top of page

Senior Consultant

Full-Time

In-Person, Remote, Hybrid

Description

We are seeking a highly motivated and experienced Senior Consultant to support and execute IT Audit, Risk, and Advisory engagements. This role is hands-on and detail-focused, involving direct testing of security and IT controls, documentation of results, and development of practical recommendations for clients in regulated industries.

Responsibilities include evaluating the design and operating effectiveness of technical and procedural controls, supporting IT risk assessments, performing Microsoft 365 security and configuration reviews, executing NIST CSF and CMMC readiness assessments, and drafting clear, actionable findings and observations. The role requires strong analytical thinking, professional communication skills, and the ability to deliver high-quality work across multiple concurrent projects in dynamic client environments.

Requirements

  • 5+ years of professional experience in IT audit, cybersecurity consulting, or related information risk management or technology roles

  • Hands-on experience implementing or assessing against industry frameworks such as NIST CSF, CMMC, CIS Controls, PCI, or HIPAA

  • Demonstrated experience leading or supporting incident response activities, including coordination, documentation, and post-incident review

  • Experience conducting NIST CSF assessments with maturity ratings and actionable output

  • Experience delivering vCISO advisory services, including policy development, control gap assessments, or risk governance activities

  • Experience with Microsoft 365 configuration and security reviews, including tenant-level security posture evaluations

  • Strong experience performing IT audit or cybersecurity assessments, with an ability to work independently and within a team

  • Excellent written and verbal communication skills, including the ability to present findings to both technical and non-technical audiences

  • Proficiency in Microsoft Office tools (Excel, Word, PowerPoint)

Nice to Have (But Not Necessary)

  • Relevant certifications such as CISSP, CISA, Security+, CCA, or CCP (preferred, or willingness to obtain within 12 months)

  • Experience with tools such as Microsoft Secure Score, Defender, Purview, or Compliance Center

  • Familiarity with GRC platforms or automated assessment tools

  • Experience with vendor risk assessments, data classification, or incident response planning

  • Prior consulting experience in regulated industries such as banking, healthcare, or manufacturing

About Deer Brook

Apply Now

Ready to apply?

 

Send your resume directly to our team now at careers@deer-brook.com.

A diamond shape
A decorative diamond shape
bottom of page