Cybersecurity Risk & Controls Senior Associate

The Opportunity:

As a Senior Associateunlock your potential and embrace the chance to drive meaningful outcomesthatllelevate your career. Your role will include butisntlimited to:

• Lead cybersecurity assurance engagements: Own the day-to-day delivery of cybersecurity assessments security architecture reviews and control gap analyses againstleading cybersecurity frameworks suchNIST CSF NIST 800-53 ISO 27001and more. Develop technicallystrongfindings and remediation roadmaps tied clearly to business impact and regulatory exposure and present conclusions to senior client stakeholders with confidence and clarity.

• Drive AI security engagements: Lead both technical security reviews and governance assessments of AI implementations and deployments. Conduct hands-on testing of AI/ML systems includingoverall AI architecture reviewsprompt injection testing input/output validation API security review data pipeline integrity and infrastructure hardening for AI workloads. Apply NIST AI RMF ISO 42001 OWASP Top 10 for LLMs MITRE ATLAS and CanadasRegulatoryframeworks (AIDA OSFI E-23)to help clients govern AI responsibly and securely. Develop AI-specific control frameworks and board-level risk reporting for organizations deploying GenAI at scale.

• Hands-on cloud security experience: ability to assess cloud security architecture misconfiguration risk identity controls data protection and compliance posture across AWS Azure or GCP. Experience with cloud-native security servicesIaCsecurity review container security and CSPM tooling is strongly preferred.

• Hands-on IAM security experience: ability to assess identity and access management programs including role-based access control privileged access management (PAM)federationand SSO and zero trust network access (ZTNA). Experienceidentifyingentitlement risks toxic access combinations and least-privilege gaps in enterprise environments is a strong asset. Familiarity with IAM controls specific to AI environmentsincluding service account governance model accesscontrols API key management and least-privilege enforcement for AI workloads and data pipelines is a differentiator.

• Hands-on data security experience: ability to assess and advise on data classification data loss prevention (DLP) encryption controls data residency requirements and secure data lifecycle management. Experience with privacy-enhancing technologies data access governance and regulatory compliance programs (PIPEDA GDPR provincial privacy legislation) is strongly preferred. Familiarity with data security controls in AI and cloud environmentsincluding training data protection sensitive data handling in ML pipelines and data minimization practices for GenAI systemsis a strong asset.

• Lead cybersecurity strategy development: Design and deliver strategy engagements including security operating model design zero trust architecture roadmaps cyber risk quantification programs board-level risk reporting frameworks and third-party risk programs. Translate strategic recommendations into implementation-ready plans with clear ownership timelines and success metrics.

• Execute and oversee threat and vulnerability programs: Lead vulnerability assessments threat modelling exercises (STRIDE PASTA MITRE ATT&CK) penetration test scoping and management and attack surface analyses. Translate technical outputs into business-language risk narratives and prioritized remediation roadmaps calibrated to client sector and risk appetite.

• Own client relationships and stakeholder management: Serve as the day-to-day point of contact for client stakeholders. Facilitate executive workshops manage projectgovernanceand scope and navigate difficult conversations with confidence and professionalism. Build enduring client relationships that generate trust repeat business and expanded mandates and proactively look for opportunities to deepen PwCs presence within each account while contributing to a positive and collaborative team culture throughout.

• Mentor and develop team members: Take active responsibility for the growth of Associates on your engagements. Review deliverables for quality provide direct and constructive feedback and coach on both technical and consulting skills to create an environment where junior team members are stretched supported and set up to succeed.

• Optimizewith automation and AI: Champion the use of AI tools scripting and automation within engagements to accelerate evidence collection control mapping continuous monitoring and reporting. Develop reusable templates and accelerators that improve team efficiency and ensure consistent high-quality delivery across engagements.

• Contribute to practice growth and business development:Identifyscope expansion opportunities within active client accounts and contribute to proposals RFP responses and pitch presentations with a clear point of view on solution approach and differentiation. Develop reusable methodologies and engagement accelerators that sharpen PwCs competitive edge in the market.

• Stay ahead of the curve: Monitor and synthesize emerging threat intelligence regulatory developments (OSFI B-13 PIPEDA NIST EU AI Act) and AI security innovations. Bring fresh relevant insight to every client conversation share findings across the team and continuously sharpen PwCs methodologies and service offerings.

• Deliver high performance:Demonstrateclear vision open communication collaboration and accountability to deliver exceptional quality to clients and a rewarding experience for peers. Actively contributes to PwCs culture of inclusion continuous learning and professional excellence.

What Youll Bring:
Your skills knowledge and experiences are what set you apart.Hereswhat we look for:

• Progressive hands-on experience in cybersecurity consulting cyber assurance IT risk or technology audit with a demonstratedtrack recordof leading engagements and managing client relationships gained at a Big 4 firm leading cybersecurity consultancy or in a senior in-house cybersecurity role.

• Proven ability to independently lead client-facing engagements end-to-end: scoping planning execution quality review and final presentation across complex multi-stakeholder environments.

• Deep understanding and hands-on experience in at least three of the following cybersecurity domains:

• Cybersecurity Strategy & Operating Model Design

• Cyber Risk Management & Quantification (FAIRmethodologypreferred)

• Cloud Security Architecture & Assurance (AWS Azure GCP)

• AI Security AI Governance & Responsible AI

• Identity & Access Management / Privileged Access / Zero Trust

• Threat Intelligence Threat Modelling & Red Team Oversight

• Vulnerability Management & Penetration Testing Program Management

• OT/ICS & Critical Infrastructure Security

• Third-Party & Supply Chain Risk Management (TPRM)

• Data Security Privacy & Regulatory Compliance

• Security Governance Risk & Compliance (GRC) Program Management

• Expert-level command of cybersecurity and AI security frameworks: NIST CSF NIST 800-53 ISO 27001 ISO 42001 NIST AI RMF SOC 1/2 CIS Controls v8 COBIT 2019 PCI DSS v4.0 MITRE ATT&CK Zero Trust architecture principles and Canada-specific regulatory frameworks (OSFI B-13 PIPEDA AIDA).

• Cybersecurity & Risk Credentials: Audit & Assurance (ISACA CISA CRISC or CISM one strongly preferred at this level); Security Management (ISC2 CISSP or CCSP); Cloud Security (AWS Security Specialty Microsoft SC-100/AZ-500 Google PCSE); AI Security & Governance (ISACA CAIA ISACA AAISM ISO 42001 Lead Implementer/Auditor); Offensive Security (OSCP GIAC GPEN GWAPT CEH); Privacy (IAPP CIPP/C CIPM).

• Substantive AI securityexpertise: deep familiarity with LLM vulnerabilities (OWASP LLM Top 10) adversarial machine learning AI model governance and GenAI risk management. You have led or played a significant role in at least one AI security or AI governance engagement.

• Demonstrated ability to present complex findings and strategic recommendations to C-suite executives board members and regulatory audiences in writing and in person with the polish and authority those audiences expect from a trusted advisor.

• Strong project management discipline: ability to manage multiple concurrent workstreams track milestones manage scope escalate risks proactively and consistently deliver on time and within budget.

• Experience mentoring and developing junior professionals with concrete examples of how you have improved someone elses technical knowledge consulting craft or client delivery capabilities.

• Hands-on experience with security tools across multiple categories: SIEM platforms (Splunk Microsoft Sentinel) vulnerability scanners (Tenable Qualys) EDR/XDR solutions GRC platforms or CSPM tools (Wiz Prisma Cloud Defender for Cloud).

• PwC Canada is committed to cultivating an inclusive hybrid work environment. Exact expectations for your team can be discussed with your interviewer.