Senior Associate/Cybersecurity Consultant Due Diligence Advisory; Forensic Services practice
Listed on 2026-07-18
-
IT/Tech
Cybersecurity, Information Security
Senior Associate/Cybersecurity Consultant Due Diligence Advisory (Forensic Services Practice)
CRA is seeking a Cybersecurity Consultant (Assessments / Due Diligence / Advisory) to support client engagements focused on evaluating and managing cybersecurity risk. In this role, you will lead and participate in client-facing assessments, including interviews, workshops, and executive readouts, while operating with a high degree of independence and confidence.
You will be responsible for translating client discussions into clearly defined engagement scopes and Statements of Work (SOWs), aligning deliverables with frameworks such as the NIST CSF and transaction-specific objectives. This includes the ability to assess cybersecurity posture in transaction and investment contexts, distinguish material risks from broader program maturity gaps, and tailor findings to the needs of private equity, legal, and executive stakeholders.
The role includes executing cyber due diligence and proactive security assessments through documentation review, stakeholder interviews, and control evaluation. The role may also support incident readiness reviews, tabletop exercises, and broader cyber resilience assessments to help clients evaluate preparedness, decision-making, and recovery capabilities before or after a cyber event. The role will also work closely with CRA's incident response team to identify recurring risk themes and control gaps from active and recently closed matters, and help translate those observations into follow-on proactive engagements including gap assessments, tabletop exercises, resilience reviews, and broader security uplift efforts.
This position requires producing high-quality, client-ready reports that include prioritized findings, risk-based recommendations, and executive-level summaries. You will also support senior team members in proposal development and business development efforts, while bridging technical cybersecurity findings into clear business risk narratives for legal, private equity, and executive audiences. You will also contribute to the development of repeatable assessment methodologies, templates, and client-facing deliverables across CRA's proactive cybersecurity service offerings.
The ideal candidate demonstrates a strong advisory mindset, the ability to independently manage client conversations, and the capability to connect multiple cybersecurity domains—including identity and access management, endpoint security, vulnerability management, backup and recovery, email security, and asset management—into a cohesive and defensible security program assessment. The ideal candidate should also be able to translate technical observations into clear business, legal, and transaction-oriented risk narratives for executive and client stakeholders.
(If this job is in fact in your jurisdiction, then you may be using a Proxy or VPN to access this site, and to progress further, you should change your connectivity to another mobile device or PC).