Senior Associate, SOC

Schellman is a Top 50 CPA firm and a leading provider of attestation and compliance services. Our professional services focus on security and privacy audits, assessments, and certifications.  Schellman has become one of the largest cybersecurity assessment firms in the United States without providing any traditional accounting services.  We are an accredited multi-framework ISO Certification Body for security, privacy, business continuity, and quality; a globally licensed PCI Qualified Security Assessor and a top provider to clients serving the federal DoD space as a leading FedRAMP 3PAO and the first assessment firm authorized as a CMMC C3PAO. Our specialty and expertise remain in providing best in class Cybersecurity and IT Audits and Attestations. Our culture, approach with clients, and dedication to our values has led us to consistently be a Great Places to Work certified company and rated as a Best Firms to Work For by Accounting Today and a Glassdoor Best Places to Work.

We deeply appreciate our employees, as shown by our first core value – People Come First. This is demonstrated in our culture, benefits, and how we handle business. Come see what makes Schellman special!

Senior associates are primarily responsible for hands-on project execution.  Experienced senior associates have, or are working towards, specialization in one or more service lines and are assigned to projects accordingly. Senior associates are assigned to a specific service delivery principal that is responsible for supervising the associate’s career development.  Additionally, senior associate’s daily activities are closely supervised by the management teams of their assigned projects. Senior associates may supervise associates and/or senior associates when serving as a member of a project management team. 

There is no typical day for our SOC teams. While our lead focus is on SOC examinations, our clients also rely on us to perform multiple types of attestations similar to SOC across a variety of network, application, or cloud environments. The benefit of being exposed to so many different situations is that you are constantly building your knowledge base and skill set while keeping up with the latest technologies. Our teams are mostly remote (yet extremely collaborative) and work together to utilize their unique backgrounds and experience to provide the high level of quality service that our clients have come to expect.   

In addition to the hands-on knowledge you’ll develop with each project, Schellman also promotes a continuous learning environment. Team members are encouraged to attend at least one training event every year to build upon their skills and acquire new certifications.  

A Senior Associate will hold the following roles and responsibilities as part of their role:  

Demonstrate proficiency in Schellman Methodology 

Serve as a guide to Associates and peers through information sharing, support, and thought leadership.  

Earn Schellman-approved certifications CCSK (minimum requirement for SD, (ISO Lead Auditor, One of the following three – CCSP/CISA (CCSP may be accepted in place of the CISA), CISSP, AWS CCP, etc.), the ISO LA within second year in the role  

Successfully run a project from fieldwork through completion including the following: Demonstrate the ability to successfully complete all assigned testing, workpaper documentation, testing exception documentation, draft report creation, and management representation letter preparation 

Understand and demonstrate ability to speak to Schellman's service lines at a high level and their leaders 

Demonstrate proficiency of SOC 1 ITGCs and each Security, Availability, Processing Integrity, Confidentiality, and Privacy SOC 2 criteria 

Demonstrate understanding of Principal Service Commitments and System Requirements (PSCRs) and how they impact scope of a SOC 2 

Demonstrate the ability to derive PSCRs through client documentation and interviews 

Know all four report opinion outcomes and ability to draft modified opinions 

Demonstrate ability to identify if exception(s) would potentially yield a qualified opinion 

Demonstrate self-organization, consistently and proactively look ahead to future projects, and prepare accordingly 

Accurately manage and report time worked to each project / initiative 

Define a clear communication strategy with the project manager to ensure any testing delays, disclosures, etc. are discussed timely 

All Associate level roles and responsibilities  

Essential Functions: 

Complying with Schellman’s code of ethics and professional conduct, methodologies, policies, and procedures 

Adhering to the professional and regulatory standards relevant to assigned service line specialization(s) 

Promoting Schellman’s company culture and exemplifying Schellman's values 

Establishing high quality relationships and rapport with client personnel 

Managing client expectations to ensure expectations are exceeded 

Completing assigned duties in a timely manner and with a high attention to detail 

Collaborating with fellow project team members in a productive and timely manner throughout the life cycle of each project 

Adhering to project schedules and keeping fellow project team members apprised of the progress of assigned tasks 

Escalating issues internally in a proper and timely manner 

Using discretion and decorum in the timing, form, and content of all client communications 

Booking travel reservations in a timely manner and in accordance with Schellman's travel and expense policies and procedures 

Performing the essential functions of other service delivery positions when qualified and called upon to do so 

Attending project kick-off and closing meetings 

Executing assigned testing procedures, performing detailed analysis, reaching conclusions, documenting results in accordance with company standards, and suggesting ideas for improvements, where applicable 

Drafting project deliverables 

Serving as a contact for clients' basic questions regarding an engagement 

Participating in recruiting and candidate interview activities 

Training project team members 

Acclimating newer team members to Schellman 

Contributing to Schellman's practice development efforts 

Developing an expert knowledge of professional and regulatory standards relevant to assigned service line specialization(s) 

Contributing to Schellman's thought leadership (e.g., articles, webinars, public speaking, etc.) 

Knowledge, Skills, and Abilities: 

 Working knowledge of Schellman’s services, methodology, and relevant professional standards 

Requisite knowledge of applicable technology and security domains 

High level of attention to detail and quality of work product 

Client service oriented 

Excellent time management, organizational, and verbal and written communication skills 

Ability to work on-site or remotely as a valuable contributor to a collaborative team 

Capable of simultaneously managing assigned tasks for multiple projects 

Proficient using Microsoft Word, Excel, and PowerPoint, as well as Schellman’s service delivery applications 

Full understanding and application of ethics, independence and Schellman’s values 

Education, Work Experience and Certifications 

Bachelor's degree in accounting, finance, business management, technology, or other relevant subject area, or equivalent years of experience directly related to the duties and responsibilities specified 

2+ years of related professional services experience in information security auditing, assessment, consulting or compliance, focused on ITGC or SOC controls  

Ability to work well independently, within a team and with clients as well as travel ~40-50% (M-Th)   

Maintains (preferred) or working towards obtaining least one certification relevant to Schellman's services (i.e. CPA, CCSK or CISA)  

Schellman is an equal opportunity employer (EOE) and strongly supports diversity in the workplace; therefore, providing equal employment opportunities to applicants and employees without regard to race, color, religion, age, sex, sexual orientation, gender identity/expression, national origin, protected veteran status, disability status, or any other legally protected basis, including arrest and conviction records, in accordance with applicable law. Schellman uses E-Verify in our hiring process.
 
At Schellman, we strive to provide a flexible and balanced environment and therefore offer the opportunity to work remotely, unless otherwise stated in the job requirements. Connecting, collaborating and continuous education are also highly valued and therefore we require some travel annually for our Internal Service Delivery roles, which can include in-person training, team meet-ups, and strategy meetings.

Service Delivery team members will also be required to travel based on business and client needs.