Senior Associate, RAS

📋 Description

• • Support the implementation of cybersecurity and GRC programs aligned with frameworks such as SOC 2, ISO 27001, HIPAA, PCI-DSS, NIST, FedRAMP, and CMMC
• • Own day-to-day operations of GRC platforms, including monitoring automated testing results, tracking control status, managing evidence uploads, inputting vendor and risk records, and maintaining policy assignments
• • Serve as the first point of contact for audit requests, drafting initial responses and gathering required documentation before escalating to the Client Lead for review
• • Assist with recurring compliance tasks including User Access Reviews, Incident Response (IR) and Disaster Recovery (DR) tabletop exercises, and IT risk assessments
• • Take ownership of ad-hoc client requests such as completing SAQs, preparing documentation, and responding to one-off compliance inquiries, making initial attempts to resolve before seeking feedback
• • Monitor and respond to client communications across Slack, Microsoft Teams, and email, proactively drafting proposed solutions rather than merely highlighting problems
• • Contribute to client calls and weekly status updates, coordinating with delivery team members to ensure consistent and accurate external-facing communication
• • Maintain accurate and up-to-date task tracking in the project management tool across all active client engagements
• • Stay current on emerging cybersecurity risks, evolving control practices, and regulatory changes impacting GRC programs
• • Build and maintain strong industry relationships to support long-term business development and client retention
• • Collaborate with delivery team members to receive guidance, coaching, and direction while contributing to team objectives and client outcomes
• • Participate in internal and external firm initiatives including community service, training programs, recruiting events, and company-wide activities
• • Conduct IT General Controls (ITGC) assessments to evaluate design and operating effectiveness
• • Develop and execute remediation roadmaps for identified control gaps and compliance deficiencies
• • Perform vendor risk reviews and IT cybersecurity risk assessments as part of client engagements
• • Support co-sourced or outsourced internal audit functions and segregation of duties (SoD) reviews
• • Assist in policy and procedure development to align with regulatory and organizational requirements
• • Apply knowledge of GRC tools and technologies to streamline compliance workflows and improve reporting accuracy