Control Risks
Senior Consultant - Cyber Assurance
Control Risks, Washington, District of Columbia, us, 20022
Overview
We are seeking a highly skilled and motivated Senior Consultant to join our growing cybersecurity assurance team. In this role, you will lead and deliver high-impact cyber risk and assurance engagements, helping clients navigate regulatory requirements, manage information security risks, and enhance their cybersecurity posture. Responsibilities
Lead and manage cyber assurance projects including IT audits, risk assessments, ISO 27001 readiness, SOC 2, NIST, PCI-DSS, and other compliance frameworks. Design, assess, and implement cybersecurity controls in line with regulatory requirements and industry best practices. Perform cybersecurity maturity assessments and develop tailored improvement roadmaps. Guide clients through internal and external audit processes, including preparation, testing, and remediation planning. Identify control gaps and recommend practical, risk-based solutions aligned with business objectives. Produce high-quality deliverables, such as risk reports, gap assessments, audit reports, and executive summaries. Build strong client relationships, acting as a trusted advisor on cybersecurity and risk issues. Support business development efforts, including proposals, presentations, and thought leadership. Mentor and supervise junior consultants, promoting a culture of knowledge sharing and continuous learning. Requirements
Candidates must be legally authorized to work in the US on a permanent basis without sponsorship. Candidates must possess unrestricted US work authorization. This is a 50%+ travel role with potential to travel globally on 2-3 weeks notice. It requires a valid passport and periodic applications for visas. Bachelor's degree in Cybersecurity, Information Technology, Risk Management, or a related field (or equivalent experience). 5+ years of experience in cybersecurity, risk management, or IT auditing. Demonstrable expertise leading the delivery of assessments based on cybersecurity standards and frameworks such as NIST CSF 2.0, ISO 27001/27002, SOC 2, CIS, PCI-DSS, GDPR, HIPAA, HITRUST, etc. Hands-on experience with tools and platforms used for cyber risk assessments, vulnerability scanning, and audit processes. Strong understanding of information security domains such as access control, encryption, vulnerability management, network security, and incident response. Evidence of supporting clients across multiple sectors which may include Technology, Financial Services, and Retail. A deep understanding of governance, standards, and compliance as they pertain to cybersecurity. Ability to analyze complex security data and translate findings into industry-specific recommendations. Preferred: Certifications such as CISSP, CISM, CRISC, CISA, SCP, CCNP, ISO 27001 Lead Auditor, or other relevant security or risk management certifications. Preferred: Experience working in a global organization and managing risks across multiple jurisdictions. Preferred: Project management skills to manage multiple assessments, stakeholders, and deadlines. Preferred: Strong communication skills, both written and verbal, with the ability to present complex technical information to non-technical audiences. Preferred: Knowledge of cloud security, supply chain security, secure software development, encryption standards, security tools, and emerging threats related to third-party relationships. Preferred: Experience with Archer governance and compliance tools. Compensation & Benefits
The base salary range for this position is $115,000-$125,000 per year. Exact compensation offered may vary depending on job-related knowledge, skills, and experience. Location: This role may be based in NYC or Washington DC. Benefits include medical, prescription, dental, vision, life and AD&D, disability, 401(k) retirement, and other voluntary benefits. Hybrid working arrangements and flexible remote options where possible. We are an equal opportunity employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, gender, gender identity or expression, sexual orientation, national origin, genetics, disability, age or veteran status. Reasonable adjustments available during the interview process upon request. Seniority level: Mid-Senior level Employment type: Full-time Job function: Engineering and Information Technology Industries: Business Consulting and Services
#J-18808-Ljbffr
We are seeking a highly skilled and motivated Senior Consultant to join our growing cybersecurity assurance team. In this role, you will lead and deliver high-impact cyber risk and assurance engagements, helping clients navigate regulatory requirements, manage information security risks, and enhance their cybersecurity posture. Responsibilities
Lead and manage cyber assurance projects including IT audits, risk assessments, ISO 27001 readiness, SOC 2, NIST, PCI-DSS, and other compliance frameworks. Design, assess, and implement cybersecurity controls in line with regulatory requirements and industry best practices. Perform cybersecurity maturity assessments and develop tailored improvement roadmaps. Guide clients through internal and external audit processes, including preparation, testing, and remediation planning. Identify control gaps and recommend practical, risk-based solutions aligned with business objectives. Produce high-quality deliverables, such as risk reports, gap assessments, audit reports, and executive summaries. Build strong client relationships, acting as a trusted advisor on cybersecurity and risk issues. Support business development efforts, including proposals, presentations, and thought leadership. Mentor and supervise junior consultants, promoting a culture of knowledge sharing and continuous learning. Requirements
Candidates must be legally authorized to work in the US on a permanent basis without sponsorship. Candidates must possess unrestricted US work authorization. This is a 50%+ travel role with potential to travel globally on 2-3 weeks notice. It requires a valid passport and periodic applications for visas. Bachelor's degree in Cybersecurity, Information Technology, Risk Management, or a related field (or equivalent experience). 5+ years of experience in cybersecurity, risk management, or IT auditing. Demonstrable expertise leading the delivery of assessments based on cybersecurity standards and frameworks such as NIST CSF 2.0, ISO 27001/27002, SOC 2, CIS, PCI-DSS, GDPR, HIPAA, HITRUST, etc. Hands-on experience with tools and platforms used for cyber risk assessments, vulnerability scanning, and audit processes. Strong understanding of information security domains such as access control, encryption, vulnerability management, network security, and incident response. Evidence of supporting clients across multiple sectors which may include Technology, Financial Services, and Retail. A deep understanding of governance, standards, and compliance as they pertain to cybersecurity. Ability to analyze complex security data and translate findings into industry-specific recommendations. Preferred: Certifications such as CISSP, CISM, CRISC, CISA, SCP, CCNP, ISO 27001 Lead Auditor, or other relevant security or risk management certifications. Preferred: Experience working in a global organization and managing risks across multiple jurisdictions. Preferred: Project management skills to manage multiple assessments, stakeholders, and deadlines. Preferred: Strong communication skills, both written and verbal, with the ability to present complex technical information to non-technical audiences. Preferred: Knowledge of cloud security, supply chain security, secure software development, encryption standards, security tools, and emerging threats related to third-party relationships. Preferred: Experience with Archer governance and compliance tools. Compensation & Benefits
The base salary range for this position is $115,000-$125,000 per year. Exact compensation offered may vary depending on job-related knowledge, skills, and experience. Location: This role may be based in NYC or Washington DC. Benefits include medical, prescription, dental, vision, life and AD&D, disability, 401(k) retirement, and other voluntary benefits. Hybrid working arrangements and flexible remote options where possible. We are an equal opportunity employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, gender, gender identity or expression, sexual orientation, national origin, genetics, disability, age or veteran status. Reasonable adjustments available during the interview process upon request. Seniority level: Mid-Senior level Employment type: Full-time Job function: Engineering and Information Technology Industries: Business Consulting and Services
#J-18808-Ljbffr