As an Information Security Auditor, you'll be responsible for safeguarding internal company data and client data through robust information security, compliance, and risk management programs.
Manage the development, deployment, and execution of controls and defenses to ensure the security and compliance of our technology infrastructure and data assets.
Develop and execute security controls, defenses, and countermeasures to prevent attacks on email, data, e-commerce, and web-based systems.
Administer policies to control access to systems.
Facilitate audit testing for SOC 2, PCI DSS, and develop and monitor controls, and assist with remediation guidance.
Lead audits of cloud environments, information systems, and security tools to ensure adherence to frameworks, laws, and regulations.
Support comprehensive assessments of security controls to determine their effectiveness and ensure they meet security requirements.
Guide stakeholders on securing systems and liaise with auditors and compliance teams to implement compensating controls.
Research best practices and trends in information security, ensure execution of required testing, and lead remediation activities for successful security audits/certifications.
Identify weaknesses in internal controls, provide guidance on improving security compliance processes, and partner with stakeholders to implement solutions.
Ensure alignment with internal policies and external regulatory requirements, continuously identify process enhancements, and stay current on changing regulatory requirements and industry frameworks.

Requirements

Bachelor's degree with 4-6 years of related experience or equivalent work experience.
3+ years of experience in external/internal audit roles managing and leading AICPA SOC 2, and PCI DSS.
Knowledge of industry frameworks and standards such as ISO/IEC 27001:2013, PCI DSS, NIST CSF, and NIST 800-53.
Experience implementing and/or assessing IT security controls to meet security, compliance, and audit requirements.
Possess or be working towards professional security certifications such as CISA, CISSP, CRISC, CCSP, CISM, GIAC, QSA, or similar.
Expertise in building consensus across business partners and technology leaders, and influencing successful outcomes.
Strong project management and communication skills, including the ability to gather relevant data, work in a team environment, and manage conflict.
Experience assessing controls within multi-cloud environments and effectively communicating results to stakeholders.
Assist with documenting control objectives and procedures in areas such as cybersecurity, cloud security, governance and compliance, DevSecOps, data security and protection, incident response, enterprise security architecture, and technology risk management.
Strong business and technical aptitude and problem-solving skills.
Enthusiasm to learn through structured, on-the-job, and self-directed training.
Ability to communicate security-related concepts to a broad range of technical and non-technical staff.

Benefits

Insurance coverage (medical, dental, vision, life, and disability)
Flexible paid time off
Paid holidays
401(k) plan with company match
Remote work

Applicant Tracking System Keywords

Tip: use these terms in your resume and cover letter to boost ATS matches.

Hard Skills & Tools

information securityrisk managementsecurity controlsaudit testingcloud securitycybersecurityDevSecOpsdata securityincident responsetechnology risk management

Soft Skills

project managementcommunicationproblem-solvinginfluencingteam collaborationconflict managementstakeholder engagementconsensus buildingguidanceresearch

Certifications

CISACISSPCRISCCCSPCISMGIACQSA