Jobs · Information Technology · Illinois

Senior Associate/Cybersecurity Consultant Due Diligence Advisory (Forensic Services practice)

Charles River Associates · Chicago, IL · 2 days ago
Information Technology$130k–$153k/yrInternship

About the role

CRA is seeking a Cybersecurity Consultant (Assessments / Due Diligence / Advisory) to support client engagements focused on evaluating and managing cybersecurity risk. In this role, you will lead and participate in client-facing assessments, including interviews, workshops, and executive readouts, while operating with a high degree of independence and confidence.

Responsibilities

  • Lead and participate in client-facing assessments, including interviews, workshops, and executive readouts.
  • Translate client discussions into clearly defined engagement scopes and Statements of Work (SOWs), aligning deliverables with frameworks such as the NIST CSF and transaction-specific objectives.
  • Assess cybersecurity posture in transaction and investment contexts, distinguish material risks from broader program maturity gaps, and tailor findings to the needs of private equity, legal, and executive stakeholders.
  • Execute cyber due diligence and proactive security assessments through documentation review, stakeholder interviews, and control evaluation.
  • Support incident readiness reviews, tabletop exercises, and broader cyber resilience assessments to help clients evaluate preparedness, decision-making, and recovery capabilities before or after a cyber event.
  • Work closely with CRA’s incident response team to identify recurring risk themes and control gaps from active and recently closed matters, and help translate those observations into follow-on proactive engagements including gap assessments, tabletop exercises, resilience reviews, and broader security uplift efforts.
  • Produce high-quality, client-ready reports that include prioritized findings, risk-based recommendations, and executive-level summaries.
  • Support senior team members in proposal development and business development efforts, while bridging technical cybersecurity findings into clear business risk narratives for legal, private equity, and executive audiences.
  • Contribute to the development of repeatable assessment methodologies, templates, and client-facing deliverables across CRA’s proactive cybersecurity service offerings.

Requirements

  • Approximately 5–7 years of experience in cybersecurity consulting, advisory, or due diligence.
  • Experience supporting cyber resilience assessments, incident readiness reviews, tabletop exercises, or related preparedness-focused engagements is a plus.
  • Experience collaborating with incident response, forensic, or crisis management teams to translate post-incident observations into proactive assessment, readiness, or remediation-focused engagements is a plus.

Qualifications

  • Client Presence & Communication: Comfortable leading discussions with CIOs, IT Directors, and legal stakeholders; Strong ability to guide conversations, ask structured questions, and manage meetings effectively; Excellent executive communication skills with clear, concise, and unambiguous delivery.
  • Scoping & Advisory Skills: Experience drafting or contributing to Statements of Work (SOWs), engagement letters, and proposals; Ability to translate loosely defined client needs into structured deliverables and timelines; Strong commercial awareness, including understanding scope boundaries and identifying opportunities to expand engagements; Ability to tailor scopes and findings to transaction, diligence, or investment-focused objectives, including identifying issues that are likely to be material to legal, private equity, or executive decision-makers.
  • Report Writing: Impeccable written communication skills, including grammar, structure, and formatting; Ability to produce logically consistent, defensible findings and recommendations; Experience delivering polished, client-ready cybersecurity risk reports; Ability to prioritize findings based on business impact, articulate critical versus lower-priority issues, and develop executive-ready narratives that support practical decision-making.
  • Cybersecurity Frameworks: Strong working knowledge of: NIST Cybersecurity Framework (primary); Supporting frameworks such as CIS Benchmarks, ISO 27001, SOC 2 Type II, HIPAA, and HITRUST; Ability to map controls, identify gaps, and translate findings into business risk and impact; Ability to evaluate how controls operate together across governance, identity, endpoint, cloud, recovery, and monitoring layers as part of a broader security program or resilience assessment.
  • Technical & Domain Knowledge: Broad understanding of core cybersecurity domains, including: Identity & Access Management (e.g., Active Directory, Entra ID); Endpoint security (e.g., EDR/MDR solutions such as CrowdStrike); Vulnerability management tools (e.g., Tenable, Qualys); Backup and recovery strategies (RTO/RPO, immutability); Email security (phishing protection, DMARC, MFA); Asset inventory, device management, and patch lifecycle practices; Ability to connect these domains into a comprehensive security program narrative.

Desired Qualifications

  • Exposure to tools such as CrowdStrike, Tanium, Microsoft 365, Azure/Entra ID, and AWS; Ability to evaluate and interpret tooling deployment, configuration, and coverage in an advisory context rather than operate as a dedicated implementation engineer.

To Apply

To be considered for a position in the United States or Canada, we require the following:

  • Resume – please include current address, personal email and telephone number;
  • Cover letter – please describe your interest in CRA and how this role matches your goals.

If you are interested in applying for one of our international locations, please visit our Careers site to view and apply for available jobs.

Career Growth & Benefits

  • CRA’s robust skills development programs, including a commitment to offering 100 hours of training annually through formal and informal programs, encourage you to thrive as an individual and team member.
  • Beginning with research and analysis skill building, training continues with technical training, presentation skills, internal seminars, and career mentoring and performance coaching from an assigned senior colleague.
  • Additional leadership and collaboration opportunities exist through internal firm development activities.
  • We offer a comprehensive total rewards program including a superior benefits package, wellness programming to support physical, mental, emotional and financial well-being, and in-house immigration support for foreign nationals and international business travelers.

Work Location Flexibility

CRA creates a work environment that enables our colleagues to benefit from being together in the office to best deliver on our promise of career growth, mentorship and inclusivity. At the same time, we recognize that individuals realize a range of benefits when working from home periodically. We currently expect that individuals spend at least 3 to 4 days a week working in the office (which may include traveling to another CRA office or to client meetings), with specific days determined in coordination with your practice or team.

Our Commitment to Equal Employment Opportunity

Charles River Associates is an equal opportunity employer (EOE). All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, national origin, age, disability, status as a protected veteran, or any other protected characteristic under applicable law.

Salary & Other Compensation

A good-faith estimate of the annual base salary range for this position is $130,000 - $152,500. Starting pay within this range may vary based on factors such as education level, experience, skills, geographic location, market conditions, and other qualifications of the successful candidate. This position may be eligible for additional bonus incentive compensation.

CRA offers a comprehensive benefits package, subject to eligibility requirements, which may include: medical, dental, and vision insurance; 401(k) retirement plan with employer match; life and disability insurance; paid time off (vacation, sick leave, holidays); paid parental leave; wellness programs and employee assistance resources; and commuter benefits.

Similar jobs