Cybersecurity Risk & Controls Associate

Meaningful work you’ll be part of   

As a Cyber Controls Associate, you'll work as part of a highly skilled team of problem solvers, bridging the gap between deep technical risk and enterprise strategy. Responsibilities include but are not limited to: 

• Support cybersecurity assessments: Evaluate client capabilities against leading industry frameworks: NIST CSF, NIST 800-53, ISO 27001, COBIT, CIS Controls, SOC 2; to identify control gaps, assess risk maturity, and architect actionable remediation roadmaps with prioritization clearly linked to business impact and regulatory exposure. 

• Enable secure cloud transformations: Support on risk identification and security control integration as part of large-scale cloud migrations and transformations. Apply knowledge of cloud security principles, shared responsibility models, governance frameworks, and security architecture across Azure, AWS, and GCP; including cloud-native security services, container and Kubernetes security, infrastructure-as-code (IaC) review, and CSPM tooling. 

• Apply AI security fundamentals: Support the safe adoption of artificial intelligence across client organizations using leading risk management frameworks: NIST AI RMF, ISO 42001, OWASP Top 10 for LLMs, MITRE ATLAS, and Canada's Artificial Intelligence and Data Act (AIDA). Assess GenAI risks including prompt injection, data poisoning, model inversion, adversarial attacks, and supply chain vulnerabilities in AI/ML pipelines. Help clients develop AI-specific governance controls and usage policies. 

• Manage IT and business process controls: Perform and support audits, risk management, and assurance reviews over large technology transformation initiatives, IT general controls (ITGCs), application controls, data privacy programs, and regulatory compliance mandates (OSFI B-13, PIPEDA, SOX IT, PCI DSS). Document control testing evidence, findings, and management action plans with the rigour expected by external regulators and audit committees. 

• Conduct vulnerability and threat assessments: Support vulnerability assessments, threat modelling exercises (STRIDE, PASTA, MITRE ATT&CK), attack surface analyses, and control gap assessments. Translate technical threat intelligence into risk-ranked remediation plans aligned to client risk appetite and sector-specific threat profiles. 

• Drive executive conversations and stakeholder management: Translate complex technical security vulnerabilities into clear, quantifiable business impacts. Facilitate risk workshops, manage project governance, gather technical requirements, and confidently present viable security solutions to diverse client stakeholder groups, from security architects and engineers to C-suite executives and board-level audiences. 

• Optimize with automation and AI: Leverage AI tools, scripting, and automation to streamline security assessments, control mapping, evidence collection, and continuous risk monitoring. Develop reusable templates, accelerators, and tools that improve team efficiency and ensure consistent engagement quality. 

• Support business development and thought leadership: Contribute to proposals, RFP responses, client presentations, and PwC's proprietary methodology development. Participate in the creation of market-facing thought leadership in cybersecurity and AI security that positions PwC as Canada's leading cyber advisor. 

• Stay ahead of the curve: Continuously research the shifting regulatory and threat landscape; monitoring emerging risks such as GenAI-enabled cyberattacks, quantum cryptography threats, OT/ICS vulnerabilities, and evolving privacy regulation across Canada and globally. Apply relentless curiosity to learn new capabilities and actively share insights across the team and client base. 

• Deliver high performance: Demonstrate clear vision, open communication, collaboration, and accountability to deliver exceptional quality to clients and a rewarding experience for peers. Actively contributes to PwC's culture of inclusion, continuous learning, and professional excellence. 

Experiences and skills you’ll use to solve    

• Hands-on experience in cybersecurity, IT risk, technology assurance, or digital risk management, gained in a consulting, professional services, or in-house cybersecurity environment. 

