BDO Canada LLP

Senior Consultant, Cyber Risk Management & Transformation

BDO Canada LLP$90K — $120K *
Technical Services
5 - 7 years of experience
Job Overview by Ladders

Qualifications

  • 5-8 years experience in cybersecurity, IT risk management, or consulting
  • Strong knowledge of NIST CSF, ISO 27001, SOC 2, and privacy regulations
  • Proven ability to conduct cybersecurity risk and control assessments
  • Experience assessing cloud, infrastructure, application, and data security
  • Excellent communication and stakeholder management skills
  • Capability to manage multiple client engagements and projects effectively
  • Strong analytical and problem-solving skills

Responsibilities

  • Lead risk assessments and evaluations using established cybersecurity frameworks.
  • Identify, assess, measure, and report on various cybersecurity risks.
  • Develop tailored cybersecurity roadmaps aligned with client objectives.
  • Assess the effectiveness of cybersecurity programs and technical controls.
  • Recommend security controls related to IAM, Data Protection, and more.
  • Assist in implementing privacy programs to meet compliance standards.
  • Conduct third-party security assessments and support risk management.

Benefits

  • Professional growth and leadership development opportunities
  • Exposure to diverse industries and strategic initiatives
  • Collaboration with experienced cybersecurity professionals
  • Involvement in innovative cybersecurity solutions
  • Engagement in an inclusive and engaging work environment
Full Job Description

Your Opportunity

We are seeking a highly motivated Senior Consultant to join our Cyber Risk Management & Transformation practice. The successful candidate will support organizations in identifying, assessing, and managing cybersecurity, technology, and privacy risks while helping clients strengthen their overall security posture and meet regulatory and compliance requirements.

You will work alongside experienced cybersecurity professionals to help clients solve complex cybersecurity, privacy, risk, and compliance challenges. This role offers exposure to a broad range of industries, technologies, and strategic initiatives while providing opportunities for professional growth and leadership development. This role combines cybersecurity consulting, governance, risk and compliance (GRC), privacy, and strategic advisory services. The ideal candidate is a strong communicator who can engage with both technical teams and executive stakeholders, manage multiple client engagements, and deliver practical, risk-based recommendations.

Key Responsibilities

  • Lead cybersecurity risk assessments, maturity assessments, gap assessments, and control evaluations using frameworks such as NIST CSF, NIST 800-53, ISO 27001:2022, CIS Controls, SOC 2, FedRAMP, and StateRAMP.

  • Identify, assess, measure, and report on cybersecurity, technology, third-party, and privacy risks through security reviews, audits, evaluations, and risk assessments.

  • Develop cybersecurity roadmaps, remediation plans, and target-state operating models aligned with client business objectives and risk tolerance.

  • Assess the effectiveness of cybersecurity programs, governance structures, risk management processes, and technical controls across client environments.

  • Assess and recommend controls related to Identity and Access Management (IAM), Data Protection, Endpoint Security, Security Monitoring, Vulnerability Management, and Zero Trust Architecture.

  • Assist organizations with implementing and monitoring privacy programs to ensure compliance with regulations and standards such as PIPEDA, Quebec Law 25, GDPR, and other applicable privacy requirements.

  • Evaluate security and control requirements for new technologies, cloud implementations, digital transformation initiatives, and emerging technologies, including Artificial Intelligence (AI).

  • Conduct third-party and vendor security assessments and support supply chain risk management initiatives.

  • Assess incident response, business continuity, disaster recovery, and cyber resilience programs, providing recommendations to improve readiness and response capabilities.

  • Facilitate cybersecurity workshops, risk discussions, and stakeholder interviews.

  • Develop executive-level reports, presentations, dashboards, risk registers, and strategic recommendations for senior leadership and boards.

  • Research, pilot, and implement innovative cybersecurity and privacy solutions tailored to client objectives and business environments.

  • Provide strategic guidance on Governance, Risk, Compliance (GRC), Privacy, and Cybersecurity Program initiatives.

  • Identify opportunities to improve delivery efficiency, methodologies, and client outcomes.

  • Drive the successful completion of cybersecurity engagements while managing project plans, budgets, deliverable schedules, resources, and client expectations.

  • Support proposal development, business development initiatives, thought leadership, and client presentations.

How do we define success for your role?

  • You demonstrate BDO's core values through all aspect of your work: Integrity, Respect and Collaboration

  • You understand your stakeholder’s industry, challenges, and opportunities; stakeholders describe you as positive, professional, and delivering high-quality work

  • You identify, recommend, and are focused on effective service delivery to your stakeholders

  • You share in an inclusive and engaging work environment that develops, retains & attracts talent

  • You actively participate in the adoption of digital tools and strategies to drive an innovative workplace

  • You grow your expertise through learning and professional development

Your Experience and Education:

  • 5-8+ years of experience in cybersecurity, information security, IT risk management, privacy, governance, or cybersecurity consulting.

  • Strong understanding of industry frameworks and standards including NIST CSF, NIST 800-53, ISO 27001, CIS Controls, SOC 2, FedRAMP, and StateRAMP.

  • Experience conducting cybersecurity risk assessments, control reviews, maturity assessments, and compliance assessments.

  • Strong understanding of cybersecurity governance, risk management, and security control frameworks.

  • Experience assessing security controls across cloud, infrastructure, application, and data environments.

  • Excellent written, verbal, presentation, and stakeholder management skills.

  • Experience delivering client-facing consulting engagements and managing multiple concurrent projects.

  • Strong analytical, problem-solving, and project management capabilities.

Professional Certifications (One or More Preferred)

  • CISSP

  • CISM

  • CRISC

  • CISA

  • ISO 27001 Lead Implementer/Lead Auditor

  • PMP

About BDO Canada LLP

BDO Canada LLP is a leading accounting and advisory firm that provides a wide range of services to clients across Canada. The firm offers audit and assurance, tax, advisory, and consulting services to clients in various industries, including manufacturing, retail, real estate, and technology. BDO Canada LLP is part of the global BDO network, which operates in over 160 countries and employs over 80,000 people. The firm is committed to providing exceptional client service and helping clients achieve their business objectives.
Learn more about BDO Canada LLP
Size
4,000 employees
Industry

Similar Jobs

More Jobs at BDO Canada LLP

More Technical Services Jobs

Find similar Senior Consultant, Cyber Risk Management & Transformation jobs: