In our Cybersecurity and AI Security Assurance practice, we secure the world's largest organizations against tomorrow's most complex threats. We are a high-performing, tight-knit team working on a truly global scale, and we are looking for experienced, fiercely curious leaders ready to step to the front of the room. Here, you won't be executing in the background. You will own engagements, lead client relationships, and advise C-suite executives, VPs, and global business leaders on the most complex cybersecurity and AI security challenges they face. We don't just react to the market, we anticipate it. We operate at the absolute forefront of emerging tech, proactively exploring new opportunities, driving continuous learning, and defining what's next in groundbreaking domains like AI Security. As a Cybersecurity Controls Senior Associate, you will lead high-impact engagements across some of Canada's most complex organizations spanning financial services, critical infrastructure, energy, government, and technology. You'll combine deep technical expertise with proven leadership and consulting capabilities, mentoring Associates, managing client relationships with independence, and contributing directly to the strategic growth of our practice. If you are ready to lead, ready to build, and ready to make a massive impact on a global stage, this is where you belong.

The Opportunity:
As a Senior Associate , unlock your potential and embrace the chance to drive meaningful outcomes that'll elevate your career. Your role will include, but isn't limited to:

• Lead cybersecurity assurance engagements: Own the day-to-day delivery of cybersecurity assessments, security architecture reviews, and control gap analyses against leading cybersecurity frameworks such NIST CSF, NIST 800-53, ISO 27001 and more . Develop technically strong findings and remediation roadmaps tied clearly to business impact and regulatory exposure, and present conclusions to senior client stakeholders with confidence and clarity.
• Drive AI security engagements: Lead both technical security reviews and governance assessments of AI implementations and deployments. Conduct hands-on testing of AI/ML systems including overall AI architecture reviews, prompt injection testing, input/output validation, API security review, data pipeline integrity, and infrastructure hardening for AI workloads. Apply NIST AI RMF, ISO 42001, OWASP Top 10 for LLMs, MITRE ATLAS, and Canada's Regulatory framework s (AIDA, OSFI E-23) to help clients govern AI responsibly and securely. Develop AI-specific control frameworks and board-level risk reporting for organizations deploying GenAI at scale.
• Hands-on cloud security experience: ability to assess cloud security architecture, misconfiguration risk, identity controls, data protection, and compliance posture across AWS, Azure, or GCP. Experience with cloud-native security services, IaC security review, container security, and CSPM tooling is strongly preferred.
• Hands-on IAM security experience: ability to assess identity and access management programs including role-based access control, privileged access management (PAM), federation and SSO, and zero trust network access (ZTNA). Experience identifying entitlement risks, toxic access combinations, and least-privilege gaps in enterprise environments is a strong asset. Familiarity with IAM controls specific to AI environments , including service account governance, model access controls, API key management, and least-privilege enforcement for AI workloads and data pipelines is a differentiator.
• Hands-on data security experience: ability to assess and advise on data classification, data loss prevention (DLP), encryption controls, data residency requirements, and secure data lifecycle management. Experience with privacy-enhancing technologies, data access governance, and regulatory compliance programs (PIPEDA, GDPR, provincial privacy legislation) is strongly preferred. Familiarity with data security controls in AI and cloud environments , including training data protection, sensitive data handling in ML pipelines, and data minimization practices for GenAI systems , is a strong asset.
• Lead cybersecurity strategy development: Design and deliver strategy engagements including security operating model design, zero trust architecture roadmaps, cyber risk quantification programs, board-level risk reporting frameworks, and third-party risk programs. Translate strategic recommendations into implementation-ready plans with clear ownership, timelines, and success metrics.
• Execute and oversee threat and vulnerability programs: Lead vulnerability assessments, threat modelling exercises (STRIDE, PASTA, MITRE ATT&CK), penetration test scoping and management, and attack surface analyses. Translate technical outputs into business-language risk narratives and prioritized remediation roadmaps calibrated to client sector and risk appetite.
• Own client relationships and stakeholder management: Serve as the day-to-day point of contact for client stakeholders. Facilitate executive workshops, manage project governance and scope, and navigate difficult conversations with confidence and professionalism. Build enduring client relationships that generate trust, repeat business, and expanded mandates, and proactively look for opportunities to deepen PwC's presence within each account while contributing to a positive and collaborative team culture throughout.
• Mentor and develop team members: Take active responsibility for the growth of Associates on your engagements. Review deliverables for quality, provide direct and constructive feedback, and coach on both technical and consulting skills to create an environment where junior team members are stretched, supported, and set up to succeed.
• Optimize with automation and AI: Champion the use of AI tools, scripting, and automation within engagements to accelerate evidence collection, control mapping, continuous monitoring, and reporting. Develop reusable templates and accelerators that improve team efficiency and ensure consistent, high-quality delivery across engagements.
• Contribute to practice growth and business development: Identify scope expansion opportunities within active client accounts and contribute to proposals, RFP responses, and pitch presentations with a clear point of view on solution approach and differentiation. Develop reusable methodologies and engagement accelerators that sharpen PwC's competitive edge in the market.
• Stay ahead of the curve: Monitor and synthesize emerging threat intelligence, regulatory developments (OSFI B-13, PIPEDA, NIS T , EU AI Act), and AI security innovations. Bring fresh, relevant insight to every client conversation, share findings across the team, and continuously sharpen PwC's methodologies and service offerings.
• Deliver high performance: Demonstrate clear vision , open communication, collaboration, and accountability to deliver exceptional quality to clients and a rewarding experience for peers. Actively contributes to PwC's culture of inclusion, continuous learning, and professional excellence.

