Job
Description
The Audit Associate is responsible for understanding security requirements to meet industry best practices with a focus on certification and regulatory requirements. As part of this role, the Audit associate is responsible for mapping these requirements to security controls and actionable practices across various functions within the company. In some instances this individual will be responsible for designing security controls that best fit our environment while maintaining security compliance. Finally, applying automation to as many controls as practicable to ensure on-going compliance (e.g., evidence collection) and managing compliance programs from a centralized governance management system. Duties and Responsibilities: Support our ISO Audits, and conduct internal audits and operational audits. Review the business processes, develop and update Risk and Control Matrices (RCM), flowcharts, and testing procedures. Prepare and maintain testing workpapers as well as ensure timely completion of testing Participate in assessing and analyzing the impact of control deficiencies and audit findings; Gain stakeholder agreement on root causes of issues and appropriate corrective actions, while maintaining positive business relationships. Perform all phases of applicable audits including planning, execution, close meetings, and reporting. Assist the Audit Lead and Chief Audit executive and other Stakeholders to identify areas of improvement as well as recommend industry-wide best practices. Desired Skills: Bachelordegree preferred or equivalent combination 2 years of relevant work experience in ISO and/or Internal Audits. Big 4 or similar auditing experience is desirable. Experience in supporting the execution of ISO program, control principles (e.g. COSO) and other internal audits. Understanding of Information Security and Governance Risk and Compliance (GRC) terms, terminology and practices. Strong communication skills for communicating at various levels in the organization. Familiarity with common technical security controls and control frameworks such as ISO 27001/2/17/18, SOC2, GDPR, NIST CSF, NIST 800-53, among others. Industry recognized certifications are a plus, e.g., COMPTIA +, etc. Team