RSM’s purpose is to deliver the power of being understood to our clients, colleagues and communities through world-class audit, tax and consulting services focused on middle market businesses. The clients we serve are the engine of global commerce and economic growth, and we are focused on developing leading professionals and services to meet their evolving needs in today’s ever-changing business environment.
In order to address the most critical needs of our clients, RSM Canada established the Security and Privacy Risk Consulting group, comprised of cybersecurity professionals dedicated exclusively to serving the cyber security and information protection. This group includes experienced consultants dedicated to helping clients with preventing, detecting, and responding to security threats that may affect their critical systems and achieving regulatory compliance related to the handling, processing, and protection of sensitive information. We serve a diverse client base within a variety of industries, and we are relied upon to provide expertise within areas of information security risk management, security testing, enterprise architecture, governance, regulatory privacy compliance, and digital forensics.
We are looking for a Sr. Associate, Cyber Strategy, Risk and Compliance for our Security, Privacy & Risk practice! You will be responsible for assisting with building delivery capabilities, innovating service offerings and executing engagement delivery within risk consulting. You will continue the firm’s mission to build and lead a world-class consulting practice that will offer RSM Canada’s clients solutions for their IT security risks, data privacy risk management, technology vulnerabilities, incidents and data breach response, security architecture, and compliance with regulations and standards needs.
Responsibilities
- Execute and deliver project tasks for complex technology environments
- Present and communicate project status and risk-based observations and proposed solutions to clients’ leadership teams
- Identify business opportunities within current engagements to expand the scope of services rendered
- Develop leading practice points of view of relevant cyber security related topics for internal marketing and external organizational branding
- Communicate complex technical issues to client senior management through the ability to transform such data into non-technical and executive style reports and presentations
- Leverage industry and technical expertise to identify improvement opportunities for assigned clients and assist with the development of remediation services for identified findings
- Identify technological and operational risk mitigation opportunities
- Deliver high-quality solutions in accordance with professional and industry standards
- Develop and maintain relationships with stakeholders
- Advise area leadership on the development and execution of the Security & Privacy Risk service line growth program
Basic Qualifications
- 2-5 years of related work experience in IT risk, cybersecurity or data privacy consulting
- Ability to communicate to clients regarding the strategic and tactical risks of advanced security threats, enterprise security management practices and innovative solutions to help mitigate information security risk factors
- Ability to be market-facing to identify and potentially pursue new client prospects
- Experience in and knowledge of delivering data protection, breach management and regulatory privacy assessments
- Experience in and knowledge of delivering information security reviews and maturity assessments based on various frameworks and standards such as NIST CSF, ISO 27001/27002, and CIS Security Controls
- Proven ability to effectively collaborate
- Excellent writing and presentation skills
- Creative thinking ability combined with individual initiative and flexibility in prioritizing and completing tasks
- Desire and willingness to keep up with the security and privacy industry, following the industry’s advancements, challenges, and discoveries
- Willingness to travel up to 10%
Preferred Qualifications
- Bachelor’s degree in Information Security, Computer Science, Information Systems Management, or related discipline
- Any of the following certifications:
o Certified Information Systems Security Professionals® (CISSP®)
o Certified Information Systems Auditor® (CISA®)
o Certified Information Security Manager® (CISM®)
o Certified Information Privacy Professional (CIPP)
o Certified Ethical Hacker (CEH)
o GIAC certifications
o Equivalent security certifications
- Strong technical knowledge in any of the following:
o IT security governance and risk
o Security architecture
o Deployment of security appliances such as DLP, SIEM, IDS/IPS
- In-depth knowledge of the security and privacy provisions of a variety of regulations and standards such as NIST CSF, PCI, NERC/CIP, SOX, Canadian and EU Privacy Laws, ISO, and NIST 800 series
- Experience working in a virtual environment, completing projects with team members based in various locations, domestically and globally