Apply on Kit Job: kitjob.ca/job/2fs5pw

* Lead and deliver cloud security assessments, architecture reviews, and implementation engagements across Azure, AWS, and GCP.* Design and implement Zero Trust–aligned security architectures covering identity, device, application, data, and infrastructure layers.* Advise clients on data protection and information governance, including classification, labeling, encryption, retention, and eDiscovery considerations.* Implement and optimize identity and access management capabilities, including Entra ID, Conditional Access, MFA, Privileged Identity Management (PIM), and workload identities.* Design and implement cloud-native security controls across: + Cloud posture management (CSPM) + Workload protection (CWPP) + Logging, monitoring, and threat detection* Support secure adoption of AI and GenAI workloads, including data exposure risk, identity boundaries, and model access controls.* Translate security risks into clear, business focused recommendations for both technical and executive audiences.* Contribute to proposals, statements of work, and client roadmaps, including effort estimation and solution shaping.* Identify and implement automation opportunities using infrastructure-as-code and security tooling.* Mentor junior consultants and contribute to internal standards, frameworks, and reusable assets.* Work with multiple cloud service providers including Amazon Web Services, Microsoft Azure and Google Cloud Platform, and various security vendors to understand their solution offerings and advise clients on appropriate technologies and architectures, based on their needs. * You demonstrate BDO's core values through all aspects of your work: Integrity, Respect and Collaboration.* You understand your client’s industry, challenges, and opportunities; clients describe you aspositive, skilled, and delivering high-quality work.* You identify, recommend,



and are focused on effective service delivery to your clients.* You share in an inclusive and engaging work environment that develops, retains & attracts talent.* You actively participate in the adoption of digital tools and strategies to drive an innovative workplace.* You grow your expertise through learning and professional development.The expected range of compensation for this role is $84,000 - $128,000 annually.**Your experience and education** * 3 to 5 years of relevant work experience in cloud security, including identity and access management, logging and monitoring, data security and cloud reference architecture* College Diploma or University Degree in Cyber Security, Information Security, or Computer Science* Advanced certification in one or more cloud service platforms* Hands-on experience in cloud security, cybersecurity consulting, or security engineering.* Strong understanding of cloud security domains including identity, data protection, logging, monitoring, and architecture.* Experience conducting security assessments and translating findings into actionable recommendations.* Familiarity with industry frameworks and standards such as:* NIST (CSF, SP 800-53, Cloud Reference Architecture)



+ CIS Critical Security Controls + Cloud Security Alliance CCM + OWASP Top 10* Ability to clearly communicate complex technical concepts to diverse audiences.* Experience working in consulting or client-facing delivery roles.* Successful candidates will have experience or strong exposure to several of the following areas:* Cloud & Platform Security + Microsoft Azure, AWS, and/or Google Cloud security services + Secure landing zones and cloud reference architectures + Infrastructure-as-Code (Bicep, Terraform, ARM, CloudFormation) + DevSecOps concepts, CI/CD pipeline security, and secrets management* Data Protection & Information Security + Microsoft Purview (Information Protection, DLP, eDiscovery, Insider Risk) + Data classification, labeling, and encryption strategies + Data Loss Prevention across cloud services and endpoints + Secure collaboration and third-party data sharing controls* Identity & Zero Trust + Microsoft Entra ID (formerly Azure AD) + Conditional Access, MFA, phishing-resistant authentication + Privileged Identity Management (PIM) and Just-in-Time access + Identity governance and lifecycle automation* AI & Emerging Technology Security + Securing Copilot, GenAI, and AI-enabled workloads + Data leakage risks in AI-assisted environments + Governance and access controls for AI services* Advanced certification in one or more cloud service platforms (one of more preferred): + Azure Security Engineer, SC-series certifications + AWS Security Specialty + CISSP, CCSP, CISMNous considérons qu'il est essentiel que nos gens puissent réaliser leur potentiel, nourrir leur passion et renforcer leur avantage concurrentiel.Qu'il s'agisse de notre vaste clientèle ou de notre bassin de talents en pleine croissance, nos gens sont au cœur des activités de BDO. Notre expérience talent primée continue de faire notre fierté. L’ouverture et la collaboration définissent notre culture. Nous favorisons l’inclusion et célébrons la diversité de tous nos collaborateurs. Nous prônons le respect de chacun, le maintien de l’intégrité et la possibilité d’être pleinement soi-même. #J-18808-Ljbffr

Apply on Kit Job: kitjob.ca/job/2fs5pw

📌 Azure Cloud Security Architect – Zero-Trust Leader (Toronto)
🏢 Affinity
📍 Toronto