Information Security Risk & Compliance Senior Auditor - Onsite

Depends on Experience

Full Time

    Skills

    Bachelor's Degree4+ years experience in information security governant IT audit and/or risk managementStrong understanding of security governance complaince and risk management principlesCISACISSP or CISM preferredCobIT audit experience preferred

    Job Description

     

    This position will be responsible for building and implementing programs, policies, and practices to ensure that the organization complies with industry and government regulatory compliance.  This role will support all company locations.  You will liaise closely with internal business units, Legal, HR and other relevant departments to increase security awareness, assess compliance and where necessary, provide support in remediating non-compliant areas.

    DUTIES AND RESPONSIBILITIES

    • Leverage organizational risk assessments to develop on-going strategy and deliverables.
    • Develop and communicate policies and procedures as they relate to IT security and risk management.
    • Identify and implement IT security training and awareness for both technical and non-technical audiences.
    • Provide guidance on standards and regulations, such as PCI DSS, EU GDPR, and FDA CFR that can be easily understood by the businesses.
    • Perform opt-out requests received from various sources.
    • Identify, investigate, report-on and remediate any detected security incidents.
    • Prepare for and maintain compliance programs associated with the NFL, MLS, and DHS requirements.
    • Assist in data protection program initiatives.
    • Evaluate effectiveness of existing controls and determining the impact of proposed changes to business processes, applications, and systems.
    • Communicate identified security risks to appropriate parties to ensure a clear understanding of the risks as well as potential mitigations.
    • Report on the status of compliance activities and remediation efforts.
    • Coordinate vendor risk assessment reviews and attestations.
    • Manage any associated risk assessments/audits required by business associates, partners, or affiliates.
    • Ongoing education in security practices and IT security regulatory compliance
    • Manage external/internal vulnerability/pen-test schedules and remediation.
    • Manage monthly attestation process, inclusive of reporting on and remediation of items discovered during this process.
    • Define and maintain departmental best practices related to security and compliance.

    SKILLS AND QUALIFICATIONS

    • Bachelor’s degree in information technology related field, management information systems, or business administration
    • 4 or more years of experience in information security, governance, IT audit, or risk management
    • Strong understanding of security governance, compliance, and risk management principles
    • Analytical ability to assess risks, adequacy of controls, and impact upon business processes
    • Ability to work and learn independently
    • Strong written and verbal communication skills with all levels of management
    • Ability to manage multiple tasks concurrently
    • On call availability

     CERTIFICATES, LICENSES, REGISTRATIONS

    • CISA or similar certification
    • CISSP or CISM certification preferred
    • CobIT or related IT audit experience preferred