IT Risk Consultant, Cloud/SaaS Adoption

About Infinitive

Infinitive is a data & AI consultancy that enables global brands to deliver results through insights, innovation, and efficiency. We possess deep industry and technology expertise to drive and sustain adoption of new capabilities. We match our people and personalities to our clients' culture while bringing the right mix of talent and skills to enable high return on investment.

Infinitive has been named “Best Small Firms to Work For” by Consulting Magazine eight times, and has also been named a Washington Post Top Workplace, Washington Business Journal Best Places to Work, and Virginia Business Best Places to Work.

About the Role

We are seeking a Cloud / SaaS Service Adoption Risk Consultant to support clients in evaluating the security, compliance, operational, and business risks associated with onboarding and scaling new cloud and SaaS services. In this role, you will assess vendor capabilities, review service and architecture designs, recommend governance controls, and guide organizations through risk-informed adoption decisions that balance innovation with regulatory, security, and operational guardrails.

You will work closely with cyber security, procurement, legal, risk management, architecture, and product teams to shape standards, streamline review processes, and ensure rapid—but safe—enablement of new SaaS and cloud capabilities.

Key Responsibilities

Risk Assessment & Advisory

• Conduct end-to-end assessments of new SaaS and cloud vendors, including security posture, compliance certifications, architecture, data flows, SLAs, and operational reliability.

• Evaluate vendor SOC 1/SOC 2 reports, penetration testing summaries, data privacy practices, and business continuity/disaster recovery controls.

• Recommend remediation actions, compensating controls, or risk acceptance decisions.

Governance & Policy Alignment

• Develop or refine cloud/SaaS adoption frameworks, intake workflows, risk scoring models, and tiering methodologies.

• Ensure adoption decisions align with enterprise policies (e.g., authentication standards, encryption requirements, data retention, vendor onboarding).

• Partner with enterprise architecture to confirm alignment with security patterns and integration standards.

Stakeholder Engagement

• Facilitate risk review meetings across InfoSec, Legal, Procurement, Privacy, Architecture, and business stakeholders.

• Translate technical and compliance findings into clear business impact and decision options.

• Present recommendations to leadership and risk committees as needed.

Enablement & Process Improvement

• Create playbooks, intake checklists, vendor assessment templates, and decision dashboards.

• Identify opportunities to streamline review timelines and improve cross-team collaboration.

• Track adoption outcomes, continuous monitoring results, and vendor performance over time.

Required Qualifications

• 3+ years in one or more areas: cloud security, third-party risk, SaaS vendor evaluations, cybersecurity consulting, or enterprise technology risk management.

• Experience reviewing vendor security documentation (SOC reports, CAIQ/CSA, ISO 27001, FedRAMP packages, etc.).

• Familiarity with cloud concepts including identity and access management, data residency, integrations, audit logging, and API-driven workflows.

• Strong communication and stakeholder facilitation skills—able to synthesize and present risk recommendations clearly.

• Ability to manage multiple vendor/service assessments in parallel.

Preferred Qualifications

• Experience working within regulated industries (financial services, healthcare, public sector, etc.).

• Understanding of frameworks such as NIST CSF, ISO 27001, SOC, CSA CCM/STAR.

• Certifications such as CISA, CCSK/CCSP, Security+, CISM, CRISC, AWS/Azure/GCP Foundations, or Prosci Change Management.

• Prior consulting or cross-functional advisory experience.