Sr. IT Risk & Assurance Associate-SOC 2 Specialist
Boston, MA

Job Description

With over 100 offices and nearly 5,000 associates in major metropolitan areas and suburban cities throughout the U.S. CBIZ (NYSE: CBZ) delivers top-level financial and employee business services to organizations of all sizes, as well as individual clients, by providing national-caliber expertise combined with highly personalized service delivered at the local level. CBIZ has been honored to be recognized as one of the Best & Brightest Companies to Work for in the Nation for 2016. The Best and Brightest Companies to Work For® competition identifies and honors organizations that display a commitment to excellence in their human resource practices and employee enrichment based on categories such as communication, work-life balance, employee education, diversity, recognition, retention and more.

CBIZ and Mayer Hoffman McCann P.C. (MHM) are together ranked as one of the top providers of accounting in the United States. With more than 100 offices and more than 4,000 professionals, we serve the country's growing mid-market public and private businesses. MHM provides high quality audit and attest services while closely associated CBIZ provides all other accounting, tax and consulting services.

CBIZ & MHM New England (formerly CBIZ Tofias) is part of the 10th largest accounting*, tax, and advisory services provider in the nation. Our two New England offices are located in Boston and Providence and have over 200 people, including over 35 Managing Directors. We uniquely combine national resources with local decision-making by experienced, New England-based professionals who are dedicated to strengthening our clients' financial positions.

Position will be responsible for leading and executing IT risk and security engagements to assist clients in reducing overall business risk and improving the IT security and controls of the organization. We are seeking someone with SOC 2 skillsets and experiences. This person will be performing SOC 2 attestation engagements. They should also have experience in other SOC-related engagements (SOC 1, SOC 2 +, SOC for Cybersecurity, etc.). This individual will be managing and working on consulting engagements and Attestation engagements

Essential Functions and Primary Duties

* Managing engagements that assess the design and operating effectiveness of IT processes and procedures to meet client objectives including alignment with frameworks and compliance with laws and regulations
* Managing IT risk and security assessments to evaluate confidentiality, processing integrity, availability, security, and privacy concerns
* Advising management during consulting engagements, pre-assessments, and gap assessments
* Training and managing seniors and staff in critical IT security skills and methodologies
* Experience in providing middle market IT risk and security services in the following is required:
* Cybersecurity controls assessments (NIST, CIS 20, ISO 27001, COBIT, PCI DSS, HIPAA, etc.)
* Security governance & oversight
* Cybersecurity policies & procedures
* Employee security awareness training and execution
* Business continuity/disaster recovery
* Penetration testing
* Vulnerability assessments/testing
* Social engineering
* Cybersecurity strategy & plan development
* Cybersecurity policy development
* IT security controls improvement
* Virtual Chief Information Security Officer (vCISO)
* Evaluates and defines client requirements for IT risk & security projects
* Defines scope and estimates project costs and details
* Develops client relationships
* Attends industry meetings to market CBIZ services
* Presents technical papers and markets CBIZ capabilities
* Directs engagements by managing junior staff or contractors to meet project commitments

Minimum Qualifications Required

* 3 years of combined IT security & controls experience
* Bachelor's degree in Information Systems / IT Security or related discipline
* Demonstrated ability to document security and control issues, business impact, and management action plans
* Ability to take on a business development role in the firm
* Strong background in IT Security control assessments
* Knowledge of COBIT and COSO and Sarbanes Oxley legislation and impact, HIPAA, Safe Harbor Privacy Rules and other regulations
* Strong background in technical security systems and environments
* Demonstrated ability to plan and manage engagements along with ensuring deliverables meet work-plan specifications and deadlines
* CISA , CISSP, CISM, and IT Security-related certifications preferred
* 25-50% travel required (based on client location and engagement details)