This site uses cookies. To find out more, see our Cookies Policy


IT Risk and Assurance Manager in Boston, MA at CBIZ

Date Posted: 1/31/2019

Job Snapshot

Job Description

With over 100 offices and nearly 5,000 associates in major metropolitan areas and suburban cities throughout the U.S. CBIZ (NYSE: CBZ) delivers top-level financial and employee business services to organizations of all sizes, as well as individual clients, by providing national-caliber expertise combined with highly personalized service delivered at the local level. CBIZ has been honored to be the recipient of several national recognitions: 2018 America's Best Mid-Size Employers by Forbes, 2018 Best Workplaces in Consulting & Professional Services by Great Place to Work® and FORTUNE, 2018 Workplace Excellence Seal of Approval by the Alliance for Workplace Excellence, and one of the Top 101 highest scoring companies in the country for Best and Brightest Companies to Work For in the Nation by the National Association for Business Resources.

We serve private and public companies in more than a dozen industries; not-for-profit organizations; and high net-worth individuals and family groups. When you choose CBIZ Tofias, you get proactive, accessible professionals who communicate in understandable terms, and deliver practical solutions on time, with no surprises, to help your organization thrive.

Position will be responsible for leading and executing IT risk and security engagements to assist clients in reducing overall business risk and improving the IT security and controls of the organization.  We are seeking someone with SOC 2 skillsets and experiences.  This person will be performing SOC 2 attestation engagements. They should also have experience in other SOC-related engagements (SOC 1, SOC 2 +, SOC for Cybersecurity, etc.). This individual will be managing and working on consulting engagements and Attestation engagements

Essential Functions and Primary Duties

  • Managing engagements that assess the design and operating effectiveness of IT processes and procedures to meet client objectives including alignment with frameworks and compliance with laws and regulations
  • Managing IT risk and security assessments to evaluate confidentiality, processing integrity, availability, security, and privacy concerns
  • Advising management during consulting engagements, pre-assessments, and gap assessments
  • Training and managing seniors and staff in critical IT security  skills and methodologies
  • Experience in providing middle market IT risk and security services in the following is required:
  • Cybersecurity controls assessments (NIST, CIS 20, ISO 27001, COBIT, PCI DSS, HIPAA, etc.)
  • Security governance & oversight
  • Cybersecurity policies & procedures
  • Employee security awareness training and execution
  • Business continuity/disaster recovery
  • Penetration testing
  • Vulnerability assessments/testing
  • Social engineering
  • Cybersecurity strategy & plan development
  • Cybersecurity policy development
  • IT security controls improvement
  • Virtual Chief Information Security Officer (vCISO)
  • Evaluates and defines client requirements for IT risk & security projects
  • Defines scope and estimates project costs and details
  • Develops client relationships
  • Attends industry meetings to market CBIZ services
  • Presents technical papers and markets CBIZ capabilities
  • Directs engagements  by managing junior staff or contractors to meet project commitments

Minimum Qualifications Required

  • 6 years of combined IT security & controls experience, 3 years of supervision of staff
  • Bachelor’s degree in Information Systems / IT Security or related discipline
  • Demonstrated ability to document security and control issues, business impact, and management action plans
  • Ability to take on a business development role in the firm
  • Strong background in IT Security control assessments
  • Knowledge of COBIT and COSO and Sarbanes Oxley legislation and impact, HIPAA, Safe Harbor Privacy Rules and other regulations
  • Strong background in technical security systems and environments
  • Demonstrated ability to plan and manage engagements along with ensuring deliverables meet work-plan specifications and deadlines
  • CISA , CISSP,  CISM, and IT Security-related certifications preferred
  • Supervision of IT Staff Auditors (up to 2) may be required
  • 25-50% travel required  (based on client location and engagement details)


  1. IT Jobs
  2. IT Manager Jobs

not ready to apply ?

Joining our Talent Network will enhance your job search and application process. Whether you choose to apply or just leave your information, we look forward to staying connected with you.