Lead cybersecurity risk assessments, maturity assessments, gap assessments, and control evaluations using frameworks such as NIST CSF, NIST 800-53, ISO 27001:2022, CIS Controls, SOC 2, FedRAMP, and StateRAMP
Identify, assess, measure, and report on cybersecurity, technology, third-party, and privacy risks through security reviews, audits, evaluations, and risk assessments
Develop cybersecurity roadmaps, remediation plans, and target-state operating models aligned with client business objectives and risk tolerance
Assess the effectiveness of cybersecurity programs, governance structures, risk management processes, and technical controls across client environments
Assess and recommend controls related to Identity and Access Management (IAM), Data Protection, Endpoint Security, Security Monitoring, Vulnerability Management, and Zero Trust Architecture
Assist organizations with implementing and monitoring privacy programs to ensure compliance with regulations and standards such as PIPEDA, Quebec Law 25, GDPR, and other applicable privacy requirements
Evaluate security and control requirements for new technologies, cloud implementations, digital transformation initiatives, and emerging technologies, including Artificial Intelligence (AI)
Conduct third-party and vendor security assessments and support supply chain risk management initiatives
Assess incident response, business continuity, disaster recovery, and cyber resilience programs, providing recommendations to improve readiness and response capabilities
Facilitate cybersecurity workshops, risk discussions, and stakeholder interviews
Develop executive-level reports, presentations, dashboards, risk registers, and strategic recommendations for senior leadership and boards
Research, pilot, and implement innovative cybersecurity and privacy solutions tailored to client objectives and business environments
Provide strategic guidance on Governance, Risk, Compliance (GRC), Privacy, and Cybersecurity Program initiatives
Identify opportunities to improve delivery efficiency, methodologies, and client outcomes
Drive the successful completion of cybersecurity engagements while managing project plans, budgets, deliverable schedules, resources, and client expectations
Support proposal development, business development initiatives, thought leadership, and client presentations
Requirements
5-8+ years of experience in cybersecurity, information security, IT risk management, privacy, governance, or cybersecurity consulting
Strong understanding of industry frameworks and standards including NIST CSF, NIST 800-53, ISO 27001, CIS Controls, SOC 2, FedRAMP, and StateRAMP
Experience conducting cybersecurity risk assessments, control reviews, maturity assessments, and compliance assessments
Strong understanding of cybersecurity governance, risk management, and security control frameworks
Experience assessing security controls across cloud, infrastructure, application, and data environments
Excellent written, verbal, presentation, and stakeholder management skills
Experience delivering client-facing consulting engagements and managing multiple concurrent projects
Strong analytical, problem-solving, and project management capabilities
Professional Certifications (One or More Preferred) CISSP, CISM, CRISC, CISA, ISO 27001 Lead Implementer/Lead Auditor, PMP