Our people are core to everything we do - the catalyst behind our ability to create exceptional impact and extraordinary results.
We believe in flexibility. We focus on relationships. We encourage each individual to follow their own path. And we seek feedback openly, from all.
People matter here and they feel it.
And we value curiosity. Curious is more than a personality trait. It's a way of thinking. Of learning. Of working.
There's purpose in this wonder. It makes us better. It makes us Wipfli.
If you want to be in an environment where you can make a difference - and make a professional home - Wipfli is the place for you.
Check out our Glassdoor Reviews to hear what people are saying about employment at Wipfli!
Assist, execute and lead security and risk consulting engagements:
- Perform consulting engagements with our clients using proven methodologies that include identifying client capabilities, executing assessments, identifying gaps between standard protocols and client given state, and identifying and consulting on recommendations to mitigate risk and implement recommendations.
- Perform assessments, develop written reports and other deliverables, and present results to clients.
- Manage scope, budget and timeframes for completion of engagements.
- Provide engagement support to clients, coordinate across multiple projects, interface and manage expectations and delivery of services with clients.
- Oversee and mentor junior consultants and ensure their work is in line with engagement and client requirements.
- Assist clients with improving their cybersecurity risk by communicating results of assessments in terms of business impact and assist clients with identifying and understanding remediation actions required to reduce risk.
- Be an advocate and resource for clients for cybersecurity topics.
Assist with business development:
- Work with clients to understand and define business and technology needs and requirements, provide subject matter expertise to answer client's questions and concerns, and identify and align services with client's needs.
- Define service scope, develop statements of work, identify resource requirements, assumptions, and estimates and assist in development of engagement letters.
- Identify client's security and technology needs and identify business development opportunities as outcomes of assessment activities.
Develop and maintain competence and thought leadership in information and cybersecurity:
- Participate in the Continuing Professional Education program, essential to competence and continued professional growth, including obtaining and maintaining appropriate certifications in their areas of expertise.
- Stays abreast of current cyber security trends and threats to ensure that solutions provided to clients are applicable.
- Assist in ongoing research and development, review and improvement of cybersecurity consulting services and deliverables.
- Mentor other team members on subject matter expertise.
Day to Day Responsibilities
Lead or participate on engagements that perform information and cyber security risk assessments and deliver reports with results, gaps, findings and recommendations, to include assessments for:
- CMMC NIST DFARS and 800-171
- Cybersecurity Health Checks
- FFIEC Cybersecurity (CAT) and NCUA ACET
- NIST Cybersecurity Framework (CSF)
- Microsoft Security technologies
- Information security program
Assist clients with the implementation of their information security programs including development and consulting assistance with:
- Information security initiatives, plans, roadmaps and plan of actions and milestones (POAMs).
- Written information security program and policy documentation
- Program governance, roles and responsibilities, management oversight
- Vendor and third party risk management program support and due diligence
- Business continuity and incident response plans
- Key performance indicators, metrics, security dashboards and
- Security awareness training
Provide security analyst and consulting services to clients including:
- Assessing, identifying requirements for, and making recommendations on security technologies
- Program and project management
- Security business analysis
- Bachelor's degree in Information Security, Information Technology or related discipline
- 7-10 years related experience and/or training; or equivalent combination of education and experience in similar role
- Record of success and hands on experience with security risk management disciplines, including cybersecurity assessments, security program governance, IR Risk Management, business continuity, incident response, vendor management, and security testing services
- Functional understanding of IT infrastructure and components
- Demonstrated experience with risk management frameworks, including:
- Cybersecurity Maturity Model Certification (CMMC)
- NIST CSF, NIST 800-53, NIST 800-171, DFARS, ITAR
- Financial Industry frameworks including FFIEC, NCUA, CAT, ACET
- Payment Card Industry Data Security Standards (PCI/DSS)
- Demonstrated security and risk knowledge through attainment of industry security certifications desired, such as, CISSP, CRISC, CISM, CISA and CBCP
- Prior experience in a consultant role
- Ability to communicate and present to all levels of client personnel
- A high level of initiative, strong written and verbal communication skills and business acumen oriented around small to middle market companies
- Strong organizational skills in coordinating multiple projects/tasks simultaneously, and meeting deadlines
- Great attention to detail and problem solving skills
- Proficient in productivity and security tool sets, including Microsoft BI, Teams, SharePoint, Word, Excel, O365, GRC and Risk Management toolsets and CRM
Wipfli is an equal opportunity/affirmative action employer. All candidates will receive consideration for employment without regards to race, creed, color, religion, national origin, sex, age, marital status, sexual orientation, gender identify, citizenship status, veteran status, disability, or any other characteristics protected by federal, state, or local laws. #LI-SC1