Senior Consultant - Cyber Assurance

This role may be based in NYC or Washington DC.

We are seeking a highly skilled and motivated Senior Consultant to join our growing cybersecurity assurance team. In this role, you will lead and deliver high-impact cyber risk and assurance engagements, helping clients navigate regulatory requirements, manage information security risks, and enhance their cybersecurity posture.

You will play a key role in project delivery, client engagement, and mentoring junior staff, while also contributing to the development of new service offerings and best practices

Tasks and responsibilities

The Senior Consultant will take responsibility for individual and client-facing outputs in the following areas:

Delivering digital risk and cyber security engagements

• Lead and manage cyber assurance projects including IT audits, risk assessments, ISO 27001 readiness, SOC 2, NIST, PCI-DSS, and other compliance frameworks.
• Design, assess, and implement cybersecurity controls in line with regulatory requirements and industry best practices.
• Perform cybersecurity maturity assessments and develop tailored improvement roadmaps.
• Guide clients through internal and external audit processes, including preparation, testing, and remediation planning.
• Identify control gaps and recommend practical, risk-based solutions aligned with business objectives.
• Produce high-quality deliverables, such as risk reports, gap assessments, audit reports, and executive summaries.
• Build strong client relationships, acting as a trusted advisor on cybersecurity and risk issues.
• Support business development efforts, including proposals, presentations, and thought leadership.
• Mentor and supervise junior consultants, promoting a culture of knowledge sharing and continuous learning.

Business development & practice growth

• Identify opportunities for additional services during engagements and contribute to proposal writing and client presentations.
• Assist in developing new service offerings, market insights, and go-to-market strategies for the cyber assurance practice.
• Participate in industry events, webinars, or networking opportunities to represent the firm’s cyber capabilities.

• Candidates must be legally authorized to work in the US on a permanent basis without sponsorship.
• Candidates must possess unrestricted US work authorization.
• This is a 50%+ travel role with potential to travel globally on 2-3 weeks notice. It requires a valid passport and periodic applications for visas.
• Bachelor’s degree in Cybersecurity, Information Technology, Risk Management, or a related field (or equivalent experience).
• 5+ years of experience in cybersecurity, risk management, or IT auditing
• Demonstrable expertise leading the delivery of assessments based on cybersecurity standards and frameworks such as NIST CSF 2.0, IS27001 and 27002, SOC2, Center for Internet Security (CIS) best practices, PCI-DSS, CSA Cloud Controls Matrix, GDPR, HIPAA, HITRUST, etc.
• Hands-on experience with tools and platforms used for cyber risk assessments, vulnerability scanning, and audit processes
• Strong understanding of information security domains such as access control, encryption, vulnerability management, network security, and incident response.
• Evidence of supporting clients overcome cybersecurity challenges in a broad array of sectors which may include, but is not limited to: Technology, Financial Services, and Retail.
• A deep understanding of governance, standards, and compliance as they pertain to cyber security.
• Ability to analyze complex security data and translate findings into industry specific recommendations.
• Preferred: Certifications: CISSP, CISM, CRISC, CISA, SCP, CCNP, ISO 27001 Lead Auditor or other relevant security or risk management certifications.
• Preferred: Experience working in a global organization and understanding of the challenges involved in managing risks across multiple jurisdictions.
• Preferred: Project management skills to manage multiple assessments, stakeholders, and deadlines effectively.
• Preferred: Strong communication skills, both written and verbal, with the ability to present complex technical information to non-technical audiences.
• Preferred: Knowledge of cloud security, supply chain security, secure software development, encryption standards, security tools, and emerging threats related to third-party relationships.
• Preferred: Experience with Archer governance and compliance tools.

The base salary range for this position is $115,000-$125,000 per year. Exact compensation offered may vary depending on job-related knowledge, skills, and experience.

Control Risks is committed to a diverse environment and is proud to be an equal opportunity employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, gender, gender identity or expression, sexual orientation, national origin, genetics, disability, age or veteran status. If you require any reasonable adjustments to be made in order to participate fully in the interview process, please let us know and we will be happy to accommodate your needs.

Control Risks participates in the E-Verify program to confirm employment authorization of all newly hired employees. The E-Verify process is completed during new hire onboarding and completion of the Form I-9, Employment Eligibility Verification, at the start of employment. E-Verify is not used as a tool to pre-screen candidates. For more information on E-Verify, please visit

• Control Risks offers a competitively positioned compensation and benefits package that is transparent and summarized in the full job offer.
• Control Risks supports hybrid working arrangements, wherever possible, that emphasize the value of in-person time together - in the office and with our clients - while continuing to support flexible and remote working.
• Medical Benefits, Prescription Benefits, FSA, Dental Benefits, Vision Benefits, Life and AD&D, Voluntary Life and AD&D, Disability Benefits, Voluntary Benefits, 401 (K) Retirement, Nationwide Pet Insurance, Employee Assistance Program.
• As an equal opportunities employer, we encourage suitably qualified applicants from a wide range of backgrounds to apply and join us and are fully committed to equal treatment, free from discrimination, of all candidates throughout our recruitment process.