CFS Careers

CFGI is a global consulting firm founded in 2000 by former Big 4 professionals, establishing itself as an industry leader in navigating today's complex accounting, reporting, compliance, and tax landscape. With a strong presence in the US and UK, CFGI partners with organizations across industries to deliver best-in-class advisory services in accounting, risk, cyber security, technology, and business transformation. The firm combines technical expertise with a practical, hands-on approach, helping clients strengthen resilience, meet regulatory requirements, and stay ahead in an increasingly digital and risk-driven landscape. CFGI's unique client base ranges from global, market-leading publicly held companies to privately held, early-stage, and venture-backed emerging businesses. The firm leverages advanced technologies, including AI and automation, to drive efficiency and deliver high-quality insights. CFGI places a high value on a culture of continued learning, where teamwork is encouraged and professional excellence is rewarded through a flexible career progression model. Having opened its London office in 2022 as its first international location, CFGI continues to expand its global footprint while maintaining its commitment to integrity, flexibility, creative solutions, and deep technical expertise.

FirstEnergy Corp. operates as a Fortune 300 investor-owned electric utility serving 6 million customers across six states through 10 regulated distribution companies. The company employs 12,500 people focused on electric distribution operations, regulated utility operations, and customer service delivery. While the organization's core business centers on transmission and distribution infrastructure rather than explicit cybersecurity operations, its scale - managing electric distribution systems across multiple states - creates attack surface that requires defending critical infrastructure from grid disruption, industrial control system vulnerabilities, and operational technology threats. The company emphasizes workforce development through structured apprenticeship programs that offer paid employment from day one, student opportunities for early-career technical professionals, and military transition pathways for service members entering the energy sector. FirstEnergy positions itself around continuous learning and technical training, though specific technical domains related to information security, SCADA system protection, or grid cybersecurity are not detailed in available information. The organization describes its culture as forward-thinking and integrity-centered with a diverse workforce. As a regulated utility managing electric distribution infrastructure, FirstEnergy operates within a sector increasingly targeted by nation-state actors and ransomware groups seeking to disrupt critical infrastructure. The company's operational footprint - spanning six states with infrastructure serving millions of customers - represents both physical and digital systems that require coordination between operational technology security, regulatory compliance frameworks like NERC CIP, and traditional IT security operations. Leadership is headed by CEO Brian X. Tierney, with headquarters in the United States.

Mashreq, founded in 1967 as the UAE's oldest bank, operates a full-service banking business across seven countries including the UAE, Egypt, Pakistan, Qatar, India, Bahrain, and Kuwait. With over 2,400 employees, the bank serves millions of customers through retail, corporate, and digital banking channels. The institution is regulated by the Central Bank of the UAE and maintains both physical branch infrastructure and digital platforms across its markets. The bank's technical infrastructure spans digital banking platforms, mobile applications, online banking systems, retail banking technology, and corporate banking systems. Mashreq NEO, positioned as a pioneering digital banking platform in the region, represents the institution's fintech-focused efforts to expand digital accessibility. The technology stack supports operations across multiple jurisdictions with varying regulatory frameworks, creating security requirements that span consumer-facing applications, corporate transaction systems, and cross-border payment infrastructure. Mashreq maintains its headquarters in Dubai and positions itself as a challenger institution within the regional banking sector. The company emphasizes speed, simplification, and customer experience in its operational approach. The technical environment includes mobile apps, web-based banking services, and backend systems managing personal and corporate banking operations across diverse markets with different threat landscapes and compliance requirements.

Black Box operates as a publicly traded global provider of digital infrastructure solutions, headquartered in Plano, Texas. Founded in 1976 as Expandor, Inc. by Eugene Yost and Dick Raub in Lawrence, Pennsylvania, the company started with a catalog of nine products across six pages. Under CEO Sanjeev Verma, it has evolved over nearly five decades into an enterprise serving businesses worldwide with network and system integration, managed services, and technology products. The company's core business centers on comprehensive network integration, system integration, and managed IT services. Its technical domains span networking and communications products, digital infrastructure, IT solutions, and communications hardware. Black Box positions itself as addressing the complexity enterprises face in building, managing, and optimizing their technology infrastructure, with operations spanning multiple geographies including its founding location in Pennsylvania and current headquarters in Texas. Black Box maintains its publicly traded status while serving enterprise clients across information technology, networking and communications, and systems integration verticals. The company frames its approach as service-oriented, focusing on helping organizations navigate what it describes as an increasingly complex technological landscape through its suite of managed services and integration capabilities.

Heathrow operates the UK's largest international airport and Europe's biggest hub, connecting over 80 airlines to more than 200 destinations across 80+ countries. The airport runs continuously, with operations spanning terminal management, airport security, ground operations, passenger services, and the IT infrastructure that keeps millions of travelers moving each year. As a critical piece of national infrastructure serving as the country's international gateway, Heathrow presents a threat surface that's both vast and consequential - 24/7 operations mean no downtime for patches, no room for outages, and persistent scrutiny from nation-state actors, organized crime, and opportunistic attackers targeting aviation supply chains. Security operations at Heathrow cover domains that extend beyond traditional enterprise security. Physical security systems integrate with IT networks; passenger data flows through interconnected airline, customs, and border systems; operational technology controls baggage handling, airfield lighting, and flight information displays. The organization manages capital projects that build and modernize infrastructure while maintaining active security postures across legacy and modern systems. Financial operations, sustainability initiatives, and innovation programs all expand the attack surface while introducing compliance requirements across aviation regulations, data protection laws, and critical infrastructure mandates. The scale demands security architecture that accounts for continuous operation, diverse stakeholder access (airlines, retailers, government agencies, ground handlers), and the operational reality that security failures can ground flights, strand passengers, or compromise border integrity. Heathrow's security function intersects with airport operations, terminal management, and IT teams working to reduce environmental impact while improving passenger experience - all without introducing new vulnerabilities. The organization emphasizes inclusion, professional development, and career growth across experience levels, positioning security work within the broader context of keeping critical infrastructure operational and resilient.

NCS is a technology services firm headquartered in Singapore and operating as a subsidiary of Singtel Group since its founding in 1981. With over 13,000 professionals deployed across the Asia Pacific region, the company delivers end-to-end IT solutions spanning digital transformation, cloud infrastructure, application services, engineering, and cybersecurity to government agencies and enterprise clients across multiple countries. The organization has evolved from its origins as a government agency into a multinational technology operation with 56 documented specializations. The cybersecurity practice operates within a broader technical stack that includes Zero Trust architecture, SASE frameworks, Cloud-Native Application Protection Platforms (CNAPP), and Data Security Posture Management (DSPM). Day-to-day tooling runs on AWS infrastructure with security implementations from CrowdStrike and Okta for identity management. The engineering workflow incorporates DevOps methodologies with Jira and Trello for project tracking, alongside testing frameworks including Selenium, Postman, and Katalon. The company positions its security services as part of what it calls NEXT capabilities - emerging technology implementations designed to address infrastructure resilience and operational continuity for critical systems. Under CEO Ng Kuo Pin, NCS maintains partnerships with technology vendors, research institutions, and startups to extend its service capabilities. The company's stated operational model emphasizes collaboration frameworks and what it describes as open innovation practices, though the specific threat models and security architectures remain client-specific. The scale of operations - spanning government digital infrastructure and enterprise transformation projects - suggests exposure to complex regulatory environments and varied attack surfaces across different Asia Pacific jurisdictions.