- Support the planning and execution of cybersecurity risk assessments, control reviews, and compliance engagements for clients across multiple industries.
- Evaluate client policies, procedures, technical controls, and supporting evidence against applicable frameworks, standards, and regulatory requirements.
- Identify cybersecurity risks, control gaps, and process improvement opportunities, and assist in developing practical recommendations.
- Prepare high-quality workpapers, gap assessment summaries, reports, spreadsheets, and presentation materials.
- Participate in client interviews, walkthroughs, evidence review sessions, and status meetings.
- Map controls and requirements across frameworks such as NIST CSF, NIST 800-53, NIST 800-171, CMMC, and PCI DSS.
- Support or perform vulnerability assessments and limited penetration testing activities, depending on engagement scope and experience.
- Assist with PCI-related assessments and compliance support activities, including documentation review, scoping discussions, and control validation.
- Research cybersecurity requirements, industry trends, and emerging risks relevant to client engagements.
- Collaborate with engagement teams to manage timelines, track requests, and support project delivery.
- Contribute to internal methodology development, template improvement, training, and practice growth initiatives.
- Perform other duties as assigned.
- Bachelor’s degree in Cybersecurity, Information Systems, Information Technology,
- Computer Science, Accounting Information Systems, or a related field.
- Minimum of 2 years of relevant professional experience in cybersecurity, IT risk, compliance, IT audit, security consulting, or a related field.
- Working knowledge of cybersecurity frameworks and standards such as NIST CSF, NIST SP 800-53, NIST SP 800-171, CMMC, CIS Controls, and/or PCI DSS.
- Experience assessing or reviewing security controls, policies, configurations, or evidence in a professional environment.
- Strong written and verbal communication skills, including the ability to clearly document observations and recommendations.
- Strong analytical, organizational, and problem-solving skills.
- Ability to manage multiple assignments and deadlines in a client service environment.
- Proficiency in Microsoft Office applications, including Word, Excel, and PowerPoint.
- Ability to handle confidential and sensitive information with discretion and professionalism.
- Experience in consulting, advisory, public accounting, internal audit, or professional services environment.
- Experience supporting cybersecurity assessments, gap analyses, readiness reviews, or compliance initiatives.
- Exposure to PCI DSS assessments, vulnerability scanning, penetration testing support, or security configuration reviews.
- Familiarity with cloud environments such as Microsoft Azure or AWS.
- Familiarity with security tools such as vulnerability scanners, endpoint tools, SIEM platforms, or ticketing/workflow systems.
- Industry certifications such as Security+, CySA+, CISSP, CISA, CRISC, PCI ISA, or similar are a plus.
- Understanding of cybersecurity principles including access management, vulnerability management, system hardening, logging and monitoring, incident response, and data protection.
- Ability to interpret cybersecurity requirements and apply them in real-world business and technical environments.
- Strong attention to detail and commitment to producing accurate, professional, and well-supported work product.
- Ability to communicate effectively with both technical and non-technical stakeholders.
- Sound judgment and the ability to identify and escalate issues appropriately.
- Team-oriented mindset with a willingness to collaborate and support others.
- Strong client service orientation and professional presence.
- Eagerness to continue learning and developing technical, compliance, and consulting skills.