Intro Jobs

Founded in 2009, The Chertoff Group brings a highly differentiated approach of delivering security risk management advice based on our unique understanding of the security marketplace. We bring a pragmatic approach grounded in experience as security operators and policy-makers and Chertoff Group clients benefit from our ability to translate security insights into value creation.


Associate, Cybersecurity Risk Management

  • Location: Washington, DC
  • Practice Area: Cybersecurity Risk Management
  • FLSA Status: Exempt
  • Term: Full Time

The successful candidate will have a combination of experiences in delivering high-end cyber risk management and threat modeling consulting services and applying the principles of security vulnerability, threat and risk assessments. Depending on the candidate’s experience and qualifications, the position may be at the Senior Associate level.

This a client-facing role that will serve as a core Cybersecurity Risk Management practice area team member capable of supporting engagements across the Firm’s Strategic Advisory Services practice. Assigned projects will primarily encompass cybersecurity-related challenges, but can also include requirements related to: physical or converged risk management, market research, industry and public policy analysis, due diligence, and strategic consulting.

The successful candidate will assist in maintaining client relationships, coordinating internal project team interactions, conducting research, reviewing documents and producing and contributing to necessary deliverables to meet/exceed client needs. The candidate will be exceedingly well organized, flexible, pronounced verbal and written communications skills, a driven and efficient researcher, should enjoy the challenges of working in a dynamic office, and must demonstrate a high level of professionalism and discretion in handling sensitive business information and client issues. The candidate will demonstrate a desire and ability to further develop subject matter expertise related to cybersecurity risk, and its implications for security programs, international security policy and the application of risk management principles.

Qualifications & Experience:

• Bachelor’s or Master’s degree in Computer Science, Engineering, Security Studies, History or relevant field
• 3-7 years of professional experience working in or supporting a corporate or government security/cyber defense program
• Strong understanding of, and proven experience in, some combination of:
    o Information technology (IT) security operations
    o Analysis of threat capability and intent, threat actor tactics, techniques and vulnerability mitigation
    o Security risk management policies and principles
    o Cybersecurity frameworks, standards and best practices
• Self-starter who is a team player that embraces collaboration
• Analytical thinker – ability to recognize nuances, anticipate client questions and defend findings and recommendations
• Demonstrated ability to prioritize tasks, work on multiple projects concurrently, and manage rapidly changing assignments
• Strong presentation and communications skills, with ability to understand, assess and articulate complex issues
• Strong proficiency in MS Office (Word, Excel, PowerPoint)
• Willing and able to travel up to 25% of the time domestically and internationally
• Have or be able to obtain U.S. Government National Security Clearance

Recommended but not required:

• Experience with scripting languages (Bash, Powershell, Python, etc.)
• Experience in DevOps environment or IT operations
• Knowledge/use of the MITRE ATT&CK framework
• Prior experience in the delivery of high-end professional/advisory services
• Fluency in Spanish
• Relevant industry certifications (e.g., SEC+, CISSP, CISA, GPEN, GCIH)


Cybersecurity Risk Management/Strategic Advisory Services

• Execute and contribute to risk assessments that integrate threat, vulnerability and consequence, intelligence and information.
• Oversee process for discovery, analysis, evaluation and development of findings and recommendations in security projects. Develop an overall view on current-state and future-state cybersecurity maturity and effectiveness.
• Analyze open source information and intelligence.
• Weigh tradeoffs around risk reduction, ease of implementation, efficiency gains and regulatory drivers.
• Evaluate cybersecurity products and services.
• Formulate strategic action plans to address cyber risk in a way that aligns with business goals and objectives.
• Develop and present deliverables, findings and recommendations to clients in senior business roles, including C-suite stakeholders.
• Contribute security expertise to engagements led by senior team members and ensure assignments are completed as directed and on-time.
• Support sales and business development initiatives by preparing pitch materials, writing proposals and participating in meetings with potential clients.
• Cultivate and pursue new business opportunities with guidance from senior colleagues.
• Develop Chertoff Group content (e.g., whitepapers, blogs, podcasts, webinars, etc.) on selected security topics.

Project Management/Administrative

• Schedule and assign duties to colleagues, team members and subcontractors on complex programs and ensure assignments are completed as directed by engagement manager.
• Organize and coordinate with internal teams ranging from junior staff to former Federal agency heads and industry CEOs.
• Manage and organize administrative tasks, including contract execution, meeting/call scheduling, knowledge management etc.
• Conduct project and CRM management using Salesforce or similar CRM or client management, project management or financial management systems and tools.