Sr. Consultant - Strategy amp Risk Remote, Canada

📋 Description

• • Lead and deliver high-impact cybersecurity strategy and risk engagements for Fortune 1000, public-sector and mid-market clients across Canada. You will own the full lifecycle—from scoping and stakeholder alignment through assessment, roadmap creation and executive read-outs—ensuring every engagement drives measurable reduction in cyber risk and demonstrable compliance outcomes.
• • Serve as the primary escalation point for complex multi-stream projects, mentoring junior consultants while maintaining hands-on ownership of critical deliverables. Your ability to translate technical findings into board-level narratives will directly influence multi-million-dollar security investment decisions.
• • Design and execute risk-based assessments against NIST 800-171/53, ISO 27001, CMMC, HIPAA, PCI-DSS, COSO and other global frameworks. You will map control gaps to business impact, quantify residual risk in financial terms and craft prioritized remediation plans that balance security, cost and operational realities.
• • Architect enterprise-wide cybersecurity governance programs including policy suites, risk appetite statements, third-party risk management (TPRM) processes and supply-chain assurance models. Your frameworks will become the backbone of clients’ long-term security strategies.
• • Facilitate interactive workshops, tabletop exercises and executive briefings that build security culture and accelerate adoption. Whether guiding C-suite leaders through crisis-simulation scenarios or training control owners on new procedures, your communication skills turn skepticism into sponsorship.
• • Conduct deep-dive third-party risk assessments of strategic vendors, cloud service providers and managed security suppliers. You will evaluate everything from SOC 2 reports to zero-trust architectures, delivering concise risk registers and contract-ready mitigation requirements.
• • Translate operational resilience concepts—business continuity planning, disaster recovery, business impact analysis—into integrated cyber-resilience roadmaps. You will align IT recovery objectives with enterprise risk tolerance and regulatory expectations.
• • Produce clear, concise and visually compelling deliverables: board-ready risk dashboards, compliance gap matrices, POA&M trackers and strategic program charters. All artifacts are designed for executive consumption and audit defensibility.
• • Continuously monitor the threat, regulatory and technology landscapes; distill emerging trends into actionable intelligence for clients and internal teams. Your thought-leadership contributions (whitepapers, webinars, conference presentations) will enhance Optiv’s market position and your own professional brand.
• • Collaborate seamlessly with Principal Consultants, Technical Managers, architects and sales teams to expand account footprints, craft follow-on proposals and ensure smooth transition from strategic planning to technical implementation.