Internal IT Security Auditor

***Hybrid, 3 days onsite, 2 days remote***

***We are unable to sponsor as this is a permanent full-time role***

A prestigious company is looking for an Internal IT Security Auditor. This role will focus on auditing the company s internal IT security. They will be conducting risk-based audits and assessments, cyber security reviews, etc.

Responsibilities

• Support the team on delivery of assigned audits within the annual audit plan.
• Owning the audit quality, accuracy of results, and delivery in a timely manner.
• Proactively identify regulatory, operational, and/or strategic risks to the organization and bring them to your engagement team.
• Evaluate exceptions or inefficient practices for root causes and propose advice and recommendations for achievable solutions.
• Leading audits related to organization changes including business requirements definitions, technology implementations (e.g., change management, security), engagement and alignment of change initiatives to business objectives.
• Maintaining an understanding of policies, procedures, standards, and supporting technologies, and educating staff accordingly, to effectively identify potential risks and alternatives to mitigate risk exposure leveraging leading practices.
• Ability to understand professional principles and standards (e.g., AICPA, IIA IPPF, COBIT, NIST CSF) and the relevancy to risk management and impact on policies and procedures.

Qualifications

• Bachelor s degree (or equivalent) in Information Technology, Computer Science, Computer Engineering, Accounting, Finance, Business Administration, or related field.
• 4+ years of experience (audit-related) in conducting risk-based Information Technology and Security audits and projects, cyber security reviews, and internal audits.
• Certified Information Systems Auditor (CISA)
• Experience using the principles, practices, and techniques involved in conducting audits in accordance with the requirements set forth in the International Standards for the Professional Practice of Internal Auditing published by the Institute of Internal Auditors (IIA).
• Microsoft Office applications
• Familiarity with security tools such as: CyberArk, Splunk, SailPoint
• Familiarity with change management tools such as: ServiceNow, Jira, Confluence, GitHub
• Familiarity with databases such as: Oracle, DB2, SQL
• Familiarity with cloud based solutions: AWS, Azure, Oracle Cloud, Workday
• Proficiency using Archer or other audit or Governance Risk and Compliance (GRC) software