Bonadio Group, The

ERM Principal Consultant: Cyber Security and Compliance

US-NY-Pittsford | US-NY-Syracuse | US-NY-Albany | US-NY-New York
1 week ago
# of Openings
IT Audit/ Risk Managment


We have a tremendous opportunity for a Principal Consultant, senior level client service professional to work as Cybersecurity and Compliance Consultant in the Enterprise Risk Management (ERM) team. A qualified candidate could have a home office in any of our locations including, Buffalo, Rochester, Syracuse, Albany, and NYC. This hands-on role would involve technical cybersecurity and other risk assessments across a diverse set of clients in all vertical markets including healthcare, banking, credit unions, government, labor, and retail in both private and public organizations. A qualified applicant would have a demonstrable consulting background in the cybersecurity and risk assessment/management areas along with strong technical infrastructure, operations and management understanding.


  • Performing a range of cybersecurity, pentation testing management, risk and regulatory compliance assessments, technical audits, regulatory gap analyses
  • Provide focused and required remediation and mitigation for organizations with 15 to 100000 employees across our key vertical markets
  • Actively lead projects and perform work in the areas of HIPAA/HITECH, FISMA, HITRUST, GLBA, ISO27001, NIST 800-53 and Cybersecurity, PCI-DSS, OWASP, CIS, SSAE 18 SOC 2, and multiple state and international data security laws and regulations
  • Communicating with project stakeholders to effectively convey requirements of technical and process improvements
  • Develop customized policies, procedures and controls, disaster recovery plans and technical documentation for applications, systems and infrastructure
  • Possess an in-depth knowledge of cybersecurity and various frameworks (i.e CobiT, NIST, ISO, HITRUST, PCI, etc.)
  • Experience in managing policy exceptions, including working directly with the teams to document exceptions, identify compensating controls and remediation action plans


  • Must have at least one Security, Risk or IT certification to include: CISSP, CISM, and/or CISA.
  • Additional certifications that are preferable include: CCSFP, ISO 27001 Lead Auditor, PCI QSA, PCI ISA, CRISC, CEH, GCIH, GWAPT, GPEN, GCFE
  • CPA and CCSFP with any of the above qualifications is desirable
  • Detailed understanding of compliance activities in healthcare, banking, retail and B2C environments including regulatory, privacy, international laws and statutory requirements.
  • Risk Assessment and Mitigation: cybersecurity, risk frameworks, maturity models, and enterprise IT security risk methodologies.
  • Governance and Risk Control in vendor management, policy frameworks, control design and security design/architecture.
  • Deep understanding of security architecture: infrastructure, network and systems design.
  • Knowledge of and hands-on experience with NIST, HIPAA, FISMA, FERPA, GLBA, ISO27001/2, PCI audits and PCI attestations.



  • Communicate effectively across business and technical boundaries.

  • Work independently without detailed guidance.

  • Be proficient in writing executive level reports and technical documentation.

  • An ideal candidate would have but is not required to have CPA, HITRUST and/or QSA

  • Travel to client locations is required.

Education and Experience:

  • minimum of an Associates Degree (AS). BS degree is a plus

  • Minimum 5 to 10 years of experience in Cybersecurity consulting or the Information Assurance, Enterprise Risk or Compliance field.


  • Our office hours are 8:00 a.m. to 5:00 p.m.
  • Our summer hours are 8:00 a.m. to 5:00 p.m. Monday through Thursday, and 8:00 a.m. to noon on Friday. 
  • The ability to work additional hours during busy season is critical, but the rest of the year, flexibility is key.

In the fast-changing accounting industry, The Bonadio Group is always on the cutting edge of growth and innovation. Top-rated employee policies keep our workforce energized and advancing, and because of our many teams and specialty services, we offer more paths to partnership, including non-traditional arrangements. Add to that our robust training and mentoring programs, and the opportunities for growth really add up. Truly, at Bonadio, your trajectory is limitless. We are the nation’s 38th largest CPA and consulting firm, and the biggest in Upstate New York. Get on board, grow with us, and find your path to partnership. Apply today!


We are an Equal Opportunity/Affirmative Action Employer


Sorry the Share function is not working properly at this moment. Please refresh the page and try again later.
Share on your newsfeed