Senior Consultant, SOC 2 Assessment

What You'll Do

• Lead audits/assessments including audit plan preparation, review of documentation and evidence, evaluation of procedures, and client interviews.
• Maintain strong depth of knowledge in one or more cybersecurity frameworks.
• Prepare, review and approve assessment reports.
• Manage priorities, tasks and hours on projects in conjunction with the project manager to achieve delivery utilization targets.
• Ensure quality products and services are delivered on time.
• Escalate client and project issues to management in a timely manner to inform and engage the necessary resources to address the issue
• Provide mentorship to team members in areas of audit, assessment, technical review and writing.
• Interface with clients through entire engagement, interacting with all levels of client organizations
• Establish and maintain positive collaborative relationships with clients and stakeholders
• Continuous professional development in maintaining industry specific certifications. Maintains strong depth of knowledge in the practice area.
• Collaborate with project managers, quality management, sales and other delivery team members to drive customer satisfaction and meet project deliverables.
• Establish account relationships and identifies upsell and cross sell opportunities and escalates to sales.
• Draft audit programs that sufficiently address both the required objectives of the regulatory body and the complexity of the client environment
• Lead interview and inquiry walkthroughs with clients to determine the conformity of environments against stated requirements
• Assess security vulnerabilities against the appropriate security frameworks
• Pursue and corroborates conclusions derived from inquiry procedures with client while ensuring diligent interview notes are captured
• Offline and remote evidence inspection of client provided documentation; appropriately mark artifacts requiring follow-up or additional clarification
• Educate and interpret compliance activities for clients
• Understand how to apply quality standards and adheres to a minimum benchmark for quality assurance throughout the documentation of each work product or deliverable
• Provide advice to customers on issues affecting the scope of work in a manner that provides additional value
• Develop documentation and author recommendations associate with your findings on how to improve the customer’s security posture in accordance with appropriate controls
• Up to 20% Travel

What You'll Bring

• Bachelor’s degree (four-year college or university) or equivalent combination of education and work experience. Degree preferably in Information Systems, CIS, MIS or IT
• 3-5 years of experience in security frameworks and regulatory requirements (such as SOC 2, ISO, NIST, COBIT, HIPAA/HITECH, HITRUST or PCI).
• The ability to evaluate the design and effectiveness of technology controls throughout the business cycle.
• Demonstrated ability to structure and lead projects successfully
• Strong written and verbal communication skills, with the ability to communicate succinctly and instill confidence with internal stakeholders and external customers.
• Excellent Consulting skills: ability to advise and challenge the status quo while building strong relationships
• Ability to build high-trust relationships, rapport and credibility quickly
• Strong personal initiative to appropriately manage time, and manage time of others, to meet deadlines
• Ability to shift focus frequently while maintaining excellent quality
• Skill and will to train and mentor junior staff
• Computer and typing skills that permit rapid data collection and note taking
• Ability to facilitate meetings to small or large groups
• Public speaking and executive presence that solicits attention
• Inquisitive and curious nature with the ability to effectively probe for deeper information
• Diplomatic and broad minded
• Strong technical researcher

Bonus Points

• Any relavent CSP certifications (AWS solutions architect, etc.)
• Any of the following information security certifications (CISSP, CISM, Certified ISO 27001 Lead Implementer) or one audit certification (CISA, GSNA, Certified ISO 27001 Lead Auditor/Internal Auditor, IRCA ISMS Auditor or higher, CIA)
• Experience working with technologies hosted via cloud computing environments (e.g., Amazon Web Services, Microsoft Azure, Google Cloud Platform)