Job Title

YOUR ROLE. Responsibilities include but not limited to: Assess technology, cybersecurity, and privacy risks within client environments and the related controls and provide practical remediation plansConclude on the business impact to the organization as it relates to identified cybersecurity, technology, and/or privacy risksManage multiple engagements while maintaining company quality standardsWork with clients in a broad array of industries including information technology, financial services, retail & consumer products, pharmaceuticals, electronics, manufacturing, media, and government contracting etc.Understand clients’ organizations and provide value-added solutions and best practicesProactively manage client issues and expectations. Understand and appreciate the firm’s model of balancing client needs with profitabilityReview and evaluate client IT environment including IT systems, processes, and controls to ensure compliance with prevailing regulatory laws and requirementsWork with clients to test for compliance with various prevailing regulatory laws, requirements, and standards including but not limited to Sarbanes-Oxley Act of 2002, NYDFS, GDPR, CCPA, PCI DSS, ISO 27001, HIPAA, CMMC, etc.Ensure engagement reporting observations and recommendations are based on a complete understanding of the process, circumstances, and riskPrepare formal written reports providing recommendations for management to strengthen and improve operations in addition to identifying cost or efficiency savingsIdentify areas for risk transformation and automation to assist clients with reducing the cost of complianceAct as a professional mentor and coach to junior team members, participating in the performance management cycleParticipate in business development activities such as professional networking, proposal development, etc.YOUR EXPERIENCE. The successful candidate will have: A minimum of seven (7) years of experience with the following:Working knowledge of Cloud Security Framework, General Data Protection Requirement (GDPR), COBIT 5, PCI DSS, ISO 27001/2, HIPAA, California Consumer Protection Act (CCPA), NIST 800-171/800-53/NIST 800-37 requiredBackground and understanding of the risks and controls in technologies such as web, cloud, client/server, open systems architecture, data warehousing, and imagingProficient understanding of Cloud security, Identity and Access Management, ERP, Operating Systems,Databases, and Network Infrastructure componentsKnowledge of risks and controls in emerging technologies based on Blockchain, Internet of Things (IoT), and Artificial Intelligence is a plusExperience managing simple and complex information technology internal auditsExperience managing team of various sizes across geographical boundariesExceptional oral and written communication skillsDemonstrated ability to manage client engagements and supervise staffBachelor’s Degree required, Master’s Degree preferredCISA, CISSP, CCSK, CIPP, or CRISC required