Jobs · Finance

Senior Associate, Cybersecurity Advisory & Risk Management

Meditology Services · Atlanta, GA · 1 mo ago
RemoteRemoteFinanceFull-time

Responsibilities

  • Lead Client Engagements
    • Serve as a key contributor and day-to-day lead on client engagements.
    • Leading client interviews, workshops, and discovery sessions.
    • Facilitating discussions with executives, operational leaders, and technical teams.
    • Managing engagement activities, timelines, and deliverables.
    • Building trusted client relationships.
    • Identifying client risks, challenges, and opportunities.
    • Providing practical recommendations that align cybersecurity priorities with business objectives.
    • Supporting executive briefings and strategic discussions.
    • Leading portions of client engagements independently while partnering with Managers and Service Line Leaders on larger initiatives.
  • Perform Cybersecurity & Risk Assessments
    • Lead and support a variety of cybersecurity, risk management, and compliance engagements.
    • Conducting NIST Cybersecurity Framework (CSF) 2.0 assessments.
    • Leading HIPAA Security Risk Assessments (SRAs).
    • Performing cybersecurity maturity assessments.
    • Evaluating governance, risk, and compliance programs.
    • Conducting AI governance and AI risk assessments.
    • Assessing third-party risk management programs.
    • Identifying cybersecurity risks, control gaps, and improvement opportunities.
    • Developing risk registers, remediation roadmaps, and strategic recommendations.
    • Facilitating stakeholder interviews and workshops.
    • Presenting assessment results and recommendations to executive leadership.
  • Support HITRUST Readiness & Certification Assessments
    • Lead and support HITRUST-related engagements for healthcare and healthcare-adjacent organizations seeking to strengthen their security and compliance programs.
    • Performing HITRUST e1, i1, and r2 readiness assessments.
    • Serving as a subject matter expert for HITRUST certification assessments.
    • Conducting control maturity and gap analyses.
    • Reviewing policies, procedures, and supporting evidence.
    • Developing remediation plans to address identified gaps.
    • Advising clients on HITRUST implementation strategies and certification readiness.
    • Supporting ongoing compliance and program maturity initiatives.
    • Presenting readiness and assessment results to client stakeholders.
  • Support SOC 2 Readiness & Attestation Engagements
    • Support clients seeking to establish and demonstrate effective security and compliance controls through SOC reporting initiatives.
    • Supporting SOC 2 readiness assessments.
    • Evaluating controls against the Trust Services Criteria.
    • Aiding clients with remediation planning and control implementation.
    • Reviewing policies, procedures, and evidence artifacts.
    • Supporting SOC 2 Type I and Type II attestation preparation activities.
    • Helping clients operationalize governance and compliance processes to support ongoing attestation requirements.
  • Develop Executive-Level Deliverables
    • Create high-quality deliverables that clearly communicate risks, recommendations, and business impact.
    • Cybersecurity assessment reports.
    • Executive summaries.
    • Risk registers.
    • Remediation roadmaps.
    • Strategic recommendations.
    • Maturity assessment reports.
    • Presentation decks and workshop materials.
    • Board and executive-level communications.
  • Present & Facilitation
    • Leading client interviews and workshops.
    • Facilitating cybersecurity and risk discussions.
    • Presenting findings and recommendations to leadership teams.
    • Delivering assessment readouts and remediation planning sessions.
    • Supporting executive and board-level presentations.
    • Developing professional PowerPoint presentations and client-facing materials.
  • Advisory & Strategy Services
    • Support clients in developing and improving cybersecurity and risk management programs.
    • Examples Include:
      • Cybersecurity strategy development.
      • Governance program assessments.
      • Security program benchmarking.
      • Risk management program development.
      • AI governance and oversight initiatives.
      • Cybersecurity roadmap creation.
      • Remediation planning and prioritization.
      • Third-party risk management strategy.
      • Security operating model development.
      • Policy and governance program development.

    Qualifications

    • 4–7 years of experience in cybersecurity, information security, IT risk, compliance, consulting, or audit.
    • Experience conducting cybersecurity, compliance, or risk assessments.
    • Experience leading client interviews.
    • Experience developing professional reports and presentations.
    • Experience presenting findings and recommendations to clients.
    • Experience managing portions of client engagements independently.
    • Consulting experience preferred.
    • Technical Knowledge: Experience with one or more of the following:
      • NIST Cybersecurity Framework (CSF) 2.0
      • HIPAA Security Rule
      • HITRUST (e1, i1, and r2)
      • SOC 2 Type I and Type II
      • NIST SP 800-53
      • CIS Critical Security Controls
      • Third-Party Risk Management
      • AI Governance and Risk Management
      • HIPAA Privacy Rule
    • Professional Skills: Successful candidates demonstrate:
      • Strong consulting and advisory mindset.
      • Excellent written and verbal communication skills.
      • Strong presentation and facilitation abilities.
      • Executive presence and client-facing confidence.
      • Strong analytical and critical thinking skills.
      • Ability to connect cybersecurity risks to business outcomes.
      • Ability to manage multiple priorities and engagements.
      • Strong attention to detail and organizational skills.
      • Intellectual curiosity and desire for continuous learning.
      • Ability to develop trusted relationships with clients and colleagues.
    • Preferred Certifications: One or more of the following certifications is a plus:
      • CISSP
      • CISM
      • HCISPP
      • CISPP
      • CISPP
      • CHISP
      • Security+

Similar jobs