Senior Cyber Risk Consultant

Senior Governance, Risk, & Compliance Consultant

About the Company

Elastify is an IT consulting firm with a deep focus on security and compliance services.

Based in Toronto with a presence across North America, our people are united by our core values and a shared commitment to simplifying IT for those we serve.

We approach engagements with a client-centred mindset and consider ourselves a natural extension of their teams.

Our flexible, on-demand service model provides access to the right skillsets and solutions needed to meet the demands of our clients.

We specialize in delivering high value services and provide advisory within :

• Governance, Risk & Compliance (GRC)
• Cybersecurity Engineering
• Penetration Testing
• Data Protection & Privacy
• Cloud Security
• Microsoft Enablement
• Staff Augmentation

The Elastify business has grown 170% YoY, generating over $70 million in recognized revenue in just four years. With over 100 active contracts being delivered on each month, there is great opportunity to get involved to leave your mark on the growth of Elastify, while developing lasting relationships in a growing industry.

About the Senior GRC Consultant Position

Within Elastify’s security practice, we are currently seeking a Senior Cyber Risk Consultant to assist our growing engagement team in assessing our client’s security processes and controls.

Job Responsibilities

• Leading & delivering compliance readiness assessments (e.g., SOC 2, ISO 27001, PCI DSS).
• Running workshops with clients.
• Support remediation activities (e.g., policy, procedure, documentation development).
• Assist in designing and implementing relevant controls for industry leading security and compliance frameworks.
• Maturing client’s business resilience, including the development of business continuity, disaster recovery, and incident response plans.
• Facilitate Incident Response Tabletop exercises.
• Drafting & presenting reports and findings to key client stakeholders.
• Managing the delivery of engagements to ensure budgets and timelines are met.
• Helping clients with data protection and privacy readiness (HIPAA, GDPR, PIPEDA, Quebec Law 25 etc.).
• Conduct Risk and Privacy Assessments (TRA, TPRM, PIA etc.).
• Implement and work with compliance automation platforms to conduct assessments or provide advisory to clients.
• Conducting information system audits.
• Advising clients with security best practices (People, Process, and Technology).
• Supporting Elastify’s pre-sales activities (proposals, engagement letters / statement of work development).

Experience

• Four to seven years of experience in the field of Cybersecurity, Technology Risk, or GRC
• Completion of at least one of the following designations : CISA, CRISC, CISM, CISSP, ISO 27001 LA.
• Bachelor’s degree or higher in a related field to Cybersecurity or equivalent working experience
• Experience with leading and delivering assessments against the follow standards & frameworks including but limited to SOC 2, NIST CSF, NIST 800-53, CMMC, ISO 27001, CIS.
• Experience with Compliance & Controls Automation Platforms (e.g. Drata)
• Strong attention to detail and organizational skills.
• Experience leading, coaching, mentoring junior personnel.
• Excellent oral and written communication with experience helping clients navigate through complex cybersecurity and compliance challenges.

Benefits of working at Elastify

• Three weeks’ vacation
• Benefits package
• Wellness Account
• Cellphone and Travel allowance
• Downtown Toronto office location (121 King Street West - connected to the path)
• Hybrid work
14 days ago