ForgeApply · Job listing
Senior Associate/Cybersecurity Consultant Due Diligence Advisory (Forensic Services practice)
Charlesriverassociates
Apply in about a minute — without sacrificing quality.
ForgeApply autofills this application and tailors your resume to this exact posting. You review everything before it's sent. Free trial, no card required.
About this role
About Charles River Associates
Charles River Associates is a leading global consulting firm that provides economic, financial, and business management expertise to major law firms, corporations and governments around the world. CRA advises clients on economic and financial matters pertaining to litigation and regulatory proceedings, and guides corporations through critical business strategy and performance-related issues. Since 1965, clients have engaged CRA for its combination of industry experience and rigorous, fact-based analysis that provide clients with clear, implementable solutions to complex business concerns.
Position Overview
CRA is seeking a Cybersecurity Consultant (Assessments / Due Diligence / Advisory) to support client engagements focused on evaluating and managing cybersecurity risk. In this role, you will lead and participate in client-facing assessments, including interviews, workshops, and executive readouts, while operating with a high degree of independence and confidence.
You will be responsible for translating client discussions into clearly defined engagement scopes and Statements of Work (SOWs), aligning deliverables with frameworks such as the NIST CSF and transaction-specific objectives. This includes the ability to assess cybersecurity posture in transaction and investment contexts, distinguish material risks from broader program maturity gaps, and tailor findings to the needs of private equity, legal, and executive stakeholders. The role includes executing cyber due diligence and proactive security assessments through documentation review, stakeholder interviews, and control evaluation. The role may also support incident readiness reviews, tabletop exercises, and broader cyber resilience assessments to help clients evaluate preparedness, decision-making, and recovery capabilities before or after a cyber event. The role will also work closely with CRA’s incident response team to identify recurring risk themes and control gaps from active and recently closed matters, and help translate those observations into follow-on proactive engagements including gap assessments, tabletop exercises, resilience reviews, and broader security uplift efforts.
This position requires producing high-quality, client-ready reports that include prioritized findings, risk-based recommendations, and executive-level summaries. You will also support senior team members in proposal development and business development efforts, while bridging technical cybersecurity findings into clear business risk narratives for legal, private equity, and executive audiences. You will also contribute to the development of repeatable assessment methodologies, templates, and client-facing deliverables across CRA’s proactive cybersecurity service offerings.
The ideal candidate demonstrates a strong advisory mindset, the ability to independently manage client conversations, and the capability to connect multiple cybersecurity domains—including identity and access management, endpoint security, vulnerability management, backup and recovery, email security, and asset management—into a cohesive and defensible security program assessment. The ideal candidate should also be able to translate technical observations into clear business, legal, and transaction-oriented risk narratives for executive and client stakeholders.
Desired Qualifications
• Experience:
• Approximately 5–7 years of experience in cybersecurity consulting, advisory, or due diligence
• Experience supporting cyber resilience assessments, incident readiness reviews, tabletop exercises, or related preparedness-focused engagements is a plus.
• Experience collaborating with incident response, forensic, or crisis management teams to translate post-incident observations into proactive assessment, readiness, or remediation-focused engagements is a plus.
• Client Presence & Communication:
• Comfortable leading discussions with CIOs, IT Directors, and legal stakeholders
• Strong ability to guide conversations, ask structured questions, and manage meetings effectively
• Excellent executive communication skills with clear, concise, and unambiguous delivery
• Scoping & Advisory Skills:
• Experience drafting or contributing to Statements of Work (SOWs), engagement letters, and proposals
• Ability to translate loosely defined client needs into structured deliverables and timelines
• Strong commercial awareness, including understanding scope boundaries and identifying opportunities to expand engagements
• Ability to tailor scopes and findings to transaction, diligence, or investment-focused objectives, including identifying issues that are likely to be material to legal, private equity, or executive decision-makers.
• Report Writing:
• Impeccable written communication skills, including grammar, structure, and formatting
• Ability to produce logically consistent, defensible findings and recommendations
• Experience delivering polished, client-ready cybersecurity risk reports
• Ability to prioritize findings based on business impact, articulate critical versus lower-priority issues, and develop executive-ready narratives that support practical decision-making.
• Cybersecurity Frameworks:
• Strong working knowledge of:
• NIST Cybersecurity Framework (primary)
• Supporting frameworks such as CIS Benchmarks, ISO 27001, SOC 2 Type II, HIPAA, and HITRUST
• Ability to map controls, identify gaps, and translate findings into business risk and impact
• Ability to evaluate how controls operate together across governance, identity, endpoint, cloud, recovery, and monitoring layers as part of a broader security program or resilience assessment.
• Technical & Domain Knowledge:
• Broad understanding of core cybersecurity domains, including:
• Identity & Access Management (e.g., Active Directory, Entra ID)
• Endpoint security (e.g., EDR/MDR solutions such as CrowdStrike)
• Vulnerability management tools (e.g., Tenable, Qualys)
• Backup and
Salary insight
The midpoint of this range ($141k) is about 30% below the median disclosed salary for San Francisco roles listed on ForgeApply ($203k across 6,248 jobs).
See full Security Engineer salary data for San Francisco →
Based on live postings with disclosed pay on ForgeApply; refreshed daily. Not an estimate of this employer's offer.
Ready to apply to Charlesriverassociates?
Apply in about a minuteSimilar jobs
- Consulting Associate/Cybersecurity & Incident Response (Forensic Services practice) — Charlesriverassociates · Boston, MA, United States; Chicago, IL, United States; Dallas, Texas, United States; Houston, Texas, United States; Washington, DC, United States
- Senior Associate/Cybersecurity & Incident Response (Forensic Services practice) — Charlesriverassociates · Boston, MA, United States; Chicago, IL, United States; Dallas, Texas, United States; Houston, Texas, United States; Washington, DC, United States
- Associate Principal/Cybersecurity & Incident Response (Forensic Services practice) — Charlesriverassociates · Boston, MA, United States; Chicago, IL, United States; Dallas, Texas, United States; Houston, Texas, United States; Washington, DC, United States
- Consulting Associate/eDiscovery (Forensic Services practice) — Charlesriverassociates · Boston, MA, United States; Chicago, IL, United States; New York, NY, United States; Washington, DC, United States
- Senior Associate/eDiscovery (Forensic Services practice) — Charlesriverassociates · Boston, MA, United States; Chicago, IL, United States; New York, NY, United States; Washington, DC, United States
- Senior Associate/Privacy Specialist (Forensic Services practice) — Charlesriverassociates · Boston, MA, United States; Chicago, IL, United States; Dallas, Texas, United States; New York, NY, United States; Oakland, CA, United States; Washington, DC, United States
- Principal/Digital Forensics, Incident Response & Cybersecurity (Forensic Services practice) — Charlesriverassociates · Boston, MA, United States; Chicago, IL, United States; Dallas, Texas, United States; Houston, Texas, United States; New York, NY, United States; Washington, DC, United States
- Consulting Associate/Full Stack Developer (Forensic Services practice) — Charlesriverassociates · Boston, MA, United States; Chicago, IL, United States; Dallas, Texas, United States; New York, NY, United States; Oakland, CA, United States
More like this: Security & Cybersecurity Jobs · Security & Cybersecurity Jobs in San Francisco · More jobs at Charlesriverassociates · Browse all jobs