In this role, you’ll have the opportunity to drive positive impacts through the design, build, execution, and assessment of risk programs across cyber, technology, and operational risk (non-financial risk) domains.
We are looking for passionate self-starters who enjoy learning and staying current with industry trends and technologies, excel at leading teams and mentoring others, and get excited about helping our clients strategically solve complex risk challenges.
What You'll Do:
- Provide excellent client service and develop and nurture client relationships, serving as a liaison between clients and project teams, understanding their business needs, and delivering responsive and high-quality service
- Apply specialized knowledge in particular non-financial risk domains, and broad acumen across facets of all domains including cybersecurity, technology, cloud, operational resiliency, data, third party, privacy, and product risk
- Conduct research and analysis, leveraging data to derive valuable insights and actionable recommendations for clients
- Lead working meetings with clients and participate in formal client briefings
- Oversee the operational aspects of ongoing projects, including engagement planning, budget development, progress monitoring, and quality control of deliverables
- Lead development of compelling, easy-to-consume, data-driven deliverables that pragmatically solve client problems
- Structure, implement, and synthesize research and analysis on a range of key industry developments and trends to inform client deliverables, proposals, marketing materials, and market strategies
- Participate in advancing the Risk Advisory service line through internal initiatives such as recruiting, business development, thought leadership, and knowledge sharing
- Serve as a coach and mentor to team members, fostering their professional growth and development
- Lead CrossCountry teams on engagements such as:
-Risk Transformation: Maturity assessments and roadmaps; operating models; program and process builds; executive advisory
-Risks & Controls: Risk assessments; frameworks; RCSAs; testing methodologies; testing execution and reporting
-Internal Audit: Audit planning, execution, and reporting
-Regulatory Compliance: Regulatory mapping and horizon scanning; compliance readiness and remediation activities; exam and reporting support
-Reporting & Metrics: KPI and KRI development; automation and operations; dashboards and reporting; risk appetite analysis
What You'll Bring:
- 5+ years prior experience in professional services (public accounting, advisory firm, or management consulting firm)
- Experience with the major cybersecurity, technology, and operational risk frameworks and standards such as NIST CSF, CRI Cybersecurity Profile, CSA Cloud Controls, ISO 27000 series, COBIT, and Basel Operational Risk Principles
- Experience delivering security solutions across major cloud service provider (AWS, Azure, GCP) platforms
- Understanding of comprehensive risk management programs, including governance, policy, organizational design, awareness and training, architecture, technologies, processes, and controls
- Experience mentoring and developing junior team members and helping project teams resolve multifaceted issues
- Passion for learning new technologies and staying current with trends in cyber, technology, and operational risk management.
Qualifications:
- Bachelor’s degree from an accredited university
- Professional certification (CISA, CISM, CISSP, CIPT, CIPP, CIPM).
- Willingness to travel domestically up to 20%-30% (varies by client).
- Availability to work on client site or in office 3 days a week, with 2 days remote (hybrid environment).
#LI-Hybrid #LI-OC1