Risk Advisory Cyber Senior Associate

Job Description

The IA/Cyber practice is part of our Risk & Accounting Advisory Services (RAAS) group serving our Audit, Tax and Transaction Advisory practice areas across the firm to provide IT Audit, consulting, and compliance services in the areas of:

• SOC 1/2/3 and other attestation engagements
• NIST Cybersecurity Framework, NIST 800-115, NIST 800-171, NIST 800-53 (CMMC, FISMA, FedRAMP)
• ISO 27001/27002, PCI, HIPAA/HITRUST, FFIEC
• Cybersecurity Risk and Gap Assessments

What your days look like:

Senior Associates support the performance of technology, cybersecurity, privacy and general control audit/advisory engagements, in addition to various cybersecurity assessments. Under supervision of the RAAS Partner and leadership teams, the Senior Associate will help identify control weaknesses, design or operating effectiveness gaps, vulnerabilities, audit exceptions and inefficiencies that ultimate result in appropriate recommendations to management. Skillsets desired include the ability to:

• Support the development of strong work papers conforming to the firm’s methodology/standards and participation in report drafting for client service delivery
• Identify and communicate results to leadership
• Ensure project quality control and oversight supervision of client engagements, including assisting with adequate planning and execution
• Maintain a strong client focus by understanding the client’s business needs in order to accomplish audit objectives
• Multi-task while still maintaining appropriate attention to detail

What you need for this role:

• Bachelor’s Degree, preferably in Information Security, Information Systems, Computer Science, Cybersecurity or Accounting
• Minimum 2+ years of demonstrated third-party security assessment / IT audit experience consistent with relevant cyber frameworks
• Understanding of technology risk management and IT governance principles and familiarity with cybersecurity solution offerings used to meet business and technical objectives
• Willingness to pursue relevant professional designations (ex. CPA, CISA, CISM, CISSP or CEH)
• Working knowledge of Microsoft, Linux & OSX operating systems
• Familiarity with cloud environments and technologies
• Experience with IDAM, Active Directory/LDAP and other authentication technologies
• Strong English verbal and written communication skills