Senior Associate, Cybersecurity Advisory & Risk Management
Meditology Services · Atlanta, GA · 1 mo ago
RemoteRemoteFinanceFull-time
Responsibilities
- Lead Client Engagements
- Serve as a key contributor and day-to-day lead on client engagements.
- Leading client interviews, workshops, and discovery sessions.
- Facilitating discussions with executives, operational leaders, and technical teams.
- Managing engagement activities, timelines, and deliverables.
- Building trusted client relationships.
- Identifying client risks, challenges, and opportunities.
- Providing practical recommendations that align cybersecurity priorities with business objectives.
- Supporting executive briefings and strategic discussions.
- Leading portions of client engagements independently while partnering with Managers and Service Line Leaders on larger initiatives.
- Perform Cybersecurity & Risk Assessments
- Lead and support a variety of cybersecurity, risk management, and compliance engagements.
- Conducting NIST Cybersecurity Framework (CSF) 2.0 assessments.
- Leading HIPAA Security Risk Assessments (SRAs).
- Performing cybersecurity maturity assessments.
- Evaluating governance, risk, and compliance programs.
- Conducting AI governance and AI risk assessments.
- Assessing third-party risk management programs.
- Identifying cybersecurity risks, control gaps, and improvement opportunities.
- Developing risk registers, remediation roadmaps, and strategic recommendations.
- Facilitating stakeholder interviews and workshops.
- Presenting assessment results and recommendations to executive leadership.
- Support HITRUST Readiness & Certification Assessments
- Lead and support HITRUST-related engagements for healthcare and healthcare-adjacent organizations seeking to strengthen their security and compliance programs.
- Performing HITRUST e1, i1, and r2 readiness assessments.
- Serving as a subject matter expert for HITRUST certification assessments.
- Conducting control maturity and gap analyses.
- Reviewing policies, procedures, and supporting evidence.
- Developing remediation plans to address identified gaps.
- Advising clients on HITRUST implementation strategies and certification readiness.
- Supporting ongoing compliance and program maturity initiatives.
- Presenting readiness and assessment results to client stakeholders.
- Support SOC 2 Readiness & Attestation Engagements
- Support clients seeking to establish and demonstrate effective security and compliance controls through SOC reporting initiatives.
- Supporting SOC 2 readiness assessments.
- Evaluating controls against the Trust Services Criteria.
- Aiding clients with remediation planning and control implementation.
- Reviewing policies, procedures, and evidence artifacts.
- Supporting SOC 2 Type I and Type II attestation preparation activities.
- Helping clients operationalize governance and compliance processes to support ongoing attestation requirements.
- Develop Executive-Level Deliverables
- Create high-quality deliverables that clearly communicate risks, recommendations, and business impact.
- Cybersecurity assessment reports.
- Executive summaries.
- Risk registers.
- Remediation roadmaps.
- Strategic recommendations.
- Maturity assessment reports.
- Presentation decks and workshop materials.
- Board and executive-level communications.
- Present & Facilitation
- Leading client interviews and workshops.
- Facilitating cybersecurity and risk discussions.
- Presenting findings and recommendations to leadership teams.
- Delivering assessment readouts and remediation planning sessions.
- Supporting executive and board-level presentations.
- Developing professional PowerPoint presentations and client-facing materials.
- Advisory & Strategy Services
- Support clients in developing and improving cybersecurity and risk management programs.
- Examples Include:
- Cybersecurity strategy development.
- Governance program assessments.
- Security program benchmarking.
- Risk management program development.
- AI governance and oversight initiatives.
- Cybersecurity roadmap creation.
- Remediation planning and prioritization.
- Third-party risk management strategy.
- Security operating model development.
- Policy and governance program development.
- 4–7 years of experience in cybersecurity, information security, IT risk, compliance, consulting, or audit.
- Experience conducting cybersecurity, compliance, or risk assessments.
- Experience leading client interviews.
- Experience developing professional reports and presentations.
- Experience presenting findings and recommendations to clients.
- Experience managing portions of client engagements independently.
- Consulting experience preferred.
- Technical Knowledge: Experience with one or more of the following:
- NIST Cybersecurity Framework (CSF) 2.0
- HIPAA Security Rule
- HITRUST (e1, i1, and r2)
- SOC 2 Type I and Type II
- NIST SP 800-53
- CIS Critical Security Controls
- Third-Party Risk Management
- AI Governance and Risk Management
- HIPAA Privacy Rule
- Professional Skills: Successful candidates demonstrate:
- Strong consulting and advisory mindset.
- Excellent written and verbal communication skills.
- Strong presentation and facilitation abilities.
- Executive presence and client-facing confidence.
- Strong analytical and critical thinking skills.
- Ability to connect cybersecurity risks to business outcomes.
- Ability to manage multiple priorities and engagements.
- Strong attention to detail and organizational skills.
- Intellectual curiosity and desire for continuous learning.
- Ability to develop trusted relationships with clients and colleagues.
- Preferred Certifications: One or more of the following certifications is a plus:
- CISSP
- CISM
- HCISPP
- CISPP
- CISPP
- CHISP
- Security+