We are the leading provider of professional services to the middle market globally, our purpose is to instill confidence in a world of change, empowering our clients and people to realize their full potential. Our exceptional people are the key to our unrivaled, inclusive culture and talent experience and our ability to be compelling to our clients. You’ll find an environment that inspires and empowers you to thrive both personally and professionally. There’s no one like you and that’s why there’s nowhere like RSM.

We are currently looking for team members to join our Cyber Risk and Data Protection practice. The candidate will work with teams of cybersecurity and privacy staff in a wide variety of systems environments. Our Cyber Risk and Data Protection team serves the cybersecurity and data protection related needs of our clients. This team helps organizations identify their cyber risk, and design and implement program to address those risks and improve their cyber security posture. We serve a diverse base of clients in a variety of industries, and understanding how technology impacts the operation and growth of organizations is what we do best.

Responsibilities:

• Oversee the delivery and management of diverse cybersecurity engagements including the strategic assessment, roadmap development, and coordination of projects that improve cyber program maturity across a variety of cyber disciplines.
• Manage and expand key client accounts and relationships to drive the transformation of clients' operational resilience and cybersecurity agendas
• Communicate effectively with client management and project leaders to build and maintain strong client relationships
• Conduct cybersecurity governance and compliance assessments against various regulatory and industry standards, including but not limited to the NIST CSF, ISO 22301, HIPAA/HITECH, HITRUST CSF, Privacy, FFIEC, FINRA, DORA, NIST SP 800-53 and/or Cyber Resilience
• Design and implement cybersecurity controls that address risk and unify requirements across multiple cybersecurity frameworks
• Assist clients in designing and implementing cybersecurity remediation strategies to enhance the overall maturity of their cybersecurity programs by identifying suitable technologies, policies, and organizational structures
• Clearly articulate findings, observations and recommendations to senior management and clients, both in writing and verbally
• Develop target operating models for cyber security programs including budgets, resource levels, reporting structure, etc
• Advise clients on security budget allocation and resource planning (human and technical) to ensure the security program is sustainably supported and scalable
• Lead the development and ongoing management of multi-year security roadmaps, ensuring tactical projects remain prioritized and aligned with long-term strategic maturity goals 

Required Qualifications:

• 5 - 8 years of experience:
  • Building, leading and developing high performing teams
  • Supporting or operating as a virtual CISO for mid-market clients, providing consistent leadership and oversight of their cybersecurity programs.
  • Mentoring and influencing others both internally and within client organizations
  • Managing client work and drive client communications with limited oversight from RSM Senior Leadership
  • Managing budgets and resource allocation including, but not limited to program and project management
  • Oversee security projects from inception to completion, ensuring they are delivered on time and within budget
  • Monitor project progress, identify potential roadblocks, and implement corrective actions to ensure timely delivery
  • Executing cyber program assessments including risk assessments and control maturity assessments against frameworks such as NIST or CIS
  • Developing prioritized observations as well as developing and communicating strategic roadmaps to enable an organization’s incremental maturity of their cybersecurity posture
• High degree of integrity and confidentiality, as well as ability to adhere to company policies and best practices
• Demonstrated ability to perform quantitative and qualitative analysis of security data
• Basic knowledge of common compliance requirements (e.g., NIST, ISO, CIS, GDPR, CCPA, PCI, HIPPA, HITRUST, DFARS, CMMC, etc.)
• Passion for cybersecurity and ability to self-direct and teach themselves about new and emerging cybersecurity concepts.
• Excellent written and verbal communication skills, with a focus on translating technical requirements for business stakeholders.
• Ability to manage and prioritize multiple tasks in a fast-paced environment, particularly in support of cybersecurity project lifecycles.
• Willingness to travel up to 30% to client sites for various engagements. 
• Strong interpersonal skills with a proven track record in a professional services firm, large consultancy, or similar environment. 
• Demonstrated ability to collaborate effectively, especially with cross-functional teams. 

 Preferred Qualifications:

• Proficiency in Microsoft suite of tools including Excel, OneNote, etc. is desired
• Understanding of secure cloud architecture and design as well as certifications in solutions such as AWS or Azure
• Practical hands-on experience with IT infrastructure components such as servers, firewalls, IDS systems and other network infrastructure components
• Practical hands-on experience with security tools, such as vulnerability scanning solutions, SIEM, EDR, GRC, SOAR, etc.
• Practical hands-on experience with digital identity tools such as Okta, SailPoint, Saviynt, or Microsoft
• Experience using data visualization tools (e.g., Power BI, Tableau) to create meaningful security metrics
• One or more security focused certifications: Certified Information Systems Security Professionals® (CISSP®); Certified Information Systems Auditor® (CISA®); Certified Information Security Manager® (CISM®), etc.
• One or more project management certifications: Certified Associate in Project Management (CAPM) or Project Management Professional (PMP)
• Certifications in business continuity, such as CBCP, ACBP or cybersecurity, such as CISSP, CISM, or CISA. 

At RSM, we offer a competitive benefits and compensation package for all our people. We offer flexibility in your schedule, empowering you to balance life’s demands, while also maintaining your ability to serve clients. Learn more about our total rewards at https://rsmcanada.com/careers/life-at-rsm/rewards-and-benefits.html.

RSM does not tolerate discrimination and/or harassment based on race; colour; creed; sincerely held religious beliefs, practices or observances; sex (including pregnancy or disabilities related to nursing); gender (including gender identity and/or gender expression); sexual orientation; national origin; ancestry; familial or marital status; age; physical or mental disability; citizenship; political affiliation; medical condition (including family and medical leave); domestic violence victim status; past, current or prospective service in the Canadian uniformed service; Canadian Military/Veteran status; pre-disposing genetic characteristics or any other characteristic protected under applicable provincial employment legislation.   

Accommodation for applicants with disabilities is available upon request in connection with the recruitment process and/or employment/partnership. RSM is committed to providing equal opportunity and reasonable accommodation for people with disabilities. If you require a reasonable accommodation to complete an application, interview, or otherwise participate in the recruiting process, please call us at 800-274-3978 or send us an email at [email protected].

At RSM, an employee’s pay at any point in their career is intended to reflect their experiences, performance, and skills for their current role. The salary range (or starting rate for interns and associates) for this role represents numerous factors considered in the hiring decisions including, but not limited to, education, skills, work experience, certifications, location, etc. As such, pay for the successful candidate(s) could fall anywhere within the stated range.