Jobs Companies Charles River Associates Senior Associate/Cybersecurity Consultant Due Diligence Advisory (Forensic Services practice)

About this Senior Associate/Cybersecurity Consultant Due Diligence Advisory (Forensic Services practice) role at Charles River Associates

Charles River Associates · Onsite · Boston, MA, United States; Chicago, IL, United States; Dallas, Texas, United States; Houston, Texas, United States; New York, NY, United States; Oakland, CA, United States; Washington, DC, United States

About Charles River Associates

Charles River Associates is a leading global consulting firm that provides economic, financial, and business management expertise to major law firms, corporations and governments around the world. CRA advises clients on economic and financial matters pertaining to litigation and regulatory proceedings, and guides corporations through critical business strategy and performance-related issues. Since 1965, clients have engaged CRA for its combination of industry experience and rigorous, fact-based analysis that provide clients with clear, implementable solutions to complex business concerns.

Position Overview

CRA is seeking a Cybersecurity Consultant (Assessments / Due Diligence / Advisory) to support client engagements focused on evaluating and managing cybersecurity risk. In this role, you will lead and participate in client-facing assessments, including interviews, workshops, and executive readouts, while operating with a high degree of independence and confidence.

You will be responsible for translating client discussions into clearly defined engagement scopes and Statements of Work (SOWs), aligning deliverables with frameworks such as the NIST CSF and transaction-specific objectives.  This includes the ability to assess cybersecurity posture in transaction and investment contexts, distinguish material risks from broader program maturity gaps, and tailor findings to the needs of private equity, legal, and executive stakeholders. The role includes executing cyber due diligence and proactive security assessments through documentation review, stakeholder interviews, and control evaluation. The role may also support incident readiness reviews, tabletop exercises, and broader cyber resilience assessments to help clients evaluate preparedness, decision-making, and recovery capabilities before or after a cyber event. The role will also work closely with CRA’s incident response team to identify recurring risk themes and control gaps from active and recently closed matters, and help translate those observations into follow-on proactive engagements including gap assessments, tabletop exercises, resilience reviews, and broader security uplift efforts.

This position requires producing high-quality, client-ready reports that include prioritized findings, risk-based recommendations, and executive-level summaries. You will also support senior team members in proposal development and business development efforts, while bridging technical cybersecurity findings into clear business risk narratives for legal, private equity, and executive audiences. You will also contribute to the development of repeatable assessment methodologies, templates, and client-facing deliverables across CRA’s proactive cybersecurity service offerings.

The ideal candidate demonstrates a strong advisory mindset, the ability to independently manage client conversations, and the capability to connect multiple cybersecurity domains—including identity and access management, endpoint security, vulnerability management, backup and recovery, email security, and asset management—into a cohesive and defensible security program assessment. The ideal candidate should also be able to translate technical observations into clear business, legal, and transaction-oriented risk narratives for executive and client stakeholders.

Desired Qualifications

  • Experience:
    • Approximately 5–7 years of experience in cybersecurity consulting, advisory, or due diligence
    • Experience supporting cyber resilience assessments, incident readiness reviews, tabletop exercises, or related preparedness-focused engagements is a plus.
    • Experience collaborating with incident response, forensic, or crisis management teams to translate post-incident observations into proactive assessment, readiness, or remediation-focused engagements is a plus.
  • Client Presence & Communication:
    • Comfortable leading discussions with CIOs, IT Directors, and legal stakeholders
    • Strong ability to guide conversations, ask structured questions, and manage meetings effectively
    • Excellent executive communication skills with clear, concise, and unambiguous delivery
  • Scoping & Advisory Skills:
    • Experience drafting or contributing to Statements of Work (SOWs), engagement letters, and proposals
    • Ability to translate loosely defined client needs into structured deliverables and timelines
    • Strong commercial awareness, including understanding scope boundaries and identifying opportunities to expand engagements
    • Ability to tailor scopes and findings to transaction, diligence, or investment-focused objectives, including identifying issues that are likely to be material to legal, private equity, or executive decision-makers.
  • Report Writing:
    • Impeccable written communication skills, including grammar, structure, and formatting
    • Ability to produce logically consistent, defensible findings and recommendations
    • Experience delivering polished, client-ready cybersecurity risk reports
    • Ability to prioritize findings based on business impact, articulate critical versus lower-priority issues, and develop executive-ready narratives that support practical decision-making.
  • Cybersecurity Frameworks:
    • Strong working knowledge of:
      • NIST Cybersecurity Framework (primary)
      • Supporting frameworks such as CIS Benchmarks, ISO 27001, SOC 2 Type II, HIPAA, and HITRUST
    • Ability to map controls, identify gaps, and translate findings into business risk and impact
    • Ability to evaluate how controls operate together across governance, identity, endpoint, cloud, recovery, and monitoring layers as part of a broader security program or resilience assessment.
  • Technical & Domain Knowledge:
    • Broad understanding of core cybersecurity domains, including:
      • Identity & Access Management (e.g., Active Directory, Entra ID)
      • Endpoint security (e.g., EDR/MDR solutions such as CrowdStrike)
      • Vulnerability management tools (e.g., Tenable, Qualys)
      • Backup and recovery strategies (RTO/RPO, immutability)
      • Email security (phishing protection, DMARC, MFA)
      • Asset inventory, device management, and patch lifecycle practices
      • Comfort reviewing supporting documentation such as security policies and standards, architecture diagrams, control evidence, recovery procedures, and technical configurations in order to assess design and operating effectiveness.
    • Ability to connect these domains into a comprehensive security program narrative
  • Tooling Familiarity (Preferred):
    • Exposure to tools such as CrowdStrike, Tanium, Microsoft 365, Azure/Entra ID, and AWS.
    • Ability to evaluate and interpret tooling deployment, configuration, and coverage in an advisory context rather than operate as a dedicated implementation engineer.
  • Additional Qualifications:
    • Strong organizational and time management skills, with the ability to manage multiple workstreams simultaneously
    • High level of ownership, attention to detail, and ability to deliver work independently with minimal oversight
    • Ability to help develop reusable assessment content, templates, and client-ready materials that support scalable proactive service delivery across multiple engagement types.
  • Nice-to-Have:
    • Certifications such as CISSP, CISM, CISA, PMP, or similar

