It Security Associate Jobs

AAFCPAs is an innovative and forward-thinking firm with a focus on automation. We have enjoyed primarily organic growth and continue our laser focus on sustained growth as an independent regional firm. We are considered an attractive alternative to the Big 4 and National CPA firms. We provide best-value assurance, tax, outsourced accounting, business consulting, information technology advisory solutions, and wealth management services to nonprofit organizations, commercial companies, wealthy individuals, and estates. AAFCPAs donates 10% of its net profits annually to nonprofit organizations. We have an active DE&I committee and have commitment and accountability to these efforts.

AAFCPAs is an independent member of PrimeGlobal, the fourth largest CPA firm association in the world with 300+ member firms in 80+ countries. This provides our clients with seamless national and global coverage, along with an advantageous pay-as-you-use model.

AAFCPAs is seeking a high-energy IT Security Associate who is fully competent, highly ethical, and driven to ensure a positive client experience for the firm’s distinct but integrated Business Process & IT Consulting Practice. This rapidly growing practice area of the firm strengthens the link between IT and finance for our clients, which reduces risk significantly and eases the technology burden. AAF’s Business Process & IT Consultants earn the role of trusted business advisor with solutions such as: internal controls, IT audits, technology risk assessments, IT strategy development, privacy assessment, data analytics, leveraging Cloud services, and outsourcing strategies.

The IT Security Associate will be responsible for assisting Managers in planning and managing engagements, conducting fieldwork, discussing findings and observations during client exit meetings, creating work papers, and preparing written audit reports. The position will also include client service assistance such as advice on internal control approaches, best practices and advising clients in solving critical business issues.

In this role, you will use various security tools to assist clients with identifying and making recommendations on existing vulnerabilities as well as assess infrastructure and systems for IT General Control (ITGC) assessments for clients of the firm. This position provides the opportunity to work with a variety of systems, from traditional office applications to sophisticated security systems, networking, web, and other technologies. It is a fast-paced environment that affords the right candidate unique opportunities and challenges while being exposed to a variety of technologies and applications.

RESPONSIBILITIES

IT Security Services

• Provide input into improving information security reporting and metrics.
• Document audit findings and formulate basic recommendations for improvement.
• Perform or assist with vulnerability scanning, penetration testing, and security assessments.
• Follow established standards to document workpapers in support of engagements.
• Review and update documentation for policies, procedures, standards, regulations, and guidelines.
• Verify adherence to policies, standard operating procedures, applicable regulations, and laws.
• Assist in the preparation of audit reports.
• Assist with engagements that assess the design and operating effectiveness of IT processes and controls to meet client objectives, including alignment with frameworks and compliance with laws and regulations.
• Participate in interviews of key control and process owners.
• Planning, research, and technical design for security solutions in support of strategic security plan.
• Assist with the maintenance and use of the information security tools and applications.

Audit Support

• IT Controls in support of SOC report assessment.
• IT General Controls (ITGCs) in support of financial statement audit.

SOX 404 Internal Audit for IT General Controls

• Strong computer skills including proficiency in Microsoft Office Suite applications, Windows, Active Directory, and Linux.
• Certifications: CISA/CISM, COMPTIA+ Security, CEH or CISSP are a plus.
• Knowledge in one or more of the following is a plus: Java, Python, XML, HTML, C#, Objective C, database design & development including SQL.
• Ability to work on multiple simultaneous projects; must be able to keep the information confidential.
• Excellent analytical, organizational, and project management skills.
• Working knowledge of cloud hosting providers (e.g. Microsoft, Google, Amazon, Oracle) is a plus, but not required.
• Basic knowledge of cybersecurity principles, tools (such as Qualys, Maltego, L0pht Crack, NMAP, Nessus, OpenVAS, Burp, sqlmap, Samurai, Metasploit, Yersinia), and appliances is a plus.
• Excellent verbal, written, and presentation skills.
• One to two years of IT Security experience in a similar practice or function with a reputable firm.
• Experience with exceptional client service and communication skills with a demonstrated ability to develop and maintain outstanding client relationships.
• Bachelor's degree in Information Technology, Computer Science, or a related field of study. Relevant work experience may be substituted for this requirement.

ATTRIBUTES

• Proactive, flexible and the ability to multi-task.
• Driven – wants to make a difference and contribute positively to our future success.
• Critical Thinking: the thoughtful process of analyzing data and problem solving data to reach a well-reasoned solution.
• Ability to present information clearly both internally and to clients.
• Honesty and Integrity – Displays the highest standards of and ethical conduct personally and professionally and contributes to maintaining the ethics and values of the firm. Accountability – accepts responsibility for starting, controlling, and concluding job tasks and assignments; accepts responsibility for behavior.
• Ability to exercise discretion and good judgment.
• Exceptionally well organized and detail-oriented.
• Ability to handle tight deadlines and multiple priorities.
• Proven time management and prioritization skills.
• Ability to maintain a good working relationship with coworkers and clients.

• Minimal travel is required.

• Competitive salary
• Flexible office location (Westborough, Wellesley, Boston)
• Generous PTO
• Comprehensive benefits package which includes subsidized medical and dental, 401(k) savings plan, life insurance, and short-term and long-term disability, plus more.

All your information will be kept confidential according to EEO guidelines.