IT Audit, Risk and Cybersecurity - Senior Associate
CohnReznick · Parsippany, NJ · 2 wk ago
HybridInformation Technology$85k–$140k/yrFull-time
About the role
CohnReznick is a hybrid firm with professionals located near one of its offices. This position is considered hybrid, requiring team members to be in the office approximately 3 days a week.
Responsibilities
- Support and lead the execution of IT audit, IT risk management, and cybersecurity assessment engagements for a diverse client base, including organizations subject to regulatory, contractual, and federal cybersecurity requirements.
- Perform risk-based IT audits, cyber maturity and compliance assessments, and advisory services.
- Execute and support risk-based IT audits and IT risk assessments, including evaluation of IT general controls (ITGCs), automated application controls, and key technology-enabled business processes.
- Assess control design and operating effectiveness across domains such as access management, change management, system development lifecycle (SDLC), incident response, and vendor management. Support SOX-relevant IT controls testing, internal audit co-sourcing, and other compliance-driven engagements as applicable.
- Identify control gaps, assess risk impact, and develop clear, actionable recommendations for remediation.
- Perform cybersecurity assessments and readiness reviews aligned to CMMC, NIST SP 800-171, NIST CSF, ISO27001, and other recognized frameworks.
- Support or lead CMMC gap assessments, readiness assessments, and advisory activities for organizations in the Defense Industrial Base (DIB).
- Assist in evidence collection, validation, and analysis for cybersecurity and compliance assessments.
- Contribute to development of client deliverables, including assessment reports, risk summaries, and management presentations.
- Serve as a day-to-day engagement team member, managing assigned workstreams and coordinating with team members and client stakeholders.
- Simultaneously serve multiple engagements while maintaining high quality standards.
- Work with clients in a broad array of industries including information technology, financial services, retail & consumer products, pharmaceuticals, electronics, manufacturing, media, and government contracting etc.
- Facilitate client interviews and walkthroughs to understand IT environments, security controls, and operational processes.
- Ensure workpapers and deliverables meet quality, consistency, and documentation standards.
- Understand clients' organizations and provide value-added solutions and best practices.
- Identify emerging risks, trends, and improvement opportunities for clients.
- Mentor and review work performed by Consultants and Analysts.
- Share knowledge and best practices related to IT audit, cybersecurity, and CMMC requirements.
- Contribute to internal methodology development, tools, and training initiatives.
Requirements
- Bachelor’s degree in Information Systems, Computer Science, Accounting, Cybersecurity, or a related field.
- 4+ years of relevant experience in IT audit, IT risk, cybersecurity, or technology advisory roles.
- Hands-on experience performing IT audits, IT risk assessments, or cybersecurity assessments.
- Strong understanding of internal controls, risk management concepts, and common cybersecurity frameworks.
- Background and understanding of the risks and controls in technologies such as web, cloud, client/server, open systems architecture, data warehousing, and imaging.
- Proficient understanding of cloud security, Identity and Access Management, ERP, Operating Systems, Databases, and Network Infrastructure components.
- Knowledge of risk and controls related to emerging technologies such as AI, blockchain, and automation.
- Working knowledge of Cloud Security Framework, General Data Protection Requirement (GDPR), COBIT 5, ISO 27001/2, HIPAA, California Consumer Protection Act (CCPA), NIST 800-171/800-53/NIST 800-37.
- Excellent written and verbal communication skills, with the ability to explain technical concepts to non-technical audiences.
- Ability to manage multiple priorities and work effectively in a client-facing consulting environment.
- Participate in business development activities such as proposal writing, professional networking, and thought leadership development.
Qualifications
- Additional certifications a plus, such as:
- Experience supporting federal, government contractor, or regulated industry clients.
- Ability to work onsite 3 days per week, and travel up to 50% (domestic and international).
Skills
- Experience supporting federal, government contractor, or regulated industry clients.
- Ability to work onsite 3 days per week, and travel up to 50% (domestic and international).
Benefits
- Generous PTO
- A flexible work environment
- Expanded parental leave
- Extensive learning & development
- Paid time off for employees to volunteer
Pay
In New Jersey, the salary range for a Senior Associate is $85,000 to $140,000. Salary is one component of the CohnReznick total rewards package, which includes a discretionary performance bonus, generous paid time off, expanded, and inclusive parental benefits, and access to best-in-class learning and development platforms, to name a few.
Schedule
This position is considered hybrid, requiring team members to be in the office approximately 3 days a week.