IT Audit, Risk and Cybersecurity - Senior Associate

Job Description

As Cohn Reznick grows, so do our career opportunities. As one of the nation’s top professional services firms, Cohn Reznick creates rewarding careers in advisory, assurance, and tax with team members who value innovation and collaboration in everything they do!

We currently have an exciting career opportunity for a Senior Associate to join the IT Audit and Cybersecurity (CMMC) team in our Risk Advisory practice.

Cohn Reznick is a hybrid firm and most of our professionals are located within a commutable distance to one of our offices. This position is considered hybrid which means team members are expected to be thoughtful and intentional in how they create opportunities for in‑person collaboration. While the cadence of in‑office presence is determined at the team level, our professionals are encouraged to be in the office/together in person on average 3 days a week.

Join a diverse team of fun‑loving, energetic professionals with decades of experience managing security, technology, and privacy risks in nearly every industry sector who have a passion for creating tailored solutions that go beyond technology offerings or tools and help clients reduce cost of compliance while mitigating risks.

At Cohn Reznick, we’re united by a common mission to create opportunity, value, and trust for our clients, our people, and our communities. Whether it’s working alongside your peers to solve a client challenge, or volunteering together at the local food bank, there are so many ways to find your “why” at the firm.

We believe it’s important to balance work with everyday life – and make time for enjoyment and fun. We invest in a robust Total Rewards package that includes everything from generous PTO, a flexible work environment, expanded parental leave, extensive learning & development, and even paid time off for employees to volunteer.

The Senior Consultant will support and lead the execution of IT audit, IT risk management, and cybersecurity assessment engagements for a diverse client base, including organizations subject to regulatory, contractual, and federal cybersecurity requirements. This role will play a key part in performing risk‑based IT audits, cyber maturity and compliance assessments, and advisory services.

The Senior Consultant is expected to work independently on assigned areas, contribute to client deliverables, mentor junior staff, and collaborate closely with Managers and Partners to deliver high‑quality, practical solutions.

• Execute and support risk‑based IT audits and IT risk assessments, including evaluation of IT general controls (ITGCs), automated application controls, and key technology‑enabled business processes.
• Assess control design and operating effectiveness across domains such as access management, change management, system development lifecycle (SDLC), incident response, and vendor management. Support SOX‑relevant IT controls testing, internal audit co‑sourcing, and other compliance‑driven engagements as applicable.
• Identify control gaps, assess risk impact, and develop clear, actionable recommendations for remediation.

• Perform cybersecurity assessments and readiness reviews aligned to CMMC, NIST SP 800‑171, NIST CSF, ISO
  27001, and other recognized frameworks.
• Support or lead CMMC gap assessments, readiness assessments, and advisory activities for organizations in the Defense Industrial Base (DIB).
• Assist in evidence collection, validation, and analysis for cybersecurity and compliance assessments.
• Contribute to development of client deliverables, including assessment reports, risk summaries, and management presentations.

• Serve as a day‑to‑day engagement team member, managing assigned work streams and coordinating with team members and client stakeholders.
• Simultaneously serve multiple engagements while maintaining high quality standards.
• Work with clients in a broad array of industries including information technology, financial services, retail & consumer products, pharmaceuticals, electronics,…