Posted on Sep 13, 2021 by LBMC Investment Advisors, LLC
Over the past year, LBMC has been in growth mode receiving accolades including being named 2021 Best Firms for Technology by Accounting Today and recognized as one of the 2021 Best Workplaces by Consulting & Professional Services (#35 nationally). Accounting Today also named LBMC as a Top 5 Pacesetter for Growth after adding more than 25% to our workforce during COVID. LBMC values hiring individuals with a growth mindset and are looking to add to our industry-leading technology consulting practice, so if you have an innate curiosity for solving problems and creating solutions-LBMC is the place for you!
LBMC is based in Nashville and we have industry-leading benefits including both remote and in-person work options, dynamic technology solutions, financial incentives for training and certifications, and curated professional growth organizations such as the Women's Initiative Network, Lending Hands community initiative, Rising Stars Training, and robust Talent Development offerings.
LBMC Information Security is seeking additional team members for our quality assurance team. LBMC Information Security provides attest and assurance services related to SOC1, SOC2, PCI, HITRUST, SOX, ISO/IEC 27001, and CMMC. Our QA team supports our information security and cyber security compliance service lines through detail review of client deliverables and the supporting documentation and evidence that goes with it. Our goal is to take the burden of detail review off of the project managers so that they can focus on our clients and our team.
In addition to hands-on detail review, the quality team helps to develop and improve methodology, participates in or leads training efforts, and works toward a leadership role within the group. Each member of the quality team has a specific area of focused expertise and usually supports methodology and training development in that area. However, all quality team members are expected to hone skills and review capability across service lines.
Quality team members also act as champions of our toolsets - identifying improvements, coordinating and implementing solutions, and communicating to the team. Our primary tools are Smartsheet, Slack, and the Microsoft suite of products. Toolsets leveraging those tools could include client interaction through request lists, dashboards, and reports, or project management through project plans, test plans, project workflow, and reporting to leadership.
We want LBMC Information Security to be an organization that clients want to work with and that team members want to work for. To us, this means providing our clients with teams that strive for excellence and add true value though assurance and consulting services. The ideal candidate for this position enjoys being a part of a team that values each other, wants to exceed client and team expectations, and values growth toward expertise.
LBMC Information Security takes a collaborative approach to the work we do. Rather than take a hierarchical approach, we meet or chat as a team about what needs to be accomplished and decide together the best way forward. At times, this approach means that quality team members assist client delivery teams with various tasks such as project management, detail testing, documentation review, team member management, and business development. However, the primary focus of this position will be quality review.
Duties and Responsibilities:
- Performs detailed review of the work of others to ensure adherence with internal and external standards under the direction of the QA Director.
- Attends/contributes to internal training sessions within fields of quality assurance focus.
- Maintenance/Improvement of processes, methodologies, tools, and toolsets.
- Actively stays current with regulatory requirements in primary areas of focus and adapts methodologies accordingly.
- Jumps in on extra projects as needed to ensure the organization's success.
- Continues to develop technical skills in IT auditing, information security and consulting.
- Takes responsibility for seeing an assigned job all the way to its ultimate delivery to the client by the agreed due date.
- Develops suggestions or ideas for potential IT auditing and security opportunities. Is alert to client needs for possible expansion of services.
- Joins committees and/or volunteers for leadership roles with community/civic organizations for which he/she is a member.
The qualities and characteristics that are most valued for this position:
- Extreme Competence and Technical Skills
As one of the gatekeepers ensuring the work is done according to external and internal regulations and requirements, candidates for the position must be well versed in all aspects of their areas of expertise. In addition, reviewing reports written by others requires strong report writing skills including grammar, professional phrasing, and ability to simplify complex concepts within a reporting context.
Standards and Regulation Enthusiast
The ideal candidate embraces the concepts of ensuring quality products through standard processes. In addition, demonstrates the ability to incorporate changing requirements passed down through regulatory bodies or leadership and implement those changes through the review process.
Adaptability and Multi-tasking
Highly developed ability to compartmentalize differing tasks (quality review versus client delivery versus supporting tools) and keep all tasks moving forward without letting deadlines slip.
Conscientious Attention to detail
The ideal candidate will have made significant progress toward excellent execution in their chosen field of expertise. The ideal QA candidates work style will be predisposed to paying more attention to the minutia of the workload.
Works well under pressure
When the work piles up, the ideal candidate is able to buckle down, work through it, and push toward success. Additionally, the ideal candidate avoids letting the occasional pressure of the workload weigh down their productivity. Rather than slowing the team down talking about being overwhelmed and not being able to get it all done, the ideal candidate has quick meetings to set priorities and moves on to working on results.
Areas of Expertise
The quality team provides quality assurance coverage for SOC1/SOC2, PCI, and HITRUST service lines. In addition, the quality team assists from time to time with review of Risk Assessments and Penetration Test Reports. To a lesser extent at this time, the quality team reviews work to support newly developing service lines including ISO 27001 readiness and certification, CMMC readiness and certification, and internal peer review against certification standards for CMMC and ISO 17021.
- Problem Solving
Ability to recognize problems and propose effective solutions.
- Bachelors Degree
- Five to ten years of IT Audit and/or security risk assessment experience
- Experience in at least 2 compliance areas is required, but additional areas of expertise are welcome. Compliance areas include SOC1/SOC2, PCI, SOX, HITRUST, ISO 27001, CMMC
- Service line specific certification is preferred, such as PCI Qualified Security Assessor (QSA), Hitrust CCSFP and/or CHQP, ISO Lead Auditor, CMMC Registered Practitioner.
- CPA/CISA/CISSP certification required
Set up alerts to get notified of new vacancies.