Job Description

We are the leading provider of professional services to the middle market globally, our purpose is to instill confidence in a world of change, empowering our clients and people to realize their full potential. Our exceptional people are the key to our unrivaled, inclusive culture and talent experience and our ability to be compelling to our clients. You’ll find an environment that inspires and empowers you to thrive both personally and professionally. There’s no one like you and that’s why there’s nowhere like RSM.

We are currently looking for team members to join our Security, Privacy, and Risk Consulting practice. The candidate will work with teams of security and privacy staff in a wide variety of systems environments.  Our Security, Privacy and Risk Consulting team serves the Information Security and Data Privacy related needs of our clients. This team helps organizations identify their cyber risk, and design and implement program to address those risks and improve their cyber security posture. We serve a diverse base of clients in a variety of industries, and understanding how technology impacts the operation and growth of organizations is what we do best.

Examples of candidate's responsibilities include:

Serve as an engagement manager while leading/developing team members and managing personnel

Lead or support completion of assessments identify risks within an organizations cyber security governance compliance programs

Determine technical, business impact and likelihood of identified security issues and provide remediation guidance to clients

Work with a variety of cyber security and privacy frameworks such as ISO, NIST, CIS.

Measure and report clients’ compliance with established industry or National/International government requirements such as PCI DSS, CMMC, FEDRAMP, GDPR, CCPA, etc.

Lead or support the development of security governance and compliance programs for our clients

Support the development of strategy and implementation of tools such as eGRC, used to help manage security programs across a variety of organizations

Develop metrics and reporting for security programs

Deliver presentations to executive management and Boards of Directors

Develop target operating models for cyber security programs including budgets, resource levels, reporting structure, etc.

Support Virtual CISO engagements

Support networking and business development activities

Collaborate with RSM consulting professionals across risk and technology consulting with a variety of credentials including Certified Ethical Hacker (CEH), Certified Information Systems Security Professionals® (CISSP®); Certified Information Systems Auditor® (CISA®) and Certified Information Security Manager® (CISM®)

Basic Qualifications:

Minimum B.A. or B.S. degree or equivalent from an accredited university by the time employment commences with a major in Computer Science, Information Technology, Information Systems Management, Information Security or other similar degrees

Technical background in computer science and related fields

Working knowledge of business process flows

The ability to interpret and convey technical information through written and oral communications to all levels of technical aptitude, including senior management

High degree of integrity and confidentiality, as well as ability to adhere to company policies and best practices

Possess a strong internal drive and motivation for continuous improvement

Preferred Qualifications:

Proficiency in Microsoft suite of tools including Excel, OneNote, etc. is desired

Practical hands-on experience with IT infrastructure components such as servers, firewalls, IDS systems and other network infrastructure components

Practical hands-on experience with security tools, such as a Nessus, Kali Linux, etc., or other commercial and public domain security tools

Operating system configuration and security experience (HP-UX, Linux, Solaris, AIX, etc.)

Understanding of secure network architecture design

In-depth knowledge of the security and privacy provisions of a variety of regulations and standards such as PCI, NERC/CIP, HIPAA/HITECH/HITRUST, FFIEC, FDIC, ISO 27000 series, NIST sp800 series, etc.

One or more security focused certifications: Certified Information Systems Security Professionals® (CISSP®); Certified Information Systems Auditor® (CISA®); Certified Information Security Manager® (CISM®), etc.