Technology Risk & Security - Functional ConsultantIn Canada - Toronto
This role serves as the bridge between business demand, IT architecture, cybersecurity, SOC, audit, compliance, procurement, privacy, and implementation teams - operating within the company's Technology Demand Intake Process, which is closely connected to implementation and lifecycle governance.
This individual will focus on reviewing technical concepts, stand-alone products, services, and AI-enabled solutions that the company plans to implement or integrate into its complex global enterprise technology landscape, including SaaS, PaaS, SAP, and AI-enabled platforms.
You will be responsible for assessing and governing new technology demands, services, platforms, and AI-enabled solutions through the organization's technology intake process.
The role ensures that security, compliance, architecture, operational, and business risks are identified, clearly documented, and addressed through effective and practical mitigation measures before implementation.
How you will create an impact: - Core Responsibilities
- Manage the end-to-end Technology Demand Intake and Risk Assessment process for new technologies, platforms, tools, and AI-enabled solutions.
- Assess security, compliance, operational, vendor, and architecture risks; identify mitigation strategies and recommend risk treatment decisions.
- Prepare executive-ready reports and present findings to IT leadership, governance boards, and risk committees.
- Partner with Security, IT, Architecture, Procurement, Legal, Privacy, Audit, and business stakeholders to evaluate and approve technology solutions.
- Ensure new technologies comply with security policies, controls, and integration requirements.
- Maintain risk documentation, exception records, control evidence, and governance reporting while continuously improving intake processes.
- Stay current onemerging technologies, AI, cybersecurity trends, regulatory requirements, andindustry control frameworks
- Business & Stakeholder Engagement
- Translate business requirements into security and compliance recommendations that enable timely technology decisions.
- Communicate complex technical concepts through presentations, decision papers, and executive-facing materials.
- Facilitate collaboration across IT architecture, infrastructure, business teams, vendors, and other stakeholders.
- Vendor & Project Support
- Support vendor assessments, RFPs, technical evaluations, and solution reviews.
- Contribute to cross-functional IT projects by identifying dependencies, risks, and process improvements.
- Work effectively in agile, global projectenvironments with multiple priorities and tight timelines.
About You: - Organizational Background
- Experience in a complex global environment, comparable consulting or service industries is preferred.
- Technical Expertise
- Bachelor's Degree required - preferred in the area of Technology, MIS, Cybersecurity, etc.
- 5+ years of experience in technology risk, cybersecurity, IT governance, GRC, IT audit, security architecture, or technology consulting.
- Strong knowledge of cybersecurity, technology risk management, compliance, enterprise IT governance, and emerging AI-enabled technologies.
- Experience assessing SaaS, cloud, third-party, and AI-enabled solutions, with the ability to identify risks, mitigation strategies, and implementation requirements.
- Experience improving governance processes, workflows, standards, and risk management practices.
- Knowledge of security and governance frameworks such as ISO 27001, SOC 2, ITIL, or similar.
- Experience with security controls, risk assessments, compliance, audit support, and governance approval processes.
- Ability to evaluate platform architecture, integrations, identity and access management, data flows, encryption, logging, monitoring, and operational security.
- Understanding of enterprise architecture, cloud security, vendor risk management, and secure technology implementation.
- Communication & Collaboration
- Strong stakeholder management skills with experience working across IT, Security, Architecture, Compliance, Privacy, Legal, Procurement, Audit, and business teams.
- Experience preparing executive-level presentations, risk reports, and decision-ready documentation, and presenting recommendations to senior leadership.
- Vendor & Project Experience
- Experience evaluating third-party vendors, cloud platforms, SaaS solutions, and managed services within global IT environments.
- Experience supporting technology onboarding, vendor risk assessments, procurement, RFPs, and cross-functional technology initiatives.
- Ability to manage risks, remediation activities, project dependencies, and implementation progress across the technology lifecycle.
- PreferredCertifications
- CISSP, CISM, CRISC, CISA, CCSP, ISO 27001 Lead Implementer/Auditor, or equivalent certification (or comparable hands-on experience).
The pay range for this position in Toronto is $160,000 - $168,000 CAD/yr. Compensation may vary depending on relevant experience, skills, geographic location, and business needs. We offer a comprehensive package of benefits including performance bonus, paid time off, 13 paid holidays per year, medical/dental/vision insurance, and basic life insurance to eligible employees.
Simon-Kucher North America Talent Acquisition Team
[email protected]simon-kucher.com/careers