Accume Partners

  • Senior Associate - Cybersecurity & Technology Risk

    Job Locations US-NY-New York | US-DC
    ID
    2018-1078
  • Overview

    Accume Partners is a trusted risk assurance and advisory leader and innovator in delivering integrated solutions to our clients in highly regulated industries. Our firm has strong roots in providing internal audit, regulatory compliance, and risk management services to various sectors in the financial services industry. A few years ago, Accume Partners has added to those services with extensive Cybersecurity and Technology Compliance capabilities. As the level of regulatory and business complexity has surged, so has the need for specialized knowledge and focus. We have organized our firm to achieve that goal providing our clients with deep knowledge, expertise and approaches in the following areas: • Internal Audit • Regulatory Compliance • Technology Risk Management • Dedicated Cybersecurity Practice and Toolset • Incident Response Planning and Cyber-Forensic Team • FFIEC Compliance Software (Risk Director) Through these key areas of focus, we are able to stay in front of change, bring balanced perspectives and the specialized knowledge demanded by today’s banks and financial institutions. That is why our clients view us as the partner of choice, a partner that is truly different from the others. Partnership Matters.

     

    Having the best technical expertise or the best service approach is not enough. We need the best people to complete the equation...people who can share their knowledge and grow with our clients. Accume Partners was founded on a belief in, and a commitment to, its people. The development, advancement and individual success of our talented professionals is vital to our future. We invest in you to ensure our professionals receive the training and mentoring necessary for your career growth. Our success is built on yours.

     

    Senior Associate - Cybersecurity and Technology Risk provides consultative services to clients delivering appropriate service offerings across all business units. Service areas include Cybersecurity & Privacy, Business Continuity and Disaster Recovery, Information Security, Risk Assessments and Security Maturity Assessments, and Technology Policies and Procedures. Client service focus, along with excellent presentation, communication, and consulting skills are critical to achieve success in this position; effectively interfacing with executive level business leadership, as well as line level technical staff. Effective management of multiple projects with the expectation to design, develop and implement all elements of a successful Business Continuity Plan, Information Security Program, Vendor Management Program and IT Risk Management program for all clients. Practical experience communicating compliance and technology concepts and functions to non-technical members of client leadership teams, in addition to the ability to translate business objectives to technical teams is required. Consulting and client management experience is required to effectively and independently manage multiple projects.

     

    Responsibilities

    • Designs and conducts Information Security programs for clients, consistent with the regulatory framework of the client’s industry as well as industry best practices. Should have familiarity with frameworks like ISO 27002, NIST, COBIT, and/or PCI and preferably would have strong expertise in one of those frameworks. Makes and implements recommendations for preventive measures as necessary;
    • Designs and oversees client vendor management programs, and demonstrates a keen understanding of vendor risk assessment, stratification of vendors according to criticality and risk factors, and the development of initial and ongoing due diligence to constitute a solid vendor management framework with which to oversee the activity and delivery of client service providers;
    • Creates, enhances and maintains Business Continuity and Disaster Recovery programs, with deep expertise in the areas of business impact analysis, risk assessment, development of business recovery strategies, and alternate procedures. Able to oversee tabletop and functional test exercises and bridge the communication gap with those with little familiarity with continuity concepts;
    • Designs and conducts training for computer security education and awareness programs. Researches and evaluates emerging security trends and issues to ensure that education remains current and is continuously updated;
    • Drives culture change within the client’s organization to focus extensively on the improvement of control strength, the regular testing of organizational controls, and the training of the organization in order to mitigate reasonably foreseeable information security and cybersecurity threats;
    • Advises client on the adoption or strengthening of technology risk management and compliance programs to mitigate technology-related and/or information security related risks; has working knowledge of industry standard security frameworks like NIST Cybersecurity Framework or ISO 27001/27002 and is able to bring advanced methodologies to assessments while translating conclusions to persuasive recommendations for the Board, Executive and Line management.

    Qualifications

    Bachelor’s Degree in Computer Science, Information Systems desired

     

    Solid client service delivery skills, as well as demonstrated business experience and expertise in the following areas of Risk and Compliance:

    • Information Technology;
    • Risk Management Strategies;
    • Information Security Strategy, Assessment, and Testing;
    • Three to five (3-5) years of experience in banking, credit unions, financial services, hedge fund, insurance or broker/dealer is strongly preferred;
    • GLBA and Financial Information Privacy;
    • ISO 27001/2, NIST Cybersecurity Framework, FFIEC / FDIC/ NCUA knowledge of applicable IT regulations.; CISSP Certification desired; CISA / CISM Certifications desired;
    • IT Management Guidelines; Strong documentation and business writing skills are a must;
    • Strong verbal and listening skills and a proven ability to call others to taken action
    • Ability to perform External Vulnerability Assessments and Penetration Tests, Internal Vulnerability Assessments and Penetration Tests and social engineering tests.

    Dependability - Meets commitments, works independently, accepts accountability, handles change, sets personal standards, stays focused under pressure, and meets attendance/punctuality requirements.

    Interpersonal Skills - Listens actively to others, builds strong relationships, is flexible/open-minded, solicits performance feedback and handles constructive criticism. Communicates well both verbally and in writing.

    Job Knowledge - Understands duties and responsibilities, has necessary job knowledge, has necessary technical skills, understands company mission/values, keeps job knowledge current, is in command of critical issues. Consistently achieves greater level of expertise in his or her field. Identifies and communicates new business development opportunities.

    Productivity - Manages a fair workload, volunteers for additional work, prioritizes tasks, develops good work procedures, manages time well; handles information flow.

    Self-Development - Seeks out and accepts feedback, is a proactive learner, takes on tough assignments to improve skills, keeps knowledge and skills up-to-date, turns mistakes into learning opportunities.

    Teamwork - Meets all team deadlines and responsibilities, listens to others and values opinions, helps team meet goals, welcomes newcomers and promotes a team atmosphere.

    Options

    Sorry the Share function is not working properly at this moment. Please refresh the page and try again later.
    Share on your newsfeed