ABOUT US

Salus GRC is a next generation Governance, Risk and Compliance (“GRC”) advisory firm.  We provide Cybersecurity and Regulatory Compliance consulting services for investment firms such as hedge funds, private equity firms and other investment advisers.  We are a team of experienced entrepreneurs and practitioners committed to building a people-centric business that sets a new standard for excellence in our industry.

JOB DESCRIPTION

Salus GRC is seeking a Senior Associate for its Cybersecurity team who will assist our clients in designing, implementing and maintaining their cybersecurity programs.  The ideal candidate will have an enthusiasm for gaining a comprehensive understanding of cybersecurity best practices and compliance frameworks, particularly as they apply to the investment industry.

WORK ENVIRONMENT

Salus GRC is committed to attracting and retaining the best talent possible throughout the U.S.  Most of our cyber team works remotely but for people who prefer to work in an office, we have a location in midtown Manhattan.

KEY RESPONSIBILITIES

The Senior Associate will work closely with our cybersecurity consulting and engineering teams, our clients and their IT teams on the following:

• Cybersecurity Program Oversight: Proactively manage assigned client relationships and projects with senior Salus GRC team members, including providing expert advice and an excellent client experience.
• Risk Assessments: Conduct risk assessments and prepare detailed reports highlighting clients’ cybersecurity risks and proposed recommendations.
• Service Provider Due Diligence: Conduct cybersecurity due diligence on service providers, portfolio companies and others.
• Policy Development: Develop written information security policies and procedures, incident response plans and business continuity plans.
• Training and Education: Manage cybersecurity training programs and phishing tests.
• Vulnerability Management: Conduct and analyze vulnerability and external attack surface assessments.
• Penetration Testing: Assist with external, internal and web application penetration tests.
• Cloud Security Assessments: Candidates with a background in Microsoft 365 or other cloud platforms will have the opportunity to assist with cloud security assessments.
• Advice and Guidance: Provide guidance and assistance to clients in addressing cybersecurity-related inquiries and challenges.
• Status Tracking: Monitor project statuses, update internal trackers, and provide status updates to clients.
• Special Projects: Perform special projects/ad-hoc work to support Salus GRC on various client and internal initiatives.
• Learning Opportunities: Interested candidates will have the opportunity to learn additional technical skills such as Microsoft 365 and other cloud security assessments.

QUALIFICATIONS

• Bachelor’s degree or equivalent technical training. Cybersecurity certifications (Security+, CISSP, ISC(2) Certified in Cybersecurity, etc.) a plus, but not required.
• 2 – 4 years’ experience in cybersecurity and/or 4 – 10 years’ experience in IT managed services. Experience working with investment firms a plus.
• Knowledge of or ability and willingness to learn SEC cybersecurity regulations and related financial industry requirements.
• Strong analytical, research, and problem-solving skills.
• Excellent communication and interpersonal skills to work effectively with clients.
• Ability to manage multiple tasks, meet deadlines, and adapt to a dynamic and evolving regulatory environment.
• High ethical standards, discretion, and the ability to handle sensitive information with confidentiality.
• Strong organizational skills with attention to detail.
• Strong oral and written communication skills.
• Proficient with Microsoft Office applications and comfortable working in a tech-enabled environment.

Salary Range:  $75,000 – $100,000