Security Operations

Job SummaryWe are looking for GRC, Audit, SOC ConsultantresponsibilitiesDemonstrate proficiency in Schellman MethodologyGuide associates and peersObtain certifications (ISO LA, CISA, CISSP, AWS CCP, etc.)Successfully run a project from fieldwork through completionUnderstand and demonstrate ability to speak to Schellman's service lines at a high level and their leadersDemonstrate proficiency of SOC 1 GITCs and each Security, Availability, Processing Integrity, Confidentiality, and Privacy SOC 2 criteriaDemonstrate understanding of Principal Service Commitments and System Requirements and how they impact scope of a SOC 2Know all four report opinion outcomes and ability to draft modified opinionsDemonstrate ability to identify if exception(s) would potentially yield a qualified opinionDemonstrate self-organization, consistently and proactively look ahead to future projects, and prepare accordingly•Schellman MethodologyRead STMV quarterly, and demonstrate ability to apply concepts (sampling methodology, TA language structure, exception wording, etc.)Review and demonstrate ability to apply concepts of AS 2.0 Reference GuideReview and demonstrate ability to apply concepts of “EWP WP Guidance”Obtain CCSK and begin pursuing second certification (ISO 27001 LA, CISA, AWS CCP)Understand and demonstrate ability to articulate differences between SOC 1 and SOC 2Participate on project as a shadow or assessor for attestation offerings such as HIPAA, AUP, C5, etc.Begin understanding SOC 1 GITCs and each SOC 2 criteria for the Security, Availability, and Confidentiality categoriesAbility to articulate qualified vs unqualified opinion; know all four types of opinionsLearn Schellman's services and service line leadersAdhere to and complete all matters included in the Associate Score CardAccurately manage and report time worked to each project / initiativeComplying with Schellman’s code of ethics and professional conduct, methodologies, policies, and proceduresAdhering to the professional and regulatory standards relevant to assigned service line specialization(s)Promoting Schellman’s company culture and exemplifying Schellman's valuesEstablishing high quality relationships and rapport with client personnelManaging client expectations to ensure expectations are exceededCompleting assigned duties in a timely manner and with a high attention to detailCollaborating with fellow project team members in a productive and timely manner throughout the life cycle of each projectAdhering to project schedules and keeping fellow project team members apprised of the progress of assigned tasksEscalating issues internally in a proper and timely mannerUsing discretion and decorum in the timing, form, and content of all client communicationsBooking travel reservations in a timely manner and in accordance with Schellman's travel and expense policies and proceduresPerforming the essential functions of other service delivery positions when qualified and called upon to do soAttending project kick-off and closing meetingsExecuting assigned testing procedures, performing detailed analysis, reaching conclusions, documenting results in accordance with company standards, and suggesting ideas for improvements, where applicableDrafting project deliverablesServing as a contact for clients' basic questions regarding an engagementParticipating in recruiting and candidate interview activitiesTraining project team membersAcclimating newer team members to SchellmanContributing to Schellman's practice development effortsDeveloping an expert knowledge of professional and regulatory standards relevant to assigned service line specialization(s)Contributing to Schellman's thought leadership (e.g., articles, webinars, public speaking, etc.)QualificationsBachelor's degree in accounting, finance, business management, technology, or other relevant subject area, or equivalent years of experience directly related to the duties and responsibilities specified2+ years of related professional services experience in information security auditing, assessment, consulting or compliance, focused on ITGC or SOC controlsAbility to work well independently, within a team and with clients as well as travel ~40-50% (M-Th)Maintains (preferred) or working towards obtaining least one certification relevant to Schellman's services (i.e. CPA, CCSK or CISA)Knowledge, Skills, and Abilities:Working knowledge of Schellman’s services, methodology, and relevant professional standardsRequisite knowledge of applicable technology and security domainsHigh level of attention to detail and quality of work productClient service orientedExcellent time management, organizational, and verbal and written communication skillsAbility to work on-site or remotely as a valuable contributor to a collaborative teamCapable of simultaneously managing assigned tasks for multiple projectsProficient using Microsoft Word, Excel, and PowerPoint, as well as Schellman’s service delivery applicationsFull understanding and application of ethics, independence and Schellman’s values

Created: 2025-06-28