IT Audit Practice Manager

Job Description:

The Practice Manager role is a full-time position focused on client service, with flexibility for overtime as necessary to meet job and client needs. As Practice Manager, you'll need at least one of the following certifications: CISA, CISSP, QSA, CISM, CPA, PCI QSA, ISO 27000 LA. Your main responsibilities will involve planning and conducting cybersecurity and compliance assessments, overseeing projects and teams, and participating in various management functions within the cybersecurity professional services practice.

Duties and Responsibilities

• Lead projects, teams, and client engagements across our service spectrum (including SOC reporting, PCI, HIPAA, ISO 27000, NIST 800-53/171, HITRUST, Vendor Privacy Assurance, GDPR, and other risk-based projects).


• Strategize, execute, and oversee cybersecurity assessment and compliance projects tailored to each project's specific needs and context.


• Manage multiple concurrent projects, handling scheduling and administrative tasks. Review and draft audit reports accurately depicting procedures, testing outcomes, control weaknesses, and potential risk exposure.


• Utilize expertise to document and evaluate client computer systems, offering recommendations for technology system and infrastructure enhancements.


• Ensure the proper functioning of information systems applications, infrastructure, and controls.


• Conduct integrated reviews of financial, accounting, operational, systems, and management controls based on risk assessment.


• Work on multiple projects at varying stages, seeing them through to completion and delivering final reports.


• Cultivate and maintain strong client and team relationships, implementing effective retention practices.


• Foster a collaborative team environment, providing coaching, training, and development opportunities for junior staff.


• Conduct detailed reviews of workpapers, reports, proposals, and other materials to ensure high-quality deliverables.


• Undertake original work in technical or complex areas when required.


• Be available for travel to client sites as needed.

Required Qualifications

• Bachelor's degree in Management Information Systems, Cybersecurity, Accounting, Finance, or related field.


• Minimum of one of the following certifications: CPA, CISA, CISM, CISSP, ISO 27000 LA, PCI QSA.


• 4+ years of experience in cybersecurity compliance, security assessment, or architecture design/review.


• Strong communication skills, both written and technical, along with the ability to mentor junior staff effectively.


• Ability to motivate and lead teams, ensuring project completion within defined timelines and budgets.


• At least two years of professional services experience at a senior level in a related field.


• 1-3 years of supervisory or management experience.

Desired Qualifications

• MBA or MS from a reputable full-time or executive program preferred.


• Willingness to pursue additional relevant professional certifications.


• Familiarity with multiple cybersecurity frameworks, application controls, and software development lifecycle methodologies.


• Demonstrated entrepreneurial spirit, client focus, industry knowledge, and ability to work independently or as part of a team.


• Completion of at least twenty-five professional services projects related to our service offerings.


• Consistency in upholding cultural values, principles, and work ethic.


• Strong technical skills necessary for scoping and executing projects.