Senior Information Security Auditor_TC230224

Contenuto del lavoro

Job Summary

In every security standard and local authority, InfoSec and Cybersecurity are the key elements in the governance level (e.g., SEC (registrants to disclose material cybersecurity incidents they experience and to disclose on an annual basis material information regarding their cybersecurity risk management, strategy, and governance).

Thus the 3-core requirement is important to bring up a successful InfoSec and Cybersecurity to a company,

In the InfoSec team, we’d need a member who understands both InfoSec and IT techniques.

The difference between an InfoSec technician and an IT technician is, that InfoSec is based on regulations/standards and is also familiar with IT technologies, so he/she has the ability to analyze/identify the technology flaws. The IT technicians are focused on IT solutions (equipment, OS, front-end software, etc.)

Essential Duties And Responsibilities

• Analyze systems, security controls, and event logs to detect the nefarious activity of the company. Provide regular reports to the team on security incidents, risks, and the overall effectiveness of security measures.
• Audit the company’s security controls to ensure they work correctly; Plan, document, and conduct complex audit assignments and projects.
• Audit access throughout systems/applications and ensure access is at appropriate levels of the company.
• Collaborate with/across teams and architects to ensure security compliance.
• Work with multiple stakeholders (internal and external) to assess and identify security compliance gaps and propose technical and operational remediation solutions.
• Contribute to the annual risk assessment and development of the audit plan for assigned businesses or corporate staff groups.
• Develop skills for ISO committee members across teams. Conduct audit fieldwork in accordance with department, and company standards.
• Provide consulting services to internal terms including all unit leaders and members.

Qualifications

• BA/BS degree in MIS, business, finance, or a related field; or the equivalent in education and work experience.
• Certifications preferred including (e.g., CISA, CISSP, CIA, CPA);
• Minimum 4-5 years experience working as an IT auditor or IT risk adviser for a public accounting firm or within the industry.
• 7+ years of Information Technology experience.
• Ability to communicate effectively to technical and non-technical audiences, in both written and verbal formats.
• Knowledge and experience in performing audits of technology projects and programs (SDLC reviews);
• Experience auditing and evaluating infrastructure, cyber security risks/controls, and auditing operating systems.
• Prior experience focusing on information technology systems.
• Must be effective at communicating issues through written reports, verbal discussions, and presentations.
• Preparing written reports of completed audits and presenting results to Management.
• Working knowledge of internal control analyses and risk assessment methodologies.
• Strong organizational, communication, and interpersonal skills in order to work with all levels of management are required.
• Ability to work a flexible schedule during key business timelines.