Cybersecurity Risk & Controls Associate

Meaningful workyoullbe part of

As a Cyber Controls Associateyoullwork as part of a highly skilled team of problem solvers bridging the gap between deep technical risk and enterprise strategy. Responsibilities include but are not limited to:

• Support cybersecurity assessments: Evaluate client capabilities against leading industry frameworks: NIST CSF NIST 800-53 ISO 27001 COBIT CIS Controls SOC 2; toidentifycontrol gaps assess risk maturity and architect actionable remediation roadmaps withprioritization clearlylinked to business impact and regulatory exposure.

• Enable secure cloud transformations:Supportonrisk identification and security control integration as part of large-scale cloud migrations and transformations. Apply knowledge of cloud security principles shared responsibility models governance frameworks and security architecture across Azure AWS andGCP;including cloud-native security services container and Kubernetes security infrastructure-as-code (IaC) review and CSPM tooling.

• Apply AI security fundamentals: Support the safe adoption of artificial intelligence across client organizations using leading risk management frameworks: NIST AI RMF ISO 42001 OWASP Top 10 for LLMs MITRE ATLAS and Canadas Artificial Intelligence and Data Act (AIDA). Assess GenAI risks including prompt injection data poisoning model inversion adversarial attacks and supply chain vulnerabilities in AI/ML pipelines. Help clients develop AI-specific governance controls and usage policies.

• Manage IT and business process controls: Perform and support audits risk management and assurance reviews over large technology transformation initiatives IT general controls (ITGCs) application controls data privacy programs and regulatory compliance mandates (OSFI B-13 PIPEDA SOX IT PCI DSS). Document control testing evidence findings and management action plans with therigourexpected by external regulators and audit committees.

• Conduct vulnerability and threat assessments: Support vulnerability assessments threat modelling exercises (STRIDE PASTA MITRE ATT&CK) attack surface analyses and control gap assessments. Translate technical threat intelligence into risk-ranked remediation plans aligned to client risk appetite and sector-specific threat profiles.

• Drive executive conversations and stakeholder management: Translate complex technical security vulnerabilities into clear quantifiable business impacts. Facilitate risk workshops manage project governance gather technical requirements and confidently presentviablesecurity solutions to diverse client stakeholder groupsfrom security architects and engineers to C-suite executives and board-level audiences.

• Optimize withautomation and AI: Leverage AI tools scripting and automation to streamline security assessments control mapping evidence collection and continuous risk monitoring. Develop reusable templates accelerators and tools that improve team efficiency and ensure consistent engagement quality.

• Support business development and thought leadership: Contribute to proposals RFP responses client presentations and PwCs proprietarymethodologydevelopment. Participate in the creation of market-facing thought leadership in cybersecurity and AI security that positions PwC as Canadas leading cyber advisor.

• Stay ahead of the curve: Continuously research the shifting regulatory and threat landscape;monitoringemerging risks such as GenAI-enabled cyberattacks quantum cryptography threats OT/ICS vulnerabilities and evolving privacy regulation across Canada and globally. Apply relentless curiosity to learn new capabilities and actively share insights across the team and client base.

• Deliver high performance:Demonstrateclear vision open communication collaboration and accountability to deliver exceptional quality to clients and a rewarding experience for peers. Activelycontributesto PwCs culture of inclusion continuous learning and professional excellence.

Experiences and skillsyoulluse to solve

• Hands-on experience in cybersecurity IT risk technology assurance or digital risk managementgained in a consulting professional services or in-house cybersecurity environment.

• Deep understanding and hands-on experience in at least three of the following cybersecurity domains:

• Threat Management & Threat Intelligence

• Risk Assessment & Cyber Risk Quantification (FAIRmethodologyis a plus)

• Data Security & Privacy (PIPEDA GDPR CCPA provincial privacy legislation)

• Network & Infrastructure Security

• Application Security & Secure SDLC

• Vulnerability Management & Penetration Testing

• Cloud Security (AWS Azure GCP)

• Identity & Access Management (IAM / PAM / Zero Trust Architecture)

• Security Governance Risk & Compliance (GRC)

• OT/ICS or Critical Infrastructure Security

• Working knowledge and hands-on application of leading cybersecurity and AI security frameworks: NIST CSF NIST 800-53 ISO 27001 ISO 42001 NIST AI RMF SOC 2 CIS Controls v8 COBIT 2019 PCI DSS v4.0 and MITRE ATT&CK.

• Cybersecurity & Risk Credentials:Foundational (CompTIA SecurityCySA ISC2 CC); Audit & Assurance (ISACA CISA Associate/In Progress CRISC CISM); Cloud Security (AWS Security Specialty Microsoft AZ500/SC200/SC300 Google PCSE ISC2 CCSP CompTIA Cloud); AI Security & Governance (ISACA AAIA ISO 42001 Lead Implementer/Auditor IAPP AIGP)

• Demonstrated curiosity and growing knowledge of AIsecurity;including generative AI risks LLM vulnerabilities (OWASP LLM Top 10) model governance AI ethics frameworks and Canadas AIDA regulatory landscape. Youdontneed to be an AI expert yetbut you need to be actively learning.

• Proven ability to map technical controls to security frameworks and compliance standards and to translate those findings into business-impact language for executive and board-level audiences.

• Hands-on technical experience in cloud or on-premises security cloud security audits or cloud infrastructure design (Azure AWS GCP) is a strong asset.

• Experience using security tools in one or more categories: SIEM platforms (Splunk Microsoft Sentinel) vulnerability scanners (Tenable Qualys) GRC tools EDR/XDR solutions or cloud security posture management (CSPM) platforms.

• Strong presentation communication and stakeholder management skillsyou are comfortable and confident stepping into a room to articulate complex technical risks to both technical engineers and non-technical business leaders.

• Analytical mindset: ability to structure ambiguous problems synthesize large volumes of information and develop clear evidence-based recommendations under time pressure and in complex multi-stakeholder environments.

• PwC Canada is committed to cultivating an inclusive hybrid work environment. Exact expectations for your team can be discussed with your interviewer.

This newly created role reflects our commitment to growth and delivering distinctive value for our clients and stakeholders.

The salary range for this position is $46600 - $77600. The posted salary rangerepresentsthe expected hiring range for PwC locations in major city centres. Given our national recruiting approach ranges may vary for positions in other locations. At PwC Canada base salary isdeterminedby your skills experiencequalificationsand work addition to base salary eligible employees may have opportunities toparticipatein variable incentive pay programs which are designed to reward individual and firm-wide achievements. We are committed to offering competitive compensation and adhere to all relevant pay transparency legislation. During the hiring process our Talent Acquisition team will provide details about our comprehensive total rewards package.

Whyyoulllove PwC

Wereyoullbe a part of diverse teams helping public and private clients build trust and deliver sustained outcomes. This meaningful work and our continuous development environment will take your career to the next level. We reward your impact and support your wellbeing through a competitive compensation package inclusive benefits and flexibility programs that will help you thrive in work and life. Learn more about our Application Process and Total Rewards Package at: Canada acknowledges that we work and live across Turtle Island on the land that is now known as Canada which are the lands of the ancestral treaty and unceded territories of the First NationsMétisand Inuit Peoples. We recognize the systemic racismcolonialismand oppression that Indigenous Peoples have experienced and still go through and we commit to allyship and solidarity.