Job Purpose
The role is to support the team in delivering internal audits but also larger scale advisory engagements. This means assisting in all aspects of the project lifecycle primary execution of fieldwork and preparation of deliverables including actively contributing to final recommendations.
Your responsibilities will include:
1. Being actively involved in the delivery of our Internal Audit/Consulting engagements.
2. Act a subject matter expert in various security and risk management domains (e.g., IT risk management, cyber risk, security target operating model, governance, compliance, cyber security maturity assessment, metrics and C-level dashboards…) and leading industry-based practices (e.g. NIST CSF, ISO 2700x…)
3. Managing the coordination and communication of key findings and results of engagements, producing written reports and supporting oral presentations to senior client management and key senior stakeholders
4. Maintaining an expertise and currency in industry trends
5. Managing and mentoring junior consultants assigned as members of engagements
6. Contributing to the development of project management, quality assurance and professional consulting and auditing approaches/methodologies.
The Candidate
We're looking for someone who is seriously interested in the cyber security area and wants to get first-hand experience in working in multiple industries with companies who need our help. We will help support you in every step of the way with on the job training as well as support for attaining industry professional certifications which will enhance your career in this field.
Skill, Knowledge & Experience
The candidate will be expected to use their technical expertise to delivery projects and to ensure that our clients comply with their regulatory obligations including NIS2 or DORA.
You will need to have a broad experience of security risk management and have evidence of experience in a number of the following fields of expertise:
7. Full understanding of the DORA regulation & NIS2 Directive and experience in implementing the regulations
8. Experience working with regulated financial services entities
9. 3+ years' varied experience in information security, risk management
10. Strong understanding of security governance, risk, and compliance frameworks such as ISO 27001, NIST 800-53 / CSF, NIS2 and DORA
11. Hands-on experience building credibility with external stakeholders
12. Proven ability to guide and collaborate with senior stakeholders in a similar GRC, security, or risk management role
13. Excellent communication skills, with the ability to present complex information clearly and effectively to non-technical stakeholders
14. The ability to explain complex topics to a diverse range of audiences
15. Strong attention to detail and the ability to deliver high quality work
16. CompTia Security +, CRISC, CISM or CISSP certification advantageous.
Diversity, Equity & Inclusion
At Forvis Mazars diversity, equity and inclusion are central to our values. We value our people's unique backgrounds, perspectives, and experience, and know this diversity create better outcomes for our clients.
We seek to attract, develop, and retain the best talent, inclusive of sex, ethnicity, disability, socio-economic background, sexual orientation, gender identity, nationality, and faith.
We select candidates based on skills, knowledge, qualifications, and experience and aim to support all our team members to reach their potential.
At Forvis Mazars, we promote an environment in which you can grow your skills, belong to a team that values your ideas, and make an impact that matters.