Senior IT Risk & Assurance Consultant – SOC 2 Specialist in Boston at CBIZ

Date Posted: 12/22/2019

Job Snapshot

Job Description

With over 100 offices and nearly 5,000 associates in major metropolitan areas and suburban cities throughout the U.S. CBIZ (NYSE: CBZ) delivers top-level financial and employee business services to organizations of all sizes, as well as individual clients, by providing national-caliber expertise combined with highly personalized service delivered at the local level. CBIZ has been honored to be the recipient of several national recognitions: 2019 America's Best Mid-Size Employers by Forbes, 2019 Best Workplaces in Consulting & Professional Services by Great Place to Work® and FORTUNE, 2019 Workplace Excellence Seal of Approval by the Alliance for Workplace Excellence, and one of the Top 101 highest scoring companies in the country for Best and Brightest Companies to Work For in the Nation by the National Association for Business Resources.

CBIZ and Mayer Hoffman McCann P.C. (MHM) are together ranked as one of the top providers of accounting in the United States. With more than 100 offices and more than 4,000 professionals, we serve the country’s growing mid-market public and private businesses. MHM provides high quality audit and attest services while closely associated CBIZ provides all other accounting, tax and consulting services.

CBIZ & MHM New England (formerly CBIZ Tofias) is part of the 10th largest accounting*, tax, and advisory services provider in the nation. Our two New England offices are located in  Boston and  Providence and have over 200 people, including over 35 Managing Directors. We uniquely combine national resources with local decision-making by experienced, New England-based professionals who are dedicated to strengthening our clients' financial positions. 

Position will be responsible for leading and executing IT risk and security engagements to assist clients in reducing overall business risk and improving the IT security and controls of the organization.   We are seeking someone with SOC 2 skillsets and experiences.  This person will be performing SOC 2 attestation engagements. They should also have experience in other SOC-related engagements (SOC 1, SOC 2 +, SOC for Cybersecurity, etc.). This individual will be managing and working on consulting engagements and Attestation engagements

Essential Functions and Primary Duties

  • Managing engagements that assess the design and operating effectiveness of IT processes and procedures to meet client objectives including alignment with frameworks and compliance with laws and regulations
  • Managing IT risk and security assessments to evaluate confidentiality, processing integrity, availability, security, and privacy concerns
  • Advising management during consulting engagements, pre-assessments, and gap assessments
  • Training and managing seniors and staff in critical IT security  skills and methodologies
  • Experience in providing middle market IT risk and security services in the following is required:
  • Cybersecurity controls assessments (NIST, CIS 20, ISO 27001, COBIT, PCI DSS, HIPAA, etc.)
  • Security governance & oversight
  • Cybersecurity policies & procedures
  • Employee security awareness training and execution
  • Business continuity/disaster recovery
  • Penetration testing
  • Vulnerability assessments/testing
  • Social engineering
  • Cybersecurity strategy & plan development
  • Cybersecurity policy development
  • IT security controls improvement
  • Virtual Chief Information Security Officer (vCISO)
  • Evaluates and defines client requirements for IT risk & security projects
  • Defines scope and estimates project costs and details
  • Develops client relationships
  • Attends industry meetings to market CBIZ services
  • Presents technical papers and markets CBIZ capabilities
  • Directs engagements  by managing junior staff or contractors to meet project commitments

Minimum  Qualifications Required

  • 3 years of combined IT security & controls experience
  • Bachelor’s degree in Information Systems / IT Security or related discipline
  • Demonstrated ability to document security and control issues, business impact, and management action plans
  • Ability to take on a business development role in the firm
  • Strong background in IT Security control assessments
  • Knowledge of COBIT and COSO and Sarbanes Oxley legislation and impact, HIPAA, Safe Harbor Privacy Rules and other regulations
  • Strong background in technical security systems and environments
  • Demonstrated ability to plan and manage engagements along with ensuring deliverables meet work-plan specifications and deadlines
  • CISA , CISSP,  CISM, and IT Security-related certifications preferred
  • less than 10% travel required  (based on client location and engagement details)


  1. Auditor Jobs
  2. Internal Auditor Jobs

not ready to apply ?

Joining our Talent Network will enhance your job search and application process. Whether you choose to apply or just leave your information, we look forward to staying connected with you.