Executes audits and risk assessments, communicates results of findings and makes recommendations for improvement through concise, high-quality reports
Ensures company management is knowledgeable of the risks of noncompliance to information security standards and regulatory requirements
Writes and revises policies, standards, procedures, guidelines and other documentation based on Tanium’s business needs
Participates in Information Security, Information Technology and Product Security projects driving the implementation of new process improvements and risk treatments
Works closely with Information Security, Information Technology, Product Security and System Owners to review and respond to security questionnaires and due diligence requests
Assists in the assessment and review of new vendors to ensure adequate levels of controls are in place to maintain compliance with security requirements
Prepares reports summarizing risk assessment findings and presents them to management
Recommends changes in business processes or policies to manage risks
Ensures compliance with regulatory requirements related to risk management
Monitors risks, proposing preventive measures and solutions to prevent future risks

Requirements

Bachelor's Degree in Computer Science, Engineering or equivalent experience
3-5 years in information technology / information security auditing, preferably within a software engineering environment
Technical knowledge of fundamental audit and risk concepts within the context of information technology and information security
Familiarity with one or more of the following frameworks: FedRAMP, StateRAMP, CMMC, ISO 27001:2013, SOC2, NIST Cyber Security Framework (CSF)
Experience writing audit findings, reports, policies, standards, procedures and guidelines
Comfortable performing technical interviews with technical personnel and business process reviews with non-technical personnel
Working knowledge of risk assessment methodologies, contingency planning approaches, data analysis techniques and improvement tools including root cause analysis, corrective action, preventative action, Plan-Do-Check-Act and the cost of quality
Working knowledge of improvement programs such as Total Quality Management, ISO 9001, Six Sigma, Theory of Constraints or Lean
Experience managing projects, implementing change and tracking their implementation progress
Excellent knowledge of risk analysis methodologies and tools
Strong analytical and problem-solving skills
Proficiency in risk management software

Benefits

medical, dental and vision plan
family planning benefits
health savings account
flexible spending account
transportation savings account
401(k) retirement savings plan with company match
life, accident and disability coverage
business travel accident insurance
employee assistance programs
disability insurance
other well-being benefits

Applicant Tracking System Keywords

Tip: use these terms in your resume and cover letter to boost ATS matches.

Hard Skills & Tools

auditrisk assessmentinformation securityrisk managementdata analysisroot cause analysiscorrective actionpreventative actionPlan-Do-Check-ActISO 9001

Soft Skills

analytical skillsproblem-solving skillscommunication skillsproject managementcollaborationreport writingpolicy writingprocess improvementtechnical interviewingbusiness process review