To Apply

To be considered for a position in the United States or Canada, we require the following:

  • Resume – please include current address, personal email and telephone number;
  • Cover letter – please describe your interest in CRA and how this role matches your goals.

If you are interested in applying for one of our international locations, please visit our Careers site to view and apply for available jobs.

Career Growth and Benefits 

  • CRA’s robust skills development programs, including a commitment to offering 100 hours of training annually through formal and informal programs, encourage you to thrive as an individual and team member. Beginning with research and analysis skill building, training continues with technical training, presentation skills, internal seminars, and career mentoring and performance coaching from an assigned senior colleague. Additional leadership and collaboration opportunities exist through internal firm development activities.
  • We offer a comprehensive total rewards program including a superior benefits package, wellness programming to support physical, mental, emotional and financial well-being, and in-house immigration support for foreign nationals and international business travelers.

Work Location Flexibility

CRA creates a work environment that enables our colleagues to benefit from being together in the office to best deliver on our promise of career growth, mentorship and inclusivity. At the same time, we recognize that individuals realize a range of benefits when working from home periodically. We currently expect that individuals spend at least 3 to 4 days a week working in the office (which may include traveling to another CRA office or to client meetings), with specific days determined in coordination with your practice or team.

Our Commitment to Equal Employment Opportunity

Charles River Associates is an equal opportunity employer (EOE). All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, national origin, age, disability, status as a protected veteran, or any other protected characteristic under applicable law.

 

 

 

Salary and other compensation

A good-faith estimate of the annual base salary range for this position is $130,000 - $152,500. Starting pay within this range may vary based on factors such as education level, experience, skills, geographic location, market conditions, and other qualifications of the successful candidate. This position may be eligible for additional bonus incentive compensation. CRA offers a comprehensive benefits package, subject to eligibility requirements, which may include: medical, dental, and vision insurance; 401(k) retirement plan with employer match; life and disability insurance; paid time off (vacation, sick leave, holidays); paid parental leave; wellness programs and employee assistance resources; and commuter benefits.

Ready to apply to Charles River Associates?
Apply to Charles River Associates

How this Consultant salary compares

This role pays $141,250/yrin line with the typical range for Consultant roles.

$45,760 median $120,769 $219,500

Typical range $80,439–$163,857/yr, from 1,500 comparable Consultant listings on JobsRadar (pay annualized to USD). See Consultant salary insights →

Similar jobs

Sign up for suggestions tailored to the jobs you open and the searches you save.

More jobs at Charles River Associates

See all jobs at Charles River Associates →

Apply now
🤖

Whoa — hold up

JobsRadar was built for real people having a rough time in their job search — not for automated requests. You're clicking way too fast and you're now temporarily blocked.

Come back later. If you're genuinely job hunting, we've got your back — just act like a human.

Catch your next role the second it’s posted.

Create a free account and we’ll watch the boards for you — the instant a job matches your search, it lands in your inbox or Telegram. No digging, no refreshing.

Create free account

Free forever · takes 30 seconds · already have one?

Get an edge on your job hunt.

Join our Telegram channel for the stuff that helps you land the role — salary benchmarks, the weekly market pulse, and new-feature drops. No spam, just signal.

Join the channel — it's free