Cyber Risk & Compliance Manager - Location Negotiable
Accenture Security helps organizations prepare, protect, detect, respond, and recover along all points of the security lifecycle. Cybersecurity challenges are different for every business in every industry. Leveraging our global resources and advanced technologies, we create integrated, turnkey solutions tailored to our clients’ needs across their entire value chain. Whether we’re defending against known cyberattacks, detecting and responding to the unknown, or running an entire security operations center, we will help companies build cyber resilience to grow with confidence. Our team of the security sector’s brightest people use the coolest tech to out-hack the hackers and help clients build resilience from within. We blend risk strategy, digital identity, cyber defense, application security and managed service solutions to rethink the entire security lifecycle.
Passionate about security, love what you do and have a genuine desire to outsmart the bad guys. You have the experience to analyze a clients’ security posture, anticipate security requirements and help find right-sized solutions based on industry leading practices. You have a proven track record working successfully in a fast-paced, team-oriented environment. You’re a creative, analytical problem solver with above average documentation skills who can speak to both technical and non-technical audiences. Can apply deep security skills to design, build and protect enterprise systems, applications, data, assets and people for Accenture and our clients. You are eager to put your skills to use by helping us help our clients inject security at every level of their organization.
- Driving large Governance, Risk and Compliance (GRC) projects / programs serving multiple clients across different industries.
- Have the ability to drive work planning across multiple workstreams in the GRC program (both technical and non-technical in nature – for example vulnerability management and managing the end to end lifecycle for IT risk management)
- Experienced in driving cybersecurity assessments including maturity assessments using NIST CSF or FAIR methodologies as a baseline for overall GRC programs.
- Prepare reporting for various levels of management including directors and leadership in Security. Reporting to include end to end assessment results, maturity rankings and risk scoring
- Review current state assessment results and formulate a plan to achieve target state in the NIST CSF maturity model
- Assist with driving security and controls work for various other cybersecurity and privacy regulations and standards including but not limited to PCI DSS, ISO 27001, GDPR, CCPA, IT SOX, SOC 2.
- Conduct information security risk assessments, including risk/issue intake/identification, triage and treatment plan preparation and tracking in accordance with our client Information Security and Compliance Frameworks as well as regulatory standards and requirements for the above mentioned regulations and standards.
- Perform test of controls including test of design and operating effectiveness for privacy including driving preparations, conducting walkthrough meetings, preparing narratives, and assembling other evidence as needed to support testing conclusions.
- Perform IT control assessments/testing and assist with continuous monitoring activities, and help remediate any control deficiencies or findings
- Demonstrate a strong understanding of relevant security and privacy regulatory compliance requirements mentioned above and be able to translate those into business processes and security controls to enhance and support client’s compliance and audit capabilities.
- Demonstrate the ability to articulate and defend the IT controls testing or assessment approach being used
- Applying cyber compliance / risk management knowledge, internal control principles and technical knowledge across cyber risk and compliance engagements.
- Developing and executing a detailed project plan, assessment approach, and overseeing the delivery team through team management (e.g., resource allocation, daily stand-ups), client coordination and quality review
- Participating in development and delivery of training curriculum and participating in hiring and coaching activities for the Managed Risk Services team.
- Consult to gather requirements and understand our clients' key challenges and work with senior team members to advise on practical and cost-effective solutions to help mitigate our clients’ cybersecurity risks and challenges.
- Prepare control testing scripts, plans, agendas to help the client through test execution process
- Establish and maintain effective working relationships with colleagues, existing clients, and prospective client organizations.
- Participate in relevant community events that align to personal interests and provide the opportunity for you to build your professional brand.
Here’s What You Need
- Minimum of 5 years of experience testing IT security controls including experience managing and facilitating client control testing efforts
- Minimum of 3 years’ experience big 4 or equivalent consulting experience /managing large client risk and compliance projects
- Minimum of 4 years of experience preparing/overseeing control testing scripts, plans and agendas to help the client through test execution process
- Minimum 5 years’ experience leading external and internal auditors, e.g., PCI-QSAs.
- Minimum 4 years’ experience creating technical documentation and compliance reports overseeing in a client facing role
- Minimum Bachelor's degree (or equivalent minimum 12 years work experience). If Associate’s Degree, (must have minimum 6 years work experience)
Compensation for roles at Accenture varies depending on a wide array of factors including but not limited to the specific office location, role, skill set and level of experience. As required by local law, Accenture provides a reasonable range of compensation for roles that may be hired in California, Colorado, New York City or Washington as set forth below and [Register to View]
Equal Employment Opportunity Statement
Accenture is an Equal Opportunity Employer. We believe that no one should be discriminated against because of their differences, such as age, disability, ethnicity, gender, gender identity and expression, religion or sexual orientation.
All employment decisions shall be made without regard to age, race, creed, color, religion, sex, national origin, ancestry, disability status, veteran status, sexual orientation, gender identity or expression, genetic information, marital status, citizenship status or any other basis as protected by federal, state, or local law.
Accenture is committed to providing veteran employment opportunities to our service men and women.
For details, view a copy of the [Register to View] .
Requesting An Accommodation
Accenture is committed to providing equal employment opportunities for persons with disabilities or religious observances, including reasonable accommodation when needed. If you are hired by Accenture and require accommodation to perform the essential functions of your role, you will be asked to participate in our reasonable accommodation process. Accommodations made to facilitate the recruiting process are not a guarantee of future or continued accommodations once hired.
If you would like to be considered for employment opportunities with Accenture and have accommodation needs for a disability or religious observance, please call us toll free at 1 [Register to View] , send us an [Register to View] or speak with your recruiter.
Other Employment Statements
Applicants for employment in the US must have work authorization that does not now or in the future require sponsorship of a visa for employment authorization in the United States.
Candidates who are currently employed by a client of Accenture or an affiliated Accenture business may not be eligible for consideration.
Job candidates will not be obligated to disclose sealed or expunged records of conviction or arrest as part of the hiring process.
The Company will not discharge or in any other manner discriminate against employees or applicants because they have inquired about, discussed, or disclosed their own pay or the pay of another employee or applicant. Additionally, employees who have access to the compensation information of other employees or applicants as a part of their essential job functions cannot disclose the pay of other employees or applicants to individuals who do not otherwise have access to compensation information, unless the disclosure is (a) in response to a formal complaint or charge, (b) in furtherance of an investigation, proceeding, hearing, or action, including an investigation conducted by the employer, or (c) consistent with the Company's legal duty to furnish information.