Risk Advisory (Associate - Consultant)– Remote (Mexico)

About us: At Echelon Risk + Cyber, we believe in defending the basic human right to security and privacy. We are looking for an exceptional Risk Advisory Associate to support the execution of Risk Advisory client engagements. This includes leading and executing relevant tasks, as well as assisting in developing service deliverables and internal processes that will drive value for the team and clients.

Our next team member will be authentic, articulate, and passionate about Cybersecurity, and will be unafraid to roll up their sleeves and dive deep into the unknowns, using their security expertise to identify opportunities to increase Echelon Risk + Cyber's overall capabilities internally and for our clients.

At Echelon, you will have the opportunity to work with systems at the cutting edge of technology. We allow our employees to build from the ground up and make an impact across the organization. We look for driven, proactive people eager to contribute to a distinct and thriving Cybersecurity services organization that can adapt to a rapidly changing environment.

This is a remote position from anywhere in Mexico.

• Assist in the planning, development, execution, and reporting of cybersecurity risk and maturity assessments against frameworks such as NIST CSF, SOC 2, PCI and CMMC.
• Collaborate with IT management and client leadership to develop roadmaps to enhance client maturity.
• Develop and maintain Cybersecurity policies and procedures.
• Review and assess security and technology controls against cybersecurity best practices and compliance frameworks.
• Collaborate with clients to develop Incident Response Plans, Incident Response Playbooks, and Tabletop Exercises tailored to each client's environment and needs.
• Document results, create client reports, and communicate results to client management and other stakeholders.
• Work collaboratively with our clients and other team members to identify information security risks and challenges and provide actionable recommendations and solutions.
• Demonstrate consistency, versatility, and adaptability while managing simultaneous client engagements and priorities and delivering quality results in a timely fashion.
• Work with the internal team to develop and plan engagement strategies, define objectives, identify and provide recommendations to address client risks.
• Create client-facing presentations, reports, and analytics.
• Develop long-term roadmaps to assist clients in reaching their desired maturity level.
• Perform business impact analyses and develop Business Continuity Plans and Disaster Recovery Plans.
• Assist leadership in the creation of proposals, budgets, work plans, and other business development efforts.
• Establish exceptional internal and client relationships using strong communication skills.
• Produce thought leadership for the organization's website blog on a regular basis.
• Actively engage in the cybersecurity community by attending or speaking at local or national conferences.

• 2+ years of related professional services consulting experience in the cybersecurity industry.
• Focus on Governance, Risk, and Compliance planning, development, and management.
• Knowledge of GRC Platforms/Tools to assist with Assessments and Compliance Management.
• Risk management experience, including performing assessments and audits, designing information security controls and processes, and evaluating and prioritizing risk.
• Experience with a variety of information security frameworks and best practices (e.g., CIS, NIST, PCI, CMMC, ISO, GLBA, FFIEC, SOX, SOC, HIPAA, HITRUST, etc.).
• Experience with incident response, business continuity, and disaster recovery planning is preferred.
• Project Management experience preferred.
• Certifications recommended: CISSP, CISA, CISM, or similar certification.
• Ability to manage and prioritize multiple projects simultaneously and adapt in a demanding and changing environment.
• Although this is not a technically oriented role, knowledge of Cloud systems, applications, security services/tools (e.g., EDR, MDR, SIEM, Vulnerability Scanning, Email Security, Backup/DR, MDM), Firewalls, Basic Networking, Data Security, IAM/SSO, etc., will be beneficial in an advisory capacity.
• Displays intellectual curiosity by seeking opportunities to develop and demonstrating a willingness to learn.
• Strong attention to detail and superior analytical, technical, and problem-solving skills.
• Excellent verbal and written communication skills with experience crafting professional messages and adjusting communication style based on audience.
• Preferred experience working with financial services, healthcare, or regulated industries.
• Authorized to work in Mexico.

• Bachelor's Degree or equivalent in a relevant IT or Cybersecurity major.
• Big Four consulting, or similar, GRC experience in a client-facing role.

We are committed to creating an inclusive environment for our team with unquestioned integrity. If you have a special need that requires accommodation, please let your recruiter know. One of our core values is "People with Personality" and we want to allow you the space to bring your full self to work.

• Access to private medical insurance through MetLife.
• Life insurance policy via MetLife.
• 30-day Christmas bonus and a monthly technology stipend.
• Contribution of 8% of the employee's salary to a savings fund.
• Flexible vacation policy that allows you to manage your schedule and rest and recharge when you need to.
• Family-friendly benefits, including 16 weeks off for maternity leave, 8 weeks off for non-birthing parent leave, and employer-paid short-term and long-term disability.
• Support for individual development through certifications, continued learning, conferences, and more.

We value a diverse workforce and a culture of inclusivity and belonging. All employment decisions shall be made without regard to age, race, creed, color, religion, gender, national origin, ancestry, disability status, veteran status, sexual orientation, gender identity or expression, genetic information, marital status, citizenship status or any other basis as protected by federal, state, or local law. Echelon Risk + Cyber is an Equal Opportunity Employer.