Management of ISO27001:2013 & SOC2, Type 2 certification, information security (InfoSec) risk analytics, governance policy and standards drafting, risk remediation process implementation, NIST800 compliance and framework management, disaster recovery program management, as well as other GRC subject matter expert related duties in support of the Information Security team.
Ability to conduct thorough risk analysis, control identification and audit program development. Demonstrate the ability to multi-task, by clearly documenting the results of testing on more than one audit concurrently.
Effectively communicate audit issues and related recommendations in both technical and non-technical terms to Operational and IT management.
Demonstrate technical knowledge of routine IT systems and processes and continue development of technical and analytical skills to understand more complex technologies.Interprets the associated risks, develops testing approach, and proposes solutions.
Lead the initial root cause analysis process, influencing problem solving efforts and participate in department-wide CI efforts.
Demonstrates increased technical understanding of data analysis concepts and practices.
Shares knowledge and experience with less experienced team members.
Documentation review; drafting of policy, procedures and standards, certification and accreditation documents
Collaborate with Incident Response, Vulnerability Management and Insider Threat teams to develop risk mitigation strategies from new and emerging risks
Serve as an IS liaison to business units and third parties to create and/or provide feedback on items assigned or influenced by the team (e.g., InfoSec best practices, policy and procedure development, employee education and awareness, security exceptions)
Maintain confidentiality of all investigations, reports, and other confidential and sensitive information associated with position
Interact enterprise-wide with all levels of personnel, including executives, business functional heads and technical staff
Define and deliver EIS GRC metrics, analytics, and scorecards
You should possess industry-specific knowledge regarding security related regulations and controls, such as ISO 27001, SOC2, Fed Ramp, and NIST 800
Should be Two or more years of IT Audit or information technology experience with a focus on information security, risk management, or system development.
Demonstrated ability to evaluate internal controls, execute large portions of an audit independently, analyze and solve complex problems, conduct research, and express ideas clearly, concisely and persuasively both verbally and in writing. Demonstrates a strong understanding of business ethics.
You are proficient in IT Audit skills as typically acquired through a Bachelor’s degree in Computer Science, Management Information Systems or a comparative field.
You should be able to work well with people from many different disciplines with varying degrees of technical experience.
You should be able to adapt to a dynamic, rapidly changing business and technical environment, exercise good professional judgment, maintain confidentiality, manage projects through the entirety of the life cycle, develop security standards and guidelines based on best practices and industry standards
Infosec related training or certifications such as CISSP, CISA, or CISM.
GRC automation software, ServiceNow, or other compliance and workflow tools.