Risk Consulting Associate - Cyber Compliance

Candidates should possess a range of skills, including performing and overseeing cybersecurity governance assessments (e.g., NIST CSF, ISO, FedRAMP, FISMA, CMMC, MARS-E), vulnerability assessments, penetration testing, and incident response. Additionally, experience in managing teams that deliver technical deployments of SIEM, DLP, and Identity Management solutions is highly desirable.

• Lead the delivery and management of various cybersecurity engagements and team members, ensuring high-quality work products that meet client expectations.
• Communicate effectively with client management and project leaders to build strong client relationships.
• Cultivate deep client relationships to exceed satisfaction levels.
• Participate in the delivery of cybersecurity governance and compliance assessments against various regulatory and industry standards, including FISMA, FedRAMP, CMMC, MARS-E, NYDFS, HIPAA/HITECH, and NERC/CIP.
• Assist clients in designing and implementing cybersecurity remediation strategies to enhance the overall maturity of their cybersecurity programs by identifying suitable technologies, policies, and organizational structures.
• Identify and clearly articulate findings to senior management and clients, both in writing and verbally.
• Help pinpoint improvement opportunities for assigned clients.

• Bachelor's degree in Information Technology, Computer Science, Cybersecurity, or a related field from an accredited college or university.
• 3+ years of relevant experience in cybersecurity governance and compliance consulting, or equivalent academic experience with an advanced degree.
• Certifications in cybersecurity, such as Certified Information Systems Security Professional (CISSP), Certified Information Security Manager (CISM), Certified Information Systems Auditor (CISA), Certified CMMC Professional (CCP), and Certified CMMC Assessor (CCA).
• Willingness to travel up to 30% to client sites to support various engagements.
• Technical expertise and the ability to discuss topics in one or more of the following areas: network and IT infrastructure, application and database design, IT governance and risk management, third-party management, incident response, and knowledge of standard network and IT security components.
• Familiarity with key cybersecurity compliance standards and regulations, including but not limited to ISO, FedRAMP, CMMC, NIST CSF, and GLBA, etc.
• Strong interpersonal skills with a proven track record in a professional services firm, large consultancy, or similar environment.
• Demonstrated ability to collaborate effectively, especially with cross-functional teams.