Managing Security Consultant

Overview We have a tremendous opportunity for a senior level client service professional to work as a Qualified Security Assessor in the Information Risk Management (IRM) team in Rochester, NY. This hands-on role would involve technical security assessments of applications and infrastructure, security design reviews as well as risk assessments. A qualified applicant would have strong technical skills from the hardware to the application layer. This is a remote position and can be located anywhere in the US. Responsibilities Performing mid and large IT and information security risk and compliance assessments, PCI engagements, audits, gap analyses, and remediation Actively lead projects in the areas of PCI-DSS and ISO 27001 Communicating with project stakeholders to effectively convey requirements of technical and process improvements Develop customized policies, procedures and controls, disaster recovery plans and technical documentation for applications, systems and infrastructure Possess an in-depth knowledge of IT security and various frameworks (i.e. PCI, ISO, NIST, CMMC etc.) Experience in managing policy exceptions, including working directly with the teams to document exceptions, identify compensating controls and remediation action plans Qualifications Requirements: Compliance: regulatory, privacy, international laws and statutory requirements. Risk: risk frameworks, maturity models, and enterprise IT security risk methodologies. Governance: vendor management, policy frameworks, control design and security design/architecture. Security architecture: infrastructure, network and systems design. Knowledge of and hands-on experience with PCI audits and PCI attestations. Abilities: Communicate effectively across business and technical boundaries. Work independently without detailed guidance. Be proficient in writing executive level reports and technical documentation. Frequent travel to client locations is required. Education and Experience: Must be PCI-QSA (Qualified Security Assessor) certified or have held the certification within the last three years. At least one current Information Security certification (i.e. CISSP, CISM, ISO 27001:2022 Lead Implementer) At least one current IT Audit certification (CISA, GSNA, ISO 27001:2022 Lead Auditor, CIA) Minimum of an associate’s degree. BS degree is a plus Minimum 4 years of experience in the Cyber Security, Information Assurance, Enterprise Risk or Compliance field. HOURS/LOCATION: This is a full-time remote opportunity. Our office hours are Monday through Friday from 8:00 a.m. until 5:00 p.m. Monday through Friday Our summer hours are Monday through Thursday from 8:00 a.m. until 5:00 p.m. and Friday from 8:00 a.m. until 12:00 p.m We pride ourselves on our flexibility; however, the ability to work additional hours will be needed at peak times At The Bonadio Group, we believe that an inclusive work environment allows all of our people to achieve their greatest potential and the greatest results for our clients and communities. Bonadio is committed to the principle of equal treatment and opportunity for all people. The Firm is committed to fostering and managing diversity in the workplace as an integral part of its practice and service to clients. The Firm values the rich variety of perspectives and experiences offered by those of different backgrounds. This diversity strengthens our institution and enables it to better respond to our clients’ needs in an increasingly global profession. In the fast-changing accounting industry, The Bonadio Group is always on the cutting edge of growth and innovation. With our great mentoring and training programs, you’ll be exposed to diversity of work, the ability to tackle more interesting issues, and have a path to Partnership. You’ll be working with great people and great clients where you can truly make a difference. Apply online, get on board, and grow with us. You’ll be glad you did! The Bonadio Group is unable to accept unsolicited resumes from third-party recruiters who do not have a written contractual agreement for a specific position along with approval to submit from the Talent Management team. All communications from The Bonadio Group regarding recruitment and hiring will come from an @bonadio.com email address and our process includes a discussion with our Talent Management team. If you have any questions or concerns, please contact us immediately at (800) 487-7624 or careers@bonadio.com. EOE/AA Disability/Veteran At TBG, our unwavering goal is always To Be Greater—for our clients, communities, and colleagues. Our next-level accounting, advisory & consulting, and enterprise teammates help unlock the full potential of those we work with. Our talented team of experts, each specializing in various industries, go above and beyond to deliver the perfect solution for every client. Not finding the right fit today? Please let us know that you may be interested in a future opportunity by setting up a Job Alert. 1. Create an account by clicking Sign In at the top, right corner of this page 2. Follow the directives noted