyber security risk management in Toronto, ON is $112,640.00, according to ZipRecruiter salary data. Most workers in this role earn between $93,048.00 and $134,084.00 per year, depending on experience, location, and employer.

What are the key skills and qualifications needed to thrive as a Cyber Security Risk Management professional, and why are they important?

To thrive in Cyber Security Risk Management, you need a solid understanding of risk assessment methodologies, information security frameworks (such as ISO 27001 or NIST), and often a relevant degree or certification like CISSP or CISM. Familiarity with security tools, vulnerability assessment platforms, and risk management software is typically required. Strong analytical thinking, attention to detail, and effective communication are crucial soft skills for identifying threats and conveying risk to stakeholders. These skills ensure that organizations can proactively manage and mitigate cyber threats, safeguarding critical assets and maintaining compliance.

What is cyber security risk management?

Cyber security risk management is the process of identifying, assessing, and prioritizing risks to an organization's information systems and data. It involves evaluating potential threats and vulnerabilities, determining the likelihood and impact of these risks, and implementing measures to mitigate or manage them. Effective risk management helps organizations protect sensitive data, ensure regulatory compliance, and minimize the impact of cyber attacks. This process is ongoing and adapts to new threats and changes in technology.

What is the difference between Cyber Security Risk Management vs Cyber Security Analyst?

AspectCyber Security Risk ManagementCyber Security Analyst
CertificationsCompTIA Security+, CISSP, CISMCompTIA Security+, CEH, CISSP (preferred)
Work EnvironmentPolicy development, risk assessment, strategic planningMonitoring security systems, incident response, vulnerability analysis
Employer & Industry UsageOrganizations focusing on risk mitigation and complianceOrganizations implementing and maintaining security measures

Cyber Security Risk Management professionals focus on identifying, assessing, and mitigating security risks at an organizational level, often involved in policy and strategy. Cyber Security Analysts primarily monitor security systems, analyze threats, and respond to incidents. While both roles require similar certifications and work within the same industry, their core responsibilities differ: risk managers develop strategies, whereas analysts execute security measures and respond to threats.

What does a cyber risk manager do?

A cyber risk manager assesses and prioritizes cybersecurity threats to an organization, develops strategies to mitigate risks, and implements security policies. They often use tools like risk assessment frameworks and require certifications such as CISSP or CISM to effectively manage security risks in a dynamic environment.

What are some typical challenges faced by professionals in Cyber Security Risk Management, and how can they be addressed?

Professionals in Cyber Security Risk Management often encounter challenges such as staying updated with rapidly evolving threats, balancing security needs with business objectives, and ensuring compliance with various regulations. Addressing these challenges requires continuous learning, effective communication with stakeholders, and the implementation of robust risk assessment frameworks. Collaboration with IT, legal, and business teams is essential to develop practical security policies that protect assets without hindering operations.

Can you make $500,000 a year in cyber security?

Cyber security risk management professionals can potentially earn $500,000 or more annually, especially at senior levels, in leadership roles, or with extensive experience and specialized certifications like CISSP or CISM. High salaries are often associated with executive positions, consulting, or working for large organizations with complex security needs.

Can I make $200,000 a year in cyber security?

Cyber Security Risk Management professionals can potentially earn $200,000 or more annually, especially with extensive experience, advanced certifications like CISSP or CISM, and roles in high-demand sectors or leadership positions. Salaries vary based on location, company size, and individual expertise, but high-level cybersecurity roles often reach or exceed this income level.

Is security risk management a good career?

Security risk management is a valuable career in cybersecurity, focusing on identifying and mitigating potential threats to an organization’s information systems. It often requires knowledge of security frameworks, risk assessment tools, and certifications like CISSP or CISM, and offers strong job growth and demand across various industries.
What are popular job titles related to Cyber Security Risk Management jobs in Toronto, ON? For Cyber Security Risk Management jobs in Toronto, ON, the most frequently searched job titles are:
What job categories do people searching Cyber Security Risk Management jobs in Toronto, ON look for? The top searched job categories for Cyber Security Risk Management jobs in Toronto, ON are:
What cities near Toronto, ON are hiring for Cyber Security Risk Management jobs? Cities near Toronto, ON with the most Cyber Security Risk Management job openings:
Project Program Cybersecurity Manager

Project Program Cybersecurity Manager

Alstom

Toronto, ON • Hybrid

Other

Medical, Life, Retirement

Re-posted 15 days ago


Alstom rating

7.5

Company rating: 7.5 out of 10

Based on 49 frontline employees who took The Breakroom Quiz

225th of 430 rated machine equipment manufacturers


Job description

Req ID:479868 

At Alstom, we understand transport networks and what moves people. From high-speed trains, metros, monorails, and trams, to turnkey systems, services, infrastructure, signalling and digital mobility, we offer our diverse customers the broadest portfolio in the industry. Every day, more than 80 000 colleagues lead the way to greener and smarter mobility worldwide, connecting cities as we reduce carbon and replace cars.
Could you be the full-time hybrid Project Program Cybersecurity Manager in Toronto, ON, CA we're looking for? 

