Cybersecurity Senior Consultant

REDW LLC, one of the Southwest's largest and fastest growing certified public accounting and business advisory firms, with offices in New Mexico, Arizona, Oregon, and Oklahoma, is excited to have been awarded Top Workplace 2023, 2022 and 2021 honors for both the state of Arizona and the state of New Mexico.

AZCentral and The Albuquerque Journal also recognized REDW with special Cultural Excellence awards in Compensation, Remote Work, and Formal Training categories.

REDW is looking for a Cybersecurity Senior Consultant to join Cybersecurity team remotely. Location preference; Oklahoma, Pacific Northwest.

The Cybersecurity Sr Consultant performs and supervises a broad range of IT and cybersecurity activities, including assessing the IT/Security environment and general IT and Security controls of clients and preparing and signing-off on workpaper documentation needed related to the IT/Security assessments performed. Other IT and Cybersecurity consulting services may include performance of internal audit services and consulting and training services related to cybersecurity, cyberhealth, and other IT/Security related projects. The Sr Consultant can also be expected to be involved in remediation efforts of cybersecurity risks and discovered vulnerabilities. Customer service skills of working directly with clients and a background or knowledge of Project Management is also a highly desired skill. Cybersecurity Sr Consultant will also assist with certain internal administrative functions and cross-departmental collaboration needed related to various software systems used in A&C and throughout the firm.

What you will be doing...

• Actively take the lead on client, Risk Assessments.

• Lead remediation efforts for clients, to help them resolve discovered vulnerabilities or security risks.

• Be comfortable with "selling security" and security services.

• Actively engage in the industries and communities that you participate in with the direct intention of developing Business Development opportunities for the firm and the department.

• Engage in activities to actively sell work the department and firm can service through participating in the preparation and submission of proposals, meeting with prospective clients, collaborating with team members throughout the firm to offer additional services to existing clients, and to proactively engaging in business development activities (e.g., attending REDW sponsored events, attending, and if possible, presenting at, conferences, workshops, webinars and seminars, etc.).

• Properly define the scope of the client service engagements within the engagement letter and work directly with the client service team to assure there is no scope expansion. If scope expansion occurs, assure that an appropriate discussion has occurred with the client regarding potential additional fees and delivery time impacts.

• Serve as the go to person for all client engagement or client service team matters and decisions.

• Serve as a resource to provide training to our team at scheduled CPE days or other learning events of the firm and the department.

• Complete assessments of the IT/Security environment and general IT and Security controls for Cybersecurity clients, including preparing and signing-off on documentation needed to comply with respective Governance, Risk, and Compliance standards.

• Review A&C's audit schedules for upcoming engagements and collaborate with audit engagement team members to identify and agree on which assessments the other Cybersecurity Consultants will investigate for possible, Cybersecurity work.

• Ensure the Cybersecurity forms and checklists comply with the respective auditing standards, and the Cybersecurity Sr Consultant will develop and customize Cybersecurity assessment and internal control forms, questionnaires, and checklists as considered necessary to complete these procedures and audit documentation efficiently and effectively.

• Collaborates with A&C internal audit team members to actively seek opportunities to perform Cybersecurity consulting services, including internal audits of IT departments, InfoSec departments, IT/InfoSec policies and procedures, and other IT/InfoSec activities.

• Prepare and provide engagement teams with written management letter comments, findings, and recommendations for addressing IT and cybersecurity related internal control deficiencies and opportunities to improve IT and cybersecurity policies and procedures and team member trainings.

• Actively seek and pursue IT and cybersecurity consulting opportunities by collaborating with the A&C engagement teams to get introduced to existing and former clients, while ensuring that any consulting services performed do not impair the firm's independence with respect to audit clients, and by actively performing other types of business development activities, including speaking at conferences, participating in webinars, offering trainings, identifying and responding to RFPs, publishing articles, developing and sending out marketing collateral, etc.

• Provides supervision, assistance, and feedback to team members.

• Provides timely information about scope changes and informs Director, Manager, and/or Principal.

• Coordinates with Director, Manager, and/or Principal to achieve committed deadlines.

• Assist in creating proposals for Cybersecurity services.

• Maintain strict confidentiality of client and firm information.

What will set you apart...

• Analytical

• Synthesizes complex or diverse information; Collects and researches data; Uses intuition and experience to complement data; Designs workflows and procedures.

• Problem Solving

• Identifies and resolves problems in a timely manner; Gathers and analyzes information skillfully; Develops alternative solutions; Works well in group problem solving situations; Uses reason even when dealing with emotional topics.

• Project Management

• Develops project plans; Coordinates projects; Communicates changes and progress; Completes projects on time and budget; May manage project team activities.

• Customer Service

• Manages difficult or emotional customer situations; Responds promptly to customer needs; Solicits customer feedback to improve service; Responds to requests for service and assistance; Meets commitments.

• Change Management

• Develops workable implementation plans; Communicates changes effectively; Builds commitment and overcomes resistance; Prepares and supports those affected by change; Monitors transition and evaluates results.

• Cybersecurity - understand all the CISSP security concepts, be proficient on remediation recommendations of all major infosec computing risks and know or know how to find best practice recommendations for security resolutions.

• Innovation

• Displays original thinking and creativity; Meets challenges with resourcefulness; Generates suggestions for improving work; Develops innovative approaches and ideas; Presents ideas and information in an effective manner.

What will help you be successful...

• Bachelor's degree (B.) from four-year College or university.

• Minimum Five years of experience in information technology and cybersecurity, preferably with project management experience.

• IT Systems Administration, computer systems management, and cybersecurity software operations are also valued.

• CISSP or CISA (or equivalent) certifications are a plus.

REQUIREMENTS

• Must be willing to work more than 40 hours a week on a frequent basis.

• Must be willing to travel several times a year to other offices, conferences, and professional development programs.

• Must be willing to travel (infrequently and at times needed) to a client site for short-term work.

REDW LLC is committed to providing an environment where equal employment opportunities are available to all candidates without regard to race, color, religion, sex, national origin, age, physical and mental disability, marital status, sexual orientation, veteran status, and any other characteristic protected by applicable law. REDW colleagues believe that diversity and inclusion among our teammates is critical to our success as a global firm, and we seek to recruit, develop and retain the most talented individuals from a diverse candidate pool.