AAFCPAs is an innovative and forward-thinking firm with a focus on automation. We have enjoyed primarily organic growth and continue our laser focus on sustained growth as an independent regional firm. We are considered an attractive alternative to the Big 4 and National CPA firms. We provide best-value assurance, tax, outsourced accounting, business consulting, information technology advisory solutions, and wealth management services to nonprofit organizations, commercial companies, wealthy individuals, and estates. AAFCPAs donates 10% of its net profits annually to nonprofit organizations. We have an active DE&I committee and have commitment and accountability to these efforts.

AAFCPAs is an independent member of PrimeGlobal, the fourth largest CPA firm association in the world with 300+ member firms in 80+ countries. This provides our clients with seamless national and global coverage, along with an advantageous pay-as-you-use model.

AAFCPAs is seeking a high-energy IT Security Associate who is fully competent, highly ethical, and driven to ensure a positive client experience for the firm’s distinct but integrated Business Process & IT Consulting Practice. This rapidly growing practice area of the firm strengthens the link between IT and finance for our clients, which reduces risk significantly and eases the technology burden. AAF’s Business Process & IT Consultants earn the role of trusted business advisor with solutions such as: internal controls, IT audits, technology risk assessments, IT strategy development, privacy assessment, data analytics, leveraging Cloud services, and outsourcing strategies.

The IT Security Associate will be responsible for assisting Managers in planning and managing engagements, conducting fieldwork, discussing findings and observations during client exit meetings, creating work papers, and preparing written audit reports. The position will also include client service assistance such as advice on internal control approaches, best practices and advising clients in solving critical business issues.

In this role, you will use various security tools to assist clients with identifying and making recommendations on existing vulnerabilities as well as assess infrastructure and systems for IT General Control (ITGC) assessments for clients of the firm. This position provides the opportunity to work with a variety of systems, from traditional office applications to sophisticated security systems, networking, web, and other technologies. It is a fast-paced environment that affords the right candidate unique opportunities and challenges while being exposed to a variety of technologies and applications.

RESPONSIBILITIES

IT Security Services

• Assist with the maintenance and use of the information security tools and applications.
• Review and update documentation for policies, procedures, standards, regulations, and guidelines.
• Planning, research, and technical design for security solutions in support of strategic security plan.
• Perform or assist with vulnerability scanning, penetration testing, and security assessments.
• Provide input into improving information security reporting and metrics.
• Follow established standards to document workpapers in support of engagements.
• Participate in interviews of key control and process owners.
• Verify adherence to policies, standard operating procedures, applicable regulations, and laws.
• Document audit findings and formulate basic recommendations for improvement.
• Assist in the preparation of audit reports.
• Assist with engagements that assess the design and operating effectiveness of IT processes and controls to meet client objectives, including alignment with frameworks and compliance with laws and regulations.
  

Audit Support

• IT General Controls (ITGCs) in support of financial statement audit.
• IT Controls in support of SOC report assessment.

SOX 404 Internal Audit for IT General Controls

• Bachelor's degree in Information Technology, Computer Science, or a related field of study. Relevant work experience may be substituted for this requirement.
• One to two years of IT Security experience in a similar practice or function with a reputable firm.
• Excellent analytical, organizational, and project management skills.
• Strong computer skills including proficiency in Microsoft Office Suite applications, Windows, Active Directory, and Linux.
• Working knowledge of cloud hosting providers (e.g. Microsoft, Google, Amazon, Oracle) is a plus, but not required.
• Basic knowledge of cybersecurity principles, tools (such as Qualys, Maltego, L0pht Crack, NMAP, Nessus, OpenVAS, Burp, sqlmap, Samurai, Metasploit, Yersinia), and appliances is a plus.
• Experience with exceptional client service and communication skills with a demonstrated ability to develop and maintain outstanding client relationships.
• Ability to work on multiple simultaneous projects; must be able to keep the information confidential.
• Excellent verbal, written, and presentation skills.
• Knowledge in one or more of the following is a plus: Java, Python, XML, HTML, C#, Objective C, database design & development including SQL.
• Certifications: CISA/CISM, COMPTIA+ Security, CEH or CISSP are a plus.
  

ATTRIBUTES

• Honesty and Integrity – Displays the highest standards of and ethical conduct personally and professionally and contributes to maintaining the ethics and values of the firm. Accountability – accepts responsibility for starting, controlling, and concluding job tasks and assignments; accepts responsibility for behavior.
• Critical Thinking: the thoughtful process of analyzing data and problem solving data to reach a well-reasoned solution.
• Ability to exercise discretion and good judgment.
• Exceptionally well organized and detail-oriented.
• Proven time management and prioritization skills.
• Ability to present information clearly both internally and to clients.
• Ability to maintain a good working relationship with coworkers and clients.
• Proactive, flexible and the ability to multi-task.
• Ability to handle tight deadlines and multiple priorities.
• Driven – wants to make a difference and contribute positively to our future success.

• 
  Minimal travel is required.

• Competitive salary
• Generous PTO
• Flexible office location (Westborough, Wellesley, Boston)
• Comprehensive benefits package which includes subsidized medical and dental, 401(k) savings plan, life insurance, and short-term and long-term disability, plus more.

All your information will be kept confidential according to EEO guidelines.