Senior Advisor, Business Advisory & Consulting (CISSP, CISM, CCSP) to support business and technology teams with new and existing initiatives by embedding

Senior Advisor, Business Advisory & Consulting (CISSP, CISM, CCSP) to support business and technology teams with new and existing initiatives by embedding security, regulatory, and risk considerations for our payments client

Type: Permanent/FTE

Location: Toronto (West-end) - Hybrid, 3x/week

Responsibilities:

• Act as a trusted advisor to project teams and business stakeholders.
• Provide pragmatic and risk-based guidance to enable secure business outcomes.
• Translate policies, standards, and regulatory obligations (e.g., PCI DSS, NIST CSF, ISO 27001) into actionable requirements.
• Lead and deliver complex TRAs, solution, system, and architecture security reviews.
• Identify systemic risks, present findings to stakeholders, and recommend risk treatment options.
• Influence risk acceptance or mitigation decisions at the project and portfolio level.
• Conduct advanced assessments of multi-cloud architectures and services.
• Guide DevOps and engineering teams on embedding security controls into CI/CD pipelines.
• Promote secure design and coding practices aligned with OWASP and industry best practices.
• Lead in-depth application and API security reviews for high-risk and business-critical systems.
• Recommend mitigation strategies to reduce vulnerabilities and ensure compliance with regulatory standards.
• Ensure security advisory activities map to the client's security policies, standards, and regulatory frameworks.
• Contribute to audit readiness by producing clear, evidence-based deliverables.
• Mentorship & Knowledge Sharing: Helps provide guidance and knowledge transfer to more junior Advisors

Must Haves:

• Bachelor’s degree in Information Security, Computer Science, or related field.
• Master’s degree in Cybersecurity, Information Assurance, or MBA with security focus.
• Advanced certifications strongly preferred: CISSP, CISM, CCSP, or specialized GIAC certifications (e.g., GWAPT, GWEB, GCSA).
• Additional relevant vendor/cloud certs (AWS/Azure security specialties).
• 5-7 years of information security/advisory experience.
• Proven expertise in threat risk assessments, cloud security, application security.
• Strong communication skills with ability to influence business and technical stakeholders.
• Demonstrated mentorship of junior advisors.