• Deep understanding and hands-on experience in at least three of the following cybersecurity domains: 

• Threat Management & Threat Intelligence 

• Risk Assessment & Cyber Risk Quantification (FAIR methodology is a plus) 

• Data Security & Privacy (PIPEDA, GDPR, CCPA, provincial privacy legislation) 

• Network & Infrastructure Security 

• Application Security & Secure SDLC 

• Vulnerability Management & Penetration Testing 

• Cloud Security (AWS, Azure, GCP) 

• Identity & Access Management (IAM / PAM / Zero Trust Architecture) 

• Security Governance, Risk & Compliance (GRC) 

• OT/ICS or Critical Infrastructure Security 

• Working knowledge and hands-on application of leading cybersecurity and AI security frameworks: NIST CSF, NIST 800-53, ISO 27001, ISO 42001, NIST AI RMF, SOC 2, CIS Controls v8, COBIT 2019, PCI DSS v4.0, and MITRE ATT&CK. 

• Cybersecurity & Risk Credentials: Foundational (CompTIA Security+, CySA+, ISC2 CC); Audit & Assurance (ISACA CISA, Associate/In Progress, CRISC, CISM); Cloud Security (AWS Security Specialty, Microsoft AZ‑500/SC‑200/SC‑300, Google PCSE, ISC2 CCSP, CompTIA Cloud+); AI Security & Governance (ISACA AAIA, ISO 42001 Lead Implementer/Auditor, IAPP AIGP) 

• Demonstrated curiosity and growing knowledge of AI security; including generative AI risks, LLM vulnerabilities (OWASP LLM Top 10), model governance, AI ethics frameworks, and Canada's AIDA regulatory landscape. You don't need to be an AI expert yet, but you need to be actively learning. 

• Proven ability to map technical controls to security frameworks and compliance standards, and to translate those findings into business-impact language for executive and board-level audiences. 

• Hands-on technical experience in cloud or on-premises security, cloud security audits, or cloud infrastructure design (Azure, AWS, GCP) is a strong asset. 

• Experience using security tools in one or more categories: SIEM platforms (Splunk, Microsoft Sentinel), vulnerability scanners (Tenable, Qualys), GRC tools, EDR/XDR solutions, or cloud security posture management (CSPM) platforms. 

• Strong presentation, communication, and stakeholder management skills, you are comfortable and confident stepping into a room to articulate complex technical risks to both technical engineers and non-technical business leaders. 

• Analytical mindset: ability to structure ambiguous problems, synthesize large volumes of information, and develop clear, evidence-based recommendations under time pressure and in complex, multi-stakeholder environments. 

• PwC Canada is committed to cultivating an inclusive, hybrid work environment. Exact expectations for your team can be discussed with your interviewer. 

This newly created role reflects our commitment to growth and delivering distinctive value for our clients and stakeholders. 

The salary range for this position is $46,600 - $77,600. The posted salary range represents the expected hiring range for PwC locations in major city centres. Given our national recruiting approach, ranges may vary for positions in other locations. At PwC Canada, base salary is determined by your skills, experience, qualifications and work location. In addition to base salary, eligible employees may have opportunities to participate in variable incentive pay programs which are designed to reward individual and firm-wide achievements. We are committed to offering competitive compensation and adhere to all relevant pay transparency legislation. During the hiring process, our Talent Acquisition team will provide details about our comprehensive total rewards package. 

Why you’ll love PwC  

We’re inspiring and empowering our people to change the world. Powered by the latest technology, you’ll be a part of diverse teams helping public and private clients build trust and deliver sustained outcomes. This meaningful work, and our continuous development environment, will take your career to the next level. We reward your impact, and support your wellbeing, through a competitive compensation package, inclusive benefits and flexibility programs that will help you thrive in work and life. Learn more about our Application Process and Total Rewards Package at:  https://jobs-ca.pwc.com/ca/en/life-at-pwc 

PwC Canada acknowledges that we work and live across Turtle Island, on the land that is now known as Canada, which are the lands of the ancestral, treaty and unceded territories of the First Nations, Métis and Inuit Peoples. We recognize the systemic racism, colonialism and oppression that Indigenous Peoples have experienced and still go through, and we commit to allyship and solidarity.