Cyber​/IT Assurance Manager - Cherry Bekaert - Richmond, VA

Description: 

Cherry Bekaert, ranked among the largest assurance, tax and advisory firms in the U.S., has a 75 year track record of providing value added Accounting and Advisory services to our clients. Our shared values, including uncompromising integrity, a passion for excellence and mutual respect have helped us get here. Due to sustained growth within our Information Assurance & Cyber Solutions practice, we are seeking a Manager to join our collaborative team.

This role has the flexibility to sit in multiple offices throughout our footprint, or possibly remote for the right resource.

As a Risk Advisory IT Assurance Manager, you will:

Lead engagements providing IT Audit, readiness consulting, and compliance services in the areas of:

• SOC 1/2/3 and other attestation engagements
• NIST Cybersecurity Framework, NIST 800-115, NIST 800-171, NIST 800-53 (CMMC, FISMA, FedRAMP)
• ISO 27001/27002, PCI, HIPAA/HITRUST, FFIEC

Overseeing or assisting with cyber services in the areas such as the following is considered a plus:

• Cybersecurity Risk and Gap Assessments
• Vulnerability Assessments
• Attack & Penetration Studies
• Incident Response
• Cybersecurity Governance Risk & Compliance
• AICPA Cybersecurity Risk Management Framework

What your day(s) looks like:

The Manager supports the performance of technology, cybersecurity, privacy and general control audit/advisory client service engagements. Under supervision of at least one Partner per engagement, the Manager will help identify control weaknesses, design or operating effectiveness gaps, vulnerabilities, audit exceptions and inefficiencies that ultimate result in appropriate recommendations to management. Skillsets desired include the ability to:

• Develop and/or support strong work papers conforming to the firm’s methodology/standards and participation in report drafting for client service delivery
• Identify and communicate results to leadership
• Ensure project quality control and oversight supervision of client engagements from start to finish, including adequate planning, execution, and direction while managing to budget
• Maintain a strong client focus by understanding the client’s business needs while developing productive working relationships with client personnel in order to accomplish audit objectives
• Display strong project management skills, ability to multi-task and attention to detail
• Support the growth and maturity of staff development
• Effectively document technical reports and thought leadership

What you bring to the role:

• Bachelor’s Degree, preferably in Information Security, Information Systems, Computer Science, Cybersecurity or Accounting
• 4+ years cybersecurity/IT Audit experience with at least 2 years working in a consulting firm environment
• Current relevant certification in the area of Information System auditing and/or cybersecurity (CISA, CISM, CCSFP, CISSP, or other)
• Experience performing and managing engagements and cybersecurity assessments against third party cybersecurity criteria (SOC, NIST, HIPAA, HITRUST, FFIEC, ISO, PCI, etc.)
• Proficient with cloud environments and technologies
• Familiar with cybersecurity solution offerings used to meet business and technical objectives
• Experience with IDAM, Active Directory/LDAP and other authentication technologies
• Travel required - approx. 25% pending prevailing public health guidelines

Additional skillsets considered a plus include:

• Proficient with technology risk management, cybersecurity governance principles, network & infrastructure cybersecurity best practices
• Knowledge of vulnerability assessment and penetration testing technologies, as well as incident response, host and network forensic technologies
• Working knowledge of desktop, mobile and endpoint operating systems, and networking technologies

What we offer you:

• Our shared values that foster inclusion and belonging including uncompromising integrity, collaboration, trust, and mutual respect.
• The opportunity to innovate and do work that motivates and engages you.
• A collaborative environment focused on enabling you to further your career growth and continuous professional development.
• Competitive compensation and a total rewards package that focuses on all aspects of your wellbeing.
• Flexibility to do impactful work and the time to enjoy your life outside of work.
• Opportunities to connect and learn from professionals from different backgrounds and with different cultures.

Qualifications

Bachelor’s Degree, preferably in Information Security, Information Systems, Computer Science, Cybersecurity or Accounting

4+ years cybersecurity/IT Audit experience with at least 2 years working in a consulting firm environment

Current relevant certification in the area of Information System auditing and/or cybersecurity (CISA, CISM, CCSFP, CISSP, or other)

Experience performing and managing engagements and cybersecurity assessments against third party cybersecurity criteria (SOC, NIST, HIPAA, HITRUST, FFIEC, ISO, PCI, etc.)

Proficient with cloud environments and technologies

Familiar with cybersecurity solution offerings used to meet business and technical objectives

Experience with IDAM, Active Directory/LDAP and other authentication technologies

Travel required - approx

Proficient with technology risk management, cybersecurity governance principles, network & infrastructure cybersecurity best practices

Knowledge of vulnerability assessment and penetration testing technologies, as well as incident response, host and network forensic technologies

Working knowledge of desktop, mobile and endpoint operating systems, and networking technologies

Responsibilities

Lead engagements providing IT Audit, readiness consulting, and compliance services in the areas of:

SOC 1/2/3 and other attestation engagements

NIST Cybersecurity Framework, NIST 800-115, NIST 800-171, NIST 800-53 (CMMC, FISMA, FedRAMP)

ISO 27001/27002, PCI, HIPAA/HITRUST, FFIEC

Overseeing or assisting with cyber services in the areas such as the following is considered a plus:

Attack & Penetration Studies

Incident Response

Cybersecurity Governance Risk & Compliance

The Manager supports the performance of technology, cybersecurity, privacy and general control audit/advisory client service engagements. Under supervision of at least one Partner per engagement, the Manager will help identify control weaknesses, design or operating effectiveness gaps, vulnerabilities, audit exceptions and inefficiencies that ultimate result in appropriate recommendations to management

Identify and communicate results to leadership

Benefits

The opportunity to innovate and do work that motivates and engages you

A collaborative environment focused on enabling you to further your career growth and continuous professional development

Competitive compensation and a total rewards package that focuses on all aspects of your wellbeing

Flexibility to do impactful work and the time to enjoy your life outside of work

Opportunities to connect and learn from professionals from different backgrounds and with different cultures