GRC Risk / Information Security Consultant
Prevalent is a leading provider of comprehensive third party risk management solutions, dedicated to helping organizations navigate complex regulatory landscapes and protect their information assets.
Our team of experts specializes in implementing and managing risk frameworks that meet the highest industry standards.
We are seeking a highly skilled Risk Consultant with extensive experience in ISO 27001, NIST, SOC 2, and other related risk frameworks.
The ideal candidate will have a strong background in information security, risk assessment, and compliance, and will be responsible for advising clients on best practices to mitigate risks and ensure compliance with relevant standards.
This position will be primarily remote, with occasional requirements to work out of our office in Ottawa, or visit customer sites.
Job Responsibilities
- Conduct comprehensive risk assessments and gap analyses based on ISO 27001, NIST, SOC 2, and other relevant frameworks.
- Develop, implement, and maintain information security management systems (ISMS) in accordance with ISO 27001 to maintain ISO certification.
- Provide guidance on the implementation of NIST cybersecurity frameworks (CSF, SP 800-53, etc.), SOC 2 Trust Service Criteria, SOC1, HITRUST and Environmental, Social and Governance.
- Perform security and risk audits and reviews to ensure compliance with regulatory requirements and industry standards.
- Create executive and contextual risk reports for client third parties
- Create content for framework related surveys including frameworks for Information Security, Environment and Social Governance, Financial and Business.
- Develop risk management strategies, policies, and procedures tailored to clients’ specific needs.
- Monitor and report on the status of information security controls and risk mitigation activities.
- Stay up-to-date with the latest industry trends, threats, and technologies to provide expert advice to clients.
- Collaborate with cross-functional teams to integrate risk management processes into business operations.
Required Background & Experience
- Professional certifications such as CISSP, CISM, CRISC, or similar are highly desirable.
- Minimum of 5 years of experience in risk management, information security, or compliance consulting.
- In-depth knowledge of ISO 27001, NIST CSF, NIST SP 800-53, SOC 2, and other relevant frameworks and standards.
- Proven experience in developing and implementing ISMS and cybersecurity frameworks.
- Strong analytical, problem-solving, and decision-making skills.
- Excellent communication and presentation skills, with the ability to explain complex concepts to non-technical stakeholders.
- Ability to manage multiple projects and meet deadlines in a fast-paced environment.
- High level of integrity, professionalism, and attention to detail.
Bachelor’s degree in Information Security, Computer Science, or a related field.
Senior Consultant, Risk Advisory Services
The Risk Advisory team endeavors to identify the most significant issues facing the world today with the objective of helping our clients understand what these risks are and how these risks could impact their business and/or operations. Senior Consultant, Risk Advisory Services. Identifying business...
Technology Risk - Senior Consultant - Ottawa
Associated with these opportunities come risks, our clients seek independent advice and assurance over diverse issues which include for example the design and operation of their internal controls, the security of their business critical systems, the delivery of major IT enabled programmes, their rel...
Senior Risk Consultant - Ontario region
As a Senior Risk Consultant, with our Mid-Market & Aviva Business division you will support the Aviva Risk Management Solutions (ARMS) team and associated property and casualty underwriting community by conducting surveys and completing associated risk engineering reports. Complete a wide range ...
Technical Consultant, Risk Control
Provides expert technical support to other risk control employees by advising them about resources available, legislation and applicable regulations, technology, industry trends and effective methods to reduce risk, improve customer satisfaction and demonstrate the value of doing business with Liber...
Risk Management Consultant
Our government client is requesting a Risk Management Consultant to support physical Threat and Risk Assessments (TRA) of locations across Canada. Must have 10 years experience conducting physical Threat and Risk Assessments within the federal government. ...
Consultant, Risk Advisory Services
The Risk Advisory team endeavors to identify the most significant issues facing the world today with the objective of helping our clients understand what these risks are and how these risks could impact their business and/or operations. Consultant, Risk Advisory Services. Identifying business and pr...
Consultant - Climate Risk
The Climate Risk Consultant will be aligned with Anthesis’ Climate Risk and Resiliency team and engage with team members on all aspects of climate risk projects from stakeholder engagement to scenario analysis to reporting. The Consultant will support clients in their climate risk journey, developin...
Senior Consultant, Emerging Technology - Risk Advisory
Our Cyber Risk Services help organizations with the management of information and technology risks by delivering end-to-end solutions, using proven methodologies and tools in a consistent manner. Infrastructure, Governance and Application Security are critical parts of Deloitte's Cyber Risk Services...
Senior Consultant, ServiceNow IRM, Risk Advisory
Deloitte's Risk Advisory practice advises organizations on how to effectively mitigate risk and make informed and intelligent risk decisions around business processes, technology and operations. Our Risk Advisory business is expanding as we increasingly are asked to help organizations adapt and resp...
Senior Consultant, Servicenow Irm, Risk Advisory
Deloitte's Risk Advisory practice advises organizations on how to effectively mitigate risk and make informed and intelligent risk decisions around business processes, technology and operations. Our Risk Advisory business is expanding as we increasingly are asked to help organizations adapt and resp...