What You'll Bring:
Your skills, knowledge, and experiences are what set you apart. Here's what we look for:

• Progressive, hands-on experience in cybersecurity consulting, cyber assurance, IT risk, or technology audit, with a demonstrated track record of leading engagements and managing client relationships, gained at a Big 4 firm, leading cybersecurity consultancy, or in a senior in-house cybersecurity role.
• Proven ability to independently lead client-facing engagements end-to-end: scoping, planning, execution, quality review, and final presentation across complex, multi-stakeholder environments.
• Deep understanding and hands-on experience in at least three of the following cybersecurity domains:
• Cybersecurity Strategy & Operating Model Design
• Cyber Risk Management & Quantification (FAIR methodology preferred)
• Cloud Security Architecture & Assurance (AWS, Azure, GCP)
• AI Security, AI Governance & Responsible AI
• Identity & Access Management / Privileged Access / Zero Trust
• Threat Intelligence, Threat Modelling & Red Team Oversight
• Vulnerability Management & Penetration Testing Program Management
• OT/ICS & Critical Infrastructure Security
• Third-Party & Supply Chain Risk Management (TPRM)
• Data Security, Privacy & Regulatory Compliance
• Security Governance, Risk & Compliance (GRC) Program Management
• Expert-level command of cybersecurity and AI security frameworks: NIST CSF, NIST 800-53, ISO 27001, ISO 42001, NIST AI RMF, SOC 1/2, CIS Controls v8, COBIT 2019, PCI DSS v4.0, MITRE ATT&CK, Zero Trust architecture principles, and Canada-specific regulatory frameworks (OSFI B-13, PIPEDA, AIDA).
• Cybersecurity & Risk Credentials: Audit & Assurance (ISACA CISA, CRISC, or CISM - one strongly preferred at this level); Security Management (ISC2 CISSP or CCSP); Cloud Security (AWS Security Specialty, Microsoft SC-100/AZ-500, Google PCSE); AI Security & Governance (ISACA CAIA, ISACA AAISM, ISO 42001 Lead Implementer/Auditor); Offensive Security (OSCP, GIAC GPEN, GWAPT, CEH); Privacy (IAPP CIPP/C, CIPM).
• Substantive AI security expertise : deep familiarity with LLM vulnerabilities (OWASP LLM Top 10), adversarial machine learning, AI model governance, and GenAI risk management. You have led or played a significant role in at least one AI security or AI governance engagement.
• Demonstrated ability to present complex findings and strategic recommendations to C-suite executives, board members, and regulatory audiences in writing and in person, with the polish and authority those audiences expect from a trusted advisor.
• Strong project management discipline: ability to manage multiple concurrent workstreams, track milestones, manage scope, escalate risks proactively, and consistently deliver on time and within budget.
• Experience mentoring and developing junior professionals, with concrete examples of how you have improved someone else's technical knowledge, consulting craft, or client delivery capabilities.
• Hands-on experience with security tools across multiple categories: SIEM platforms (Splunk, Microsoft Sentinel), vulnerability scanners (Tenable, Qualys), EDR/XDR solutions, GRC platforms, or CSPM tools (Wiz, Prisma Cloud, Defender for Cloud).
• PwC Canada is committed to cultivating an inclusive, hybrid work environment. Exact expectations for your team can be discussed with your interviewer.

This newly created role reflects our commitment to growth and delivering distinctive value for our clients and stakeholders.

The salary range for this position is $65,600 - $109,300. The posted salary range represents the expected hiring range for PwC locations in major city centres. Given our national recruiting approach, ranges may vary for positions in other locations. At PwC Canada, base salary is determined by your skills, experience, qualifications and work location. In addition to base salary, eligible employees may have opportunities to participate in variable incentive pay programs which are designed to reward individual and firm-wide achievements. We are committed to offering competitive compensation and adhere to all relevant pay transparency legislation. During the hiring process, our Talent Acquisition team will provide details about our comprehensive total rewards package.

Why you'll love PwC
We're inspiring and empowering our people to change the world. Powered by the latest technology, you'll be a part of diverse teams helping public and private clients build trust and deliver sustained outcomes. This meaningful work, and our continuous development environment, will take your career to the next level. We reward your impact, and support your wellbeing, through a competitive compensation package, inclusive benefits and flexibility programs that will help you thrive in work and life. Learn more about our Application Process and Total Rewards Package at: https://jobs-ca.pwc.com/ca/en/life-at-pwc

PwC Canada acknowledges that we work and live across Turtle Island, on the land that is now known as Canada, which are the lands of the ancestral, treaty and unceded territories of the First Nations, Métis and Inuit Peoples. We recognize the systemic racism, colonialism and oppression that Indigenous Peoples have experienced and still go through, and we commit to allyship and solidarity.

We're committed to providing accommodation throughout the application, interview, and employment process. If you require accommodation to be at your best, please let us know during the application process.
The use of artificial intelligence (AI) in recruiting is just getting started, so we know you have questions about how and why we use it. At certain points during our recruiting process, we rely on AI to improve your experience. This could be during resume review or curating personalized job recommendations, asking you clarifying questions via a chatbot or during our interview scheduling to improve your experience. Our use of AI helps ensure we combat bias by evaluating candidates equally and fairly, without seeing identity information, such as your name, or gender for example). AI also helps us better predict successful hires by reviewing all applicants for a role and the relationship between your skills, experience and likely success at PwC Canada. While AI supports parts of our recruitment process, final hiring decisions always involve human review. For more information about our use and protection of your data, please refer to our Privacy Policy (https://www.pwc.com/ca/en/privacy-policy.html).