Senior Consultant- Digital Risks

• Lead and manage cyber assurance projects including IT audits, risk assessments, ISO 27001 readiness, SOC 2, NIST, PCI-DSS, and other compliance frameworks.

• Design, assess, and implement cybersecurity controls in line with regulatory requirements and industry best practices.

• Perform cybersecurity maturity assessments and develop tailored improvement roadmaps.

• Guide clients through internal and external audit processes, including preparation, audits, testing, and remediation planning.

• Identify control gaps and recommend practical, risk-based solutions aligned with business objectives.

• Produce high-quality deliverables, such as risk reports, gap assessments, audit reports, and executive summaries.

• Build strong client relationships, acting as a trusted advisor on cybersecurity and risk issues.

• Support business development efforts, including proposals, presentations, and thought leadership.

• Mentor and supervise junior consultants, promoting a culture of knowledge sharing and continuous learning.

• Identify opportunities for additional services during engagements and contribute to proposal writing and client presentations.

• Assist in developing new service offerings, market insights, and go-to-market strategies for the cyber assurance practice.

• Participate in industry events, webinars, or networking opportunities to represent the firm's cyber capabilities.

• Bachelor's degree in Cybersecurity, Information Technology, Risk Management, or a related field (or equivalent experience).

• 5+ years of experience in cybersecurity, risk management, or IT auditing

• Demonstrable expertise leading the delivery of assessments based on cybersecurity standards and frameworks such as NIST CSF 2.0, IS27001 and 27002, SOC2, Center for Internet Security (CIS) best practices, PCI-DSS, CSA Cloud Controls Matrix, GDPR, HIPAA, HITRUST, etc.

• Hands-on experience with tools and platforms used for cyber risk assessments, vulnerability scanning, and audit processes

• Strong understanding of information security domains such as access control, encryption, vulnerability management, network security, and incident response.

• Evidence of supporting clients overcome cybersecurity challenges in a broad array of sectors which may include, but is not limited to: Technology, Financial Services, and Retail.

• A deep understanding of governance, standards, and compliance as they pertain to cyber security.

• Ability to analyze complex security data and translate findings into industry specific recommendations.

• Certifications: CISSP, CISM, CRISC, CISA, SCP, CCNP, ISO 27001 Lead Auditor or other relevant security or risk management certifications.

• Experience working in a global organization and understanding of the challenges involved in managing risks across multiple jurisdictions.

• Project management skills to manage multiple assessments, stakeholders, and deadlines effectively.

• Strong communication skills, both written and verbal, with the ability to present complex technical information to non-technical audiences.

• Knowledge of cloud security, supply chain security, secure software development, encryption standards, security tools, and emerging threats related to third-party relationships.

Control Risks