Your future role 
Take on a new challenge and apply your cybersecurity and engineering expertise in a new cutting-edge field. You'll work alongside innovative and collaborative teammates. You'll play a key role in shaping the cybersecurity framework of critical transportation systems, ensuring safety and resilience in a rapidly evolving industry. Day-to-day, you'll work closely with teams across the business (engineering, project management, and external auditors), manage cybersecurity risks and vulnerabilities, and much more. 
We'll look to you for:

  •  Analyzing Program security needs (including laws and regulations), determining security objectives and main security risks strategy
  • Planning security activities within development life cycle, estimating costs and duration, their impacts related to program execution, Identifying training needs
  • Responsible for Cost / Quality / Delay of Program Cybersecurity deliverables, as needed per Project / program context :  
  • Cybersecurity context, and Cybersecurity Risk Analysis
  • Cybersecurity Architecture definition and requirement allocation
  • Cascading of requirement to suppliers, Manage Third Parties Risks,
  • Application of Cybersecurity Assurance Level
  • Definition of Cybersecurity Operating Procedures
  • Evaluation of the Project/Program achieved Cybersecurity level
  • Providing support during technical design meetings for cybersecurity activities
  • Obtaining agreement from Program/Customer about on the set of security measures to be implemented
  • Managing vulnerabilities and Cybersecurity issues and actions plan,
  • Managing Program Cybersecurity related communication,
  • Reporting on Program Cybersecurity status
  • In case of external Cybersecurity audit, managing the relationship with auditors Establish lessons learned
  • Promoting the Alstom Code of Ethics and adhering to the highest standards of ethical conduct 
     

Performance measurements 

  • No "NO GO" for Cybersecurity reasons in Gate Reviews
  • Quality of Cybersecurity deliverables, in time
  • Achievement of Program targeted level of Cybersecurity
  • Assessment findings: Low rework due to external or internal assessments
  • Vulnerability management is in place
  • Respect of Cybersecurity activities QCD commitment
  • Cybersecurity issues/incident resolution 

All about you
We value passion and attitude over experience. That's why we don't expect you to have every single skill. Instead, we've listed some that we think will help you succeed and grow in this role:

  • Experience with direct responsibility for hands on architecture, design, development (mandatory)
  • Experience related to Cybersecurity in general, deployment experience of security technologies (mandatory)
  • Experience with Project Management (mandatory)
  • 8+ years of proven experience delivering safety critical systems (mandatory)
  • 3-5 years of experience using standards including IEC-62443, CLC/TC 50701, APTA and other standards (mandatory)
  • Experience performing cybersecurity analysis on Industrial Control Systems  (mandatory)
  • Experience with conducting cyber certification for Industrial Control Systems in a lead role (mandatory)
  • Experience in embedded or OT/ Industrial systems (railway/aeronautics)
  • P.Eng certified
  • Experience performing cybersecurity analysis on passenger rail systems
  • Experience with conducting cyber certification for rapid transit systems in a lead role 

Competencies & Skills  

  • Engineering Background
  • Knowledge of main Cybersecurity standards and regulations, such as: ISO 2700X, 62443, NIST, APTA
  • Knowledge of some Cybersecurity solutions and areas
  • Methods of Cybersecurity risk analysis
  • Architecture concepts and techniques of systems and networks, operating systems and associated programming languages.
  • Knowledge of the main techniques for evaluating systems security
  • Certification in cybersecurity like CISSP/CISM/CEH/GICSP/CompTIA Security+ 

Things you'll enjoy 

Join us on a life-long transformative journey - the rail industry is here to stay, so you can grow and develop new skills and experiences throughout your career. You'll also:

  • Collaborate with transverse teams and helpful colleagues ,
  • Work with cutting-edge cybersecurity standards and technologies to secure critical transportation systems,
  • Utilise our inclusive, innovative, and forward-thinking working environment,
  • Contribute to innovative projects,
  • Benefit from our investment in your development, through award-winning learning,
  • Benefit from a fair and dynamic reward package that recognises your performance and potential, plus comprehensive and competitive social coverage (life, medical, pension) 

You don't need to be a train enthusiast to thrive with us. We guarantee that when you step onto one of our trains with your friends or family, you'll be proud. If you're up for the challenge, we'd love to hear from you!

Important to note

As a global business, we're an equal-opportunity employer that celebrates diversity across the 63  countries we operate in. We're committed to creating an inclusive workplace for everyone.


What Alstom employees say

Pay

Benefits

Hours and flexibility

Workplace

Get the full story on Breakroom