Job Description:

We’re KSM, one of the top 50 largest independent advisory, tax, and audit firms in the United States. But more than our size, it’s our people and culture that set us apart. We believe great things happen when people are supported, challenged, and given the freedom to do their very best work. That’s why we’ve built a workplace where your career and personal life can thrive together – where you have the flexibility to manage your time, the resources to grow, and a team that genuinely cares about your success.

We’ve been employee-owned since 2001, giving every team member a stake in our collective success. This ownership mentality fosters a culture of collaboration, curiosity, and excellence  – where new ideas are welcomed, different perspectives are valued, and you’re encouraged to explore what excites you most. Whether you’re expanding your skills, tackling new challenges, or making an impact beyond the office, we provide the resources and support to help you grow in the direction that’s right for you.

At KSM, your contributions matter – not just to the firm, but to your colleagues, clients, and the communities we serve across the U.S. If you’re looking for a place where you can do meaningful work, build lasting relationships, and grow in ways that align with what’s most important to you, we’d love to meet you.

Position Summary:

Participate in multiple attestation and consulting services, especially SOC 1 and SOC 2 attestation engagements, IT and cybersecurity audits and assessments, HITRUST assessments, and other risk services engagements for clients across a variety of industries. Will also be responsible for building relationships with clients, reviewing IT and business policies, and assessing IT and business process risks. The role requires a broad mix of business and technical acumen coupled with polished communication skills and a strong desire to learn.

Responsibilities:

• Obtain in-depth knowledge of client systems, network infrastructure, underlying technologies and security controls within the defined scope of SOC 1 and SOC 2 consulting and attestation engagements.

• Examine, understand, assess, and improve business processes, systems and internal control frameworks. Focus will range from assisting clients in the development and implementation of risk management strategies to testing clients’ internal control systems.

• Document all testing performed in a clear, concise, and logical manner

• Conduct gap analyses and assessments related to multiple information security frameworks; experience with AICPA SOC 1 and SOC 2, HITRUST, NIST, or ISO 27001 is a plus

• Participate with a team of professionals and manage client relationships.

• Effectively manage time and make sound decisions to accomplish diverse tasks and/or projects

• Effectively convey concepts and ideas using both verbal and written communications

Requirements/Qualifications:

• Undergraduate or Master’s Degree in Information Systems, Cybersecurity, Computer Information Systems, Information Technology with a Security or Networking focus or similar background.

• Possess understanding of IT and Cybersecurity controls and risk

• Strong communications skills, both verbal and written

• Driven, great attitude, and a desire to succeed

• Demonstrated ability to manage multiple projects/assignments simultaneously with attention to detail

• Strong interpretive skills and analytical abilities

• Limited travel may be required

• Commitment to obtain relevant professional certifications (CISA, CISSP, etc.) with KSM’s support

• Experience in technical, audit/assurance, or compliance role a plus

• Experience in testing or assessment of internal controls a plus

We are an equal opportunity employer. All qualified applicants will receive consideration for employment without regard to age, color, sex, sexual orientation, gender identity, disability, genetic information, national origin, race, religion, veteran status, or any other protected category. 

KSM only accepts resumes directly submitted by a candidate and referrals submitted by current KSM employees. Unsolicited resumes or candidate profiles sent by staffing agencies and fee-based referral services will not be considered outside of a signed KSM vendor contract. KSM will not pay a fee to recruiters or agencies that do not have a signed KSM vendor contract.