The Information Technology (IT) Services group is a strategic practice unit within GBQ that serves internal and external GBQ clients across the US.

The Security Analyst/Manager – Enterprise Risk/Governance Risk Compliance will participate in the following activities:

  • Thought leadership, sales and marketing of GBQ Enterprise Risk/Governance Risk Compliance practice and related IT Services team services;
  • Leadership and participation of assessment projects, report writing, controls implementation and the delivery of other IT Services team projects

Our ideal candidate is an experienced risk, compliance or IT professional whose career includes a broad range of hands-on experience working within or as a consultant to enterprise organizations with experience assessing, evaluating, building and/or operating security, privacy and compliance programs.


We are seeking individuals skilled at performing control and compliance authority assessments, developing remediation plans and working with business management to understand IT risks of all varieties.

Responsibilities will be based on background but will typically include:

  • Delivers on national security, HIPAA, FFIEC, PCI, GRC, GDPR, California Consumer Privacy Act, information governance, records management or other related services to enterprise, mid-market and emerging business clients.
  • Understands client needs to properly scope, develop project plans, resource plans, and establish reporting and metrics to provide the client with regular updates.
  • Ensures that the project team is utilized appropriately and consistently working with team project management.
  • Collaborates closely with partner firms to ensure that clients receive timely and accurate support as required.
  • Supports client interviews, including the development of pre-meeting materials, background research, and mentors other team members on the client’s environment.
  • Ensures clients receive timely, actionable and thoughtful responses to questions, data subject requests or supervisory authority inquiries.
  • Manages the day-to-day project requirements and the on-site or remote team working with team project management.
  • Develops and maintains Enterprise Risk/Governance Risk Compliance knowledge, processes, templates and tools.
  • Monitors news, jurisdictional changes and industry updates to relay to clients and GBQ team members.
  • Develops data inventories, data flow diagrams, data maps, and processing registers in support of client projects.
  • Interacts with GBQ team members in the US and and other partner firms to ensure client needs are met.
  • Builds relationships with other GBQ professionals, cross-sells into different industries and participates in GBQ and industry events where subject matter expertise is requested.
  • Ensures clients are provided quality level services from all levels of the team.
  • Reviews client executive reports and provides feedback to team members.
  • Assists with proposals, RFI’s, and RFP’s.
  • Utilizes knowledge of client needs to develop project and resource plans, establish reporting and metrics and provide client with regular updates.
  • Reviews and edits policies, processes, workflows, and work instructions to align them with industry standards (e.g., NIST, ISO, HIPAA, FFIEC, GLBA, GDPR).
  • Institutes GBQ methodologies and ensures consistency on projects where he/she is responsible for leading the project.
  • Participates in and conducts business unit, legal, IT, privacy and governance interviews and meetings, as needed.
  • Proofreads and edits executive reports, prior to presenting to prospects and existing clients.
  • Manages GBQ client and GBQ Partner expectations at all levels.
  • Mentors team members to ensure quality of work product is consistent throughout client engagements, and BDO standards are applied for every engagement.
  • Manages multiple large, complex and long-term engagements.
  • Manages client expectations at all levels of the organization, including supporting in-person presentations to senior level executives.
  • Working with the department head to identify a growth path for the governance services.
  • Other duties as required


  • Bachelor’s degree, in Business, Public Administration, Computer Science or related field, required


  • Five (5) or more years of consulting experience, required.
  • Two (2) or more years of experience working in data governance, security, privacy or similar projects, required.
  • Experience with managing privacy, information governance, national security, cybersecurity, PCI and/or GRC engagements, required.


  • CIPP/E, CIPP/US, CIPM, CIPT, or other privacy certifications, preferred.
  • CISSP, CISA, AHIMA, IGP, CRM or other similar certifications, preferred.

Software/Technical Expertise:

  • Knowledge of and/or experience with GRC platforms, IT Governance, information governance software, ECM, records management software, or similar technologies, preferred.
  • Knowledge of and experience in the application of risk frameworks such as NIST 800-30 or others, required.
  • Proficient in the use of Microsoft Office Suite.
  • Familiarity with security testing tools such as QualysGuard, Nessus, Netsparker, etc. is not required but will be useful in the team environment.


  • Solid organizational skills, especially the ability to meet project deadlines with a focus on details.
  • Team player and deadline oriented.
  • Ability to multi-task and set workload priorities in a fast-paced and deadline-driven environment.
  • Complete assignments within established budget for assigned areas.
  • Achieve charge hour budget and minimum billable hours as set by Firm.
  • Participate in “approved” non-client initiatives to improve firm administration.

Practice Growth:

  • Participate in pursuit of new clients and new client opportunities.
  • Represent firm and build relationships by participating in outside activities.
  • Develop and demonstrate strong leadership skills.
  • Demonstrate excellent written and verbal communication skills.

Client Focus:

  • Executive presence, with the ability to act as primary contact on assigned engagements.
  • Ability to provide outstanding client service.
  • Attention to detail and accuracy.
  • Analytical and creative problem solving skills.
  • Ability to perform technical scans for infrastructure vulnerabilities using commercially available tools.
  • Flexibility with travel and hours.
  • Work in partnership with other team members and client personnel to help ensure efficient flow of information from client to IT Services team.
  • Comprehend new, complex issues and perform research to solve complex problems.
  • Strong analytical and advanced research skills related to industry trends, market competition and technology

Brand Culture/Development:

  • Exemplify Brand Attributes of the Firm.
  • Comply with all policies and procedures of the Firm.
  • Ability to interact effectively with people at all organizational levels of the Firm and with clients.
  • Capacity to build and maintain strong relationships with internal and client personnel.
  • Ability to encourage a team environment on engagements, and contribute to the professional development of assigned personnel.
  • Consistently seek feedback on performance from superiors and enhance and develop professional and technical skills.

Organizational Relationships:

  • Security Analyst/Manager will report directly to a Performance Manager who will provide any necessary guidance relative to administrative issues or work performance through the formal evaluation process.

Special Requirements:

  • Flexibility with travel and hours.
  • Reliable transportation for on-site client work.


Job Application Form

  • Accepted file types: pdf.
  • This field is for validation purposes and should be left unchanged.