IT Audit, Risk and Cybersecurity - Experienced Associate

CohnReznick is one of the nation’s top professional services firms, creating rewarding careers in advisory, assurance, and tax. The role involves supporting IT audit, risk management, and cybersecurity assessments for a diverse client base, ensuring compliance with various regulatory and contractual requirements.

Responsibilities

• Execute and support risk‑based IT audits and IT risk assessments, including evaluation of IT general controls (ITGCs), automated application controls, and key technology‑enabled business processes
• Assess control design and operating effectiveness across domains such as access management, change management, system development lifecycle (SDLC), incident response, and vendor management
• Support SOX‑relevant IT controls testing, internal audit co‑sourcing, and other compliance‑driven engagements as applicable
• Identify control gaps, assess risk impact, and develop clear, actionable recommendations for remediation
• Perform cybersecurity assessments and readiness reviews aligned to CMMC, NIST SP 800‑171, NIST CSF, ISO27001, and other recognized frameworks
• Support or lead CMMC gap assessments, readiness assessments, and advisory activities for organizations in the Defense Industrial Base (DIB)
• Assist in evidence collection, validation, and analysis for cybersecurity and compliance assessments
• Contribute to development of client deliverables, including assessment reports, risk summaries, and management presentations
• Simultaneously serve multiple engagements while maintaining high quality standards
• Work with clients in a broad array of industries including information technology, financial services, retail & consumer products, pharmaceuticals, electronics, manufacturing, media, and government contracting etc
• Facilitate client interviews and walkthroughs to understand IT environments, security controls, and operational processes
• Ensure workpapers and deliverables meet quality, consistency, and documentation standards
• Understand clients’ organizations and provide value-added solutions and best practices
• Identify emerging risks, trends, and improvement opportunities for clients
• Share knowledge and best practices related to IT audit, cybersecurity, and CMMC requirements
• Contribute to internal methodology development, tools, and training initiatives

Skills

• Bachelor's degree in Information Systems, Computer Science, Accounting, Cybersecurity, or a related field
• 1+ years of relevant experience in IT audit, IT risk, cybersecurity, or technology advisory roles
• Hands‑on experience performing IT audits, IT risk assessments, or cybersecurity assessments
• Strong understanding of internal controls, risk management concepts, and common cybersecurity frameworks
• Background and understanding of the risks and controls in technologies such as web, cloud, client/server, open systems architecture, data warehousing, and imaging
• Proficient understanding of cloud security, Identity and Access Management, ERP, Operating Systems, Databases, and Network Infrastructure components
• Knowledge of risk and controls related to emerging technologies such as AI, blockchain, and automation
• Working knowledge of Cloud Security Framework, General Data Protection Requirement (GDPR), COBIT 5, ISO 27001/2, HIPAA, California Consumer Protection Act (CCPA), NIST 800-171/800-53/NIST 800-37
• Excellent written and verbal communication skills, with the ability to explain technical concepts to non‑technical audiences
• Ability to manage multiple priorities and work effectively in a client‑facing consulting environment
• Participate in business development activities such as proposal writing, professional networking, and thought leadership development
• Ability to work onsite 3 days per week, and travel up to 50% (domestic and international)
• Certified Information Systems Auditor (CISA) – strongly preferred
• Certified CMMC Assessor (CCA) or active progress toward CMMC Assessor certification – strongly preferred
• Additional certifications a plus, such as: Experience supporting federal, government contractor, or regulated industry clients

Benefits

• Discretionary performance bonus
• Generous paid time off
• Expanded, and inclusive parental benefits
• Access to best-in-class learning and development platforms

Company Overview

Company H1B Sponsorship