Lead audits/assessments full cycle including audit plan preparation, review of documentation and evidence, evaluation of procedures, and client interviews.
Prepare, review and approve assessment reports.
Manage priorities, tasks and hours on projects in conjunction with the project manager to achieve delivery utilization targets.
Manage quality throughout the entirety of the engagement, while providing direct coaching and revisions to work products.
Ensure quality products and services are delivered on time.
Escalate client and project issues to management in a timely manner to inform and engage the necessary resources to address the issue.
Provide mentorship to team members in areas of audit, assessment, technical review and writing.
Interface with clients through entire engagement, interacting will all levels of client organizations. Establish and maintain positive collaborative relationships with clients and stakeholders.
Continuous professional development in maintaining industry specific certifications. Maintains strong depth of knowledge in the practice area.
Collaborate with project managers, quality management, sales and other delivery team members to drive customer satisfaction and meet project deliverables.
Establish account relationships and identifies upsell and cross sell opportunities and escalates to sales.
Travel 25-50%
Ability to be successful when working remotely.

Requirements

Current PCI-QSA certification preferred (will consider former QSA)
One of the following Information Security certifications required: CISSP, CISM or ISO 27001 Lead Implementer.
One of the following Audit certifications required: CISA, GSNA, CIA, IRCA ISMS Auditor or higher, or ISO 27001 Lead Auditor.
Familiarity with other common IT Audit frameworks (SOC 2, ISO 27001, FedRAMP, HITRUST, etc.)
Bachelor's degree (four-year college or university) or equivalent combination of education and work experience.
Strong knowledge of the PCI-DSS security standards.
5+ years of experience in an IT Security Audit and/or Compliance role.
Experience preparing and presenting Tier 1 and Tier 2 Reports on Compliance (ROCs).
Experience performing IT security risk assessments and gap analysis.
Strong excel skills with ability to develop worksheets with complex formulas.
Experience interacting with management in a consultative manner.
Strong IT understanding with respect to networks, servers, workstations, and applications.
Excellent communication and presentation skills. Ability to facilitate meetings of small or large groups.
Strong written and verbal communication skills including the ability to explain technical matters to a non-technical audience.
Strong Consulting skills with executive leadership and technical professionals; ability to advise and challenge the status quo while building strong relationships.
Positive attitude.
Diplomatic and broad minded.
Ability to build high-trust relationship and credibility quickly both internally and externally.
Strong attention to detail, strong problem solving, decision-making, organizational and analytical skills.
Ability to prioritize and manage multiple initiatives/projects.
Ability to be self-driven and have strong independent initiative.

Benefits

paid parental leave
flexible time off
certification and training reimbursement
digital mental health and wellbeing support membership
comprehensive insurance options

Applicant Tracking System Keywords

Tip: use these terms in your resume and cover letter to boost ATS matches.

Hard Skills & Tools

IT Security AuditComplianceRisk assessmentsGap analysisExcelTechnical reviewAssessment reportsAudit plan preparationDocumentation reviewClient interviews

Soft Skills

CommunicationPresentationConsultingMentorshipRelationship buildingProblem solvingDecision-makingOrganizational skillsAttention to detailSelf-driven

Certifications

PCI-QSACISSPCISMISO 27001 Lead ImplementerCISAGSNACIAIRCA ISMS AuditorISO 27001 Lead Auditor