Managed Services

Cybersecurity Risk & Controls AssessorJob Description

Associate Qualifications:

• 1–3 years of experience in IT audit, IT risk assessment, or cybersecurity compliance.

• Experience supporting internal or external audits.

• Familiarity with common control frameworks such as NIST CSF, NIST 800-53, ISO 27001, SOC 2, COBIT, or HIPAA.

• Ability to understand and evaluate technical environments (e.g., IAM, cloud platforms, network security).

• Strong organizational and analytical skills; ability to work independently and within teams.

• Strong written and verbal communication skills, particularly around documentation of controls and findings.

• High attention to detail and ability to manage multiple concurrent assessments.

• Exposure to IAM systems, cloud security, or endpoint protection technologies.

• Familiarity with GRC tools (e.g., ServiceNow GRC, RSA Archer).

• Working knowledge of IT general controls (ITGCs), risk assessment methods, and compliance reporting.

• Professional certifications preferred (e.g., CISA, CRISC, Security+, or ISO 27001 Lead Implementer).

Senior Associate Qualifications:

• 4-6 years of experience in IT audit, IT risk assessment, or cybersecurity compliance

• Experience supporting internal or external audits.

• Familiarity with common control frameworks such as NIST CSF, NIST 800-53, ISO 27001, SOC 2, COBIT, or HIPAA.

• Ability to understand and evaluate technical environments (e.g., IAM, cloud platforms, network security).

• Strong organizational and analytical skills; ability to work independently and within teams.

• Strong written and verbal communication skills, particularly around documentation of controls and findings.

• High attention to detail and ability to manage multiple concurrent assessments.

• Exposure to IAM systems, cloud security, or endpoint protection technologies.

• Familiarity with GRC tools (e.g., ServiceNow GRC, RSA Archer).

• Working knowledge of IT general controls (ITGCs), risk assessment methods, and compliance reporting.

• Professional certifications preferred (e.g., CISA, CRISC, Security+, or ISO 27001 Lead Implementer).

Key Responsibilities:

• Assist in the execution of IT and cybersecurity control assessments based on regulatory, industry, and internal frameworks (e.g., NIST 800-53, ISO 27001, SOC 2).

• Collect and review evidence from system owners and control operators to support control testing and validation.

• Perform control testing and document results in line with internal assessment methodology.

• Collaborate with SMEs and business teams to understand technical implementations and control applicability.

• Identify control gaps, exceptions, or risk themes, and support remediation tracking.

• Support reporting of findings, risks, and recommendations to management and risk stakeholders.

• Maintain documentation for audit trails and ensure compliance with assessment timelines and procedures.

• Assist in the continuous improvement of assessment procedures and templates.

• Leverage tools such as ServiceNow, Archer, or custom GRC platforms for evidence tracking, issue logging, and reporting.