Senior Associate/Cybersecurity Consultant Due Diligence Advisory (Forensic Services practice)

Charles River AssociatesWashington, DC
$130,000 - $152,500Hybrid

About The Position

Charles River Associates (CRA) is seeking a Cybersecurity Consultant to join their Forensic Services practice, specifically within the Due Diligence Advisory team. This role focuses on evaluating and managing cybersecurity risk for clients, involving client-facing assessments, interviews, workshops, and executive readouts. The consultant will be responsible for defining engagement scopes and Statements of Work (SOWs), aligning deliverables with frameworks like NIST CSF, and assessing cybersecurity posture in transaction and investment contexts. Key responsibilities include distinguishing material risks, tailoring findings for private equity, legal, and executive stakeholders, executing cyber due diligence through documentation review and control evaluation, and supporting incident readiness reviews and broader cyber resilience assessments. The role also involves collaborating with CRA’s incident response team to identify risk themes and translate observations into proactive engagements. The position requires producing high-quality, client-ready reports with prioritized findings and recommendations, supporting proposal development, and bridging technical cybersecurity findings into business risk narratives. The ideal candidate will have a strong advisory mindset, client management skills, and the ability to connect various cybersecurity domains into a cohesive assessment.

Requirements

  • Approximately 5–7 years of experience in cybersecurity consulting, advisory, or due diligence.
  • Comfortable leading discussions with CIOs, IT Directors, and legal stakeholders.
  • Strong ability to guide conversations, ask structured questions, and manage meetings effectively.
  • Excellent executive communication skills with clear, concise, and unambiguous delivery.
  • Experience drafting or contributing to Statements of Work (SOWs), engagement letters, and proposals.
  • Ability to translate loosely defined client needs into structured deliverables and timelines.
  • Strong commercial awareness, including understanding scope boundaries and identifying opportunities to expand engagements.
  • Ability to tailor scopes and findings to transaction, diligence, or investment-focused objectives, including identifying issues that are likely to be material to legal, private equity, or executive decision-makers.
  • Impeccable written communication skills, including grammar, structure, and formatting.
  • Ability to produce logically consistent, defensible findings and recommendations.
  • Experience delivering polished, client-ready cybersecurity risk reports.
  • Ability to prioritize findings based on business impact, articulate critical versus lower-priority issues, and develop executive-ready narratives that support practical decision-making.
  • Strong working knowledge of NIST Cybersecurity Framework (primary).
  • Knowledge of supporting frameworks such as CIS Benchmarks, ISO 27001, SOC 2 Type II, HIPAA, and HITRUST.
  • Ability to map controls, identify gaps, and translate findings into business risk and impact.
  • Ability to evaluate how controls operate together across governance, identity, endpoint, cloud, recovery, and monitoring layers as part of a broader security program or resilience assessment.
  • Broad understanding of core cybersecurity domains, including: Identity & Access Management (e.g., Active Directory, Entra ID), Endpoint security (e.g., EDR/MDR solutions such as CrowdStrike), Vulnerability management tools (e.g., Tenable, Qualys), Backup and recovery strategies (RTO/RPO, immutability), Email security (phishing protection, DMARC, MFA), Asset inventory, device management, and patch lifecycle practices.
  • Comfort reviewing supporting documentation such as security policies and standards, architecture diagrams, control evidence, recovery procedures, and technical configurations in order to assess design and operating effectiveness.
  • Ability to connect these domains into a comprehensive security program narrative.
  • Strong organizational and time management skills, with the ability to manage multiple workstreams simultaneously.
  • High level of ownership, attention to detail, and ability to deliver work independently with minimal oversight.
  • Ability to help develop reusable assessment content, templates, and client-ready materials that support scalable proactive service delivery across multiple engagement types.

Nice To Haves

  • Experience supporting cyber resilience assessments, incident readiness reviews, tabletop exercises, or related preparedness-focused engagements.
  • Experience collaborating with incident response, forensic, or crisis management teams to translate post-incident observations into proactive assessment, readiness, or remediation-focused engagements.
  • Exposure to tools such as CrowdStrike, Tanium, Microsoft 365, Azure/Entra ID, and AWS.
  • Ability to evaluate and interpret tooling deployment, configuration, and coverage in an advisory context rather than operate as a dedicated implementation engineer.
  • Certifications such as CISSP, CISM, CISA, PMP, or similar.

Responsibilities

  • Lead and participate in client-facing assessments, including interviews, workshops, and executive readouts.
  • Translate client discussions into clearly defined engagement scopes and Statements of Work (SOWs).
  • Assess cybersecurity posture in transaction and investment contexts.
  • Distinguish material risks from broader program maturity gaps.
  • Tailor findings to the needs of private equity, legal, and executive stakeholders.
  • Execute cyber due diligence and proactive security assessments through documentation review, stakeholder interviews, and control evaluation.
  • Support incident readiness reviews, tabletop exercises, and broader cyber resilience assessments.
  • Collaborate with CRA’s incident response team to identify recurring risk themes and control gaps.
  • Produce high-quality, client-ready reports that include prioritized findings, risk-based recommendations, and executive-level summaries.
  • Support senior team members in proposal development and business development efforts.
  • Bridge technical cybersecurity findings into clear business risk narratives for legal, private equity, and executive audiences.
  • Contribute to the development of repeatable assessment methodologies, templates, and client-facing deliverables.

Benefits

  • Medical insurance
  • Dental insurance
  • Vision insurance
  • 401(k) retirement plan with employer match
  • Life insurance
  • Disability insurance
  • Paid time off (vacation, sick leave, holidays)
  • Paid parental leave
  • Wellness programs
  • Employee assistance resources
  • Commuter benefits
© 2026 Teal Labs, Inc
Privacy PolicyTerms of Service