Senior Consultant - Cyber Security

About The Position

Requirements

• Federal Reserve Board (FRB) / SR 11-7 model risk, SR 20-24 and SR 21-14 cyber and operational resilience guidance, MRAs and MRIAs.
• OCC Heightened Standards (12 CFR Part 30, Appendix D) and OCC cyber risk expectations.
• NY DFS Part 500 — including the 2023 amendments: CISO reporting to the Board, governance, 72-hour incident notification, ransomware payment notification, asset inventory, MFA, encryption, and Class A company requirements.
• FFIEC Cybersecurity Assessment Tool, IT Examination Handbook (Information Security, Business Continuity, Operations).
• SEC Cybersecurity Disclosure Rules (Regulation S-K Item 106, Form 8-K Item 1.05) and Reg S-P amendments.
• NIST CSF 2.0, NIST 800-53, NIST 800-171; ISO/IEC 27001/27002; CIS Controls.
• Incident Management: Hands-on experience leading or coordinating IR for ransomware, business email compromise, third-party breach, insider, and nation-state events.
• Working knowledge of NIST SP 800-61, MITRE ATT&CK, and the practical mechanics of containment, eradication, and recovery in complex enterprise environments.
• Comfort coordinating across legal, privacy, communications, forensics (Mandiant, CrowdStrike, Kroll, Unit 42), insurance, and regulators under time pressure.
• Experience drafting and defending incident notifications and regulator communications under NY DFS Part 500, SEC 8-K Item 1.05, GDPR, and state breach laws.
• Vulnerability Remediation & Patch Management: Demonstrated experience designing or remediating enterprise VM programs: scanning coverage, risk scoring (CVSS, EPSS, KEV), SLA design, exception governance, and metrics.
• Operational familiarity with Qualys, Tenable (Nessus / Tenable.io / Tenable.sc), Rapid7 InsightVM, Wiz, Microsoft Defender for Cloud, and ServiceNow Vulnerability Response.
• Patch management at scale across Windows, Linux, network, container, and cloud workloads — including the political work of getting business units to actually patch.
• Identity & Access Management (IAM): Strong grasp of IAM domains: identity governance and administration (IGA), privileged access management (PAM), authentication and federation, joiner-mover-leaver, access certification, and SoD.
• Working experience with at least two of: SailPoint, Saviynt, Okta, Azure AD / Entra ID, Ping, CyberArk, BeyondTrust, Delinea.
• Practical experience reducing standing privilege, designing role models, and remediating common findings (orphaned accounts, toxic combinations, shared service accounts, weak recertification).

Nice To Haves

• SOX ITGC, PCI DSS 4.0, GLBA Safeguards Rule, and SOC 1/SOC 2 attestation work

Responsibilities

• Lead regulatory remediation programs. Translate MRAs, MRIAs, Matters Requiring Attention, Consent Orders, and 500.17 (NY DFS) cybersecurity event notifications into prioritized remediation plans with defensible milestones, evidence requirements, and validation criteria.
• Run point with examiners and internal audit. Prepare clients for FRB, OCC, FDIC, NY DFS, SEC, and FFIEC exams and continuous-monitoring touchpoints. Draft response letters, walkthroughs, and evidence packages. Defend the work.
• Drive technical remediation, not just documentation. Partner with client CISO, IT Risk, Infrastructure, and IAM teams to actually close findings — not just status-report them. Push for engineering outcomes, not slideware.
• Run cyber incident response engagements. Lead or co-lead client-side IR for material events: containment strategy, forensic coordination, regulator and law-enforcement notification timing, executive and board communications, and post-incident remediation.
• Strengthen vulnerability and patch management programs. Assess current-state VM/patch operations, design risk-based SLAs, build exception governance, and operationalize tooling (Qualys, Tenable, Rapid7, Wiz, ServiceNow VR) so remediation actually happens at SLA.
• Lead IAM remediation workstreams. Drive privileged access management, joiner-mover-leaver, recertification, segregation-of-duties, and identity governance improvements. Reduce standing privilege and clean up the access debt regulators flag.
• Coach the team. Mentor analysts and consultants. Review their deliverables. Raise the bar on what “good” looks like in a remediation deliverable.
• Grow the practice. Contribute to proposals, thought leadership, and methodology assets. Identify follow-on work with existing clients.

Benefits

• We are committed to diversity in the workplace. We are an inclusive employer and welcome and encourage applications from all qualified candidates. Applicants’ needs will be accommodated during our recruitment and selection process so please advise us if you require accommodation.