Consultant, Cloud IT Risk Assessment

FP Inc.

Toronto, ON, Canada
Contract
Hybrid
C$100 - C$128
Cloud Security (AWS/Azure)IT Risk AssessmentExecutive Stakeholder Communication

Daily Responsibilities:

A typical day involves developing and maintaining IT Risk scorecards that provide comprehensive visibility into the organization's cloud and infrastructure risk posture. The role includes conducting stakeholder consultations to review and analyze critical artifacts such as vulnerability assessments, control evaluations, and architecture documentation to identify and assess risk exposure.

Key daily activities include delivering weekly scorecard presentations to senior leadership. These presentations are instrumental in enabling risk-informed decision-making by executive stakeholders prior to application deployment to production environments. This role requires strong analytical capabilities, cross-functional collaboration, and the ability to communicate complex risk concepts to diverse audiences at all organizational levels.

What will you do?

  • Create IT Risk scorecards for Non-Cloud and Public Cloud application initiatives and communicate risks to key stakeholders
  • Establish and build credibility with stakeholders and senior leaders in order to provide representation that is seen as professional, positive and credible.
  • Work in collaboration as a trusted partner to ensure that projects are planned, managed and executed in alignment with the functional strategy and goals.
  • Seek industry trends and organization knowledge to ensure a high level of technical currency and understand alternative approaches.
  • Collaborate with senior leaders to ensure alignment of Global Cyber Security initiatives.
  • Manage risks, leveraging support from the bank SMEs and escalating to Global IT Risk (GITR) leadership as required.

What program/technology/software knowledge is essential for this role? Describe in what capacity the selected candidate will be using it:

Essential Technical Competencies:

Must demonstrate proficiency in cloud platforms, specifically Microsoft Azure and Amazon AWS. Given the bank's dynamic cloud environment, a strong foundational understanding of cloud architecture, deployment models, and associated security considerations is critical to this role.

Core Tools & Systems:

Candidates should be competent in the following enterprise tools:

  • RSA Archer: Used to document and track control assessments and risk evaluations
  • Tableau: Employed to visualize various vulnerability dashboards
  • LeanIX: Utilized for application portfolio and infrastructure mapping to support risk contextualization
  • Microsoft Office Suite (Excel, Word): Essential for detailed analysis, documentation, and report generation
  • Collaboration Platforms (WebEx, Slack): Used for cross-functional stakeholder engagement and team communication

Must-have Skills/Experiences and/or Education, certifications, qualifications, designations:

  • Prior work within cloud teams in other FIs
  • Can speak risk management to application owners (might be non-technical) and Senior Management
  • Certs: CISSP, CRISC, CCSK or CCSP
  • Minimum 7 or more years demonstrated experience in Cyber Security
  • Knowledge of Cyber Security Frameworks and Cloud Security Frameworks
  • Demonstrated knowledge of and experience with Microsoft Azure or Amazon Web Services
  • Information Security and Public Cloud platform certification is an asset (AZ-500, SCS-C01,CCSP, CCSK, CISSP)
  • Knowledge of government and regulatory requirements as it relates to data information management, including emerging trends and issues related to the subject matter.
  • Ability to partner effectively with key stakeholders on complex projects with excellent communication, facilitation and presentation skills.
  • Clear understanding of IaaS/PaaS/SaaS, including containerization (AKS/EKS)
  • Knowledge of OWASP, SANS, NIST, ISO 27001, CSA, CIS or other security-related practices
  • Application Security or Development experience (SAST, DAST, CICD Pipeline, Infrastructure-as-Code)
  • Knowledge of Pivotal Cloud Foundry, OpenShift, Elastic search and Kafka

Nice-to-have Skills/Experience and/or Education, certifications, qualifications, designations:

  • Experience implementing AI technologies organizations
  • Certs: Certs from MS Azure or AWS
  • Previous Banking/Financial Industry experience
  • Knowledge of PCI, SOX, SOC 2, or OSFI requirements and best practices