With over 100 offices and nearly 5,000 associates in major metropolitan areas and suburban cities throughout the U.S. CBIZ (NYSE: CBZ) delivers top-level financial and employee business services to organizations of all sizes, as well as individual clients, by providing national-caliber expertise combined with highly personalized service delivered at the local level. CBIZ has been honored to be the recipient of several national recognitions: 2019 America's Best Mid-Size Employers by Forbes, 2019 Best Workplaces in Consulting & Professional Services by Great Place to Work® and FORTUNE, 2019 Workplace Excellence Seal of Approval by the Alliance for Workplace Excellence, and one of the Top 101 highest scoring companies in the country for Best and Brightest Companies to Work For in the Nation by the National Association for Business Resources.

CBIZ Risk & Advisory Services offers leading edge assurance and consulting services to help organizations navigate the perils of controlling a business in turbulent times. As part of CBIZ, the nation's eighth largest financial services provider in the country, CBIZ Risk & Advisory Services provides risk, internal control, internal audit, anti-fraud, and IT audit services to leading businesses across North America.

Our San Francisco, CA office is currently hiring for a Cyber-Security Risk Manager. 

Essential Functions and Primary Duties:

• As a Manager in our RAS Cyber Risk team, you will managing and executing an enterprise-wide cyber security engagements
• Identify and evaluate complex business and technology risks and remediation methods
• Perform cybersecurity strategy and policy analysis, provide recommendations for enhancements
• Support the design and implementation of cyber risk operating models, identifying, evaluating, and providing solutions to evaluate complex business and technology risks
• Design/review policies and procedures that support the implementation of cyber security programs
• Create and design effective presentations as a means for communicating project and deliverable progress to clients
• Perform sophisticated data analyses to understand client’s business and identify risk
• Facilitate use of technology-based tools or methodologies to review, design and/or implement cyber security products and services
• Identify opportunities to improve engagement profitability and manage engagement economics
• Demonstrate ability to identify and address client needs: building solid relationships with clients; developing an awareness of Firm services; communicating with the client in an organized and knowledgeable manner; delivering clear requests for information; demonstrating flexibility in prioritizing and completing tasks; and communicating potential conflicts to the engagement director
• Track and communicate engagement performance and planning to CBIZ engagement management, ensuring project milestones remain on track and are completed timely
• Actively mentor and train team members on risk management processes, governance, and frameworks

Minimum Qualifications:

• Demonstrate problem solving, critical thinking and logical structuring skills
• Experience with cybersecurity or IT strategy, policy management, assessment, or development
• Experience with National Institute of Standards and Technology (NIST) security controls and security Governance, Risk Management, and Compliance (GRC) processes
• Experience with internal or external client management
• Experience with assessing client requirements and writing proposals
• Possession of excellent oral and written communication skills
• Relevant consulting or industry experience

Preferred Qualifications:

• Relevant BA/BS degree and/or certifications (CRISC, CISSP, CCIE, CISM, CISA, CCSK)
• Strong knowledge of security risk management frameworks including related regulatory compliance requirements (NIST CSF & 800-53, ISO27001, SOC, HITRUST, HIPAA, FedRamp, PCI, GDPR, etc.)
• Experience with GRC tools (Metricstream, Archer, etc.)
• Experience developing and managing complex controls frameworks.
• Understanding of security risk scenarios including related threats and vulnerabilities
• Qualitative & Quantitative risk modeling and knowledge of risk remediation/mitigation/control processes.
• Experience in related Governance, Risk or Compliance function or role, or even related IT Audit/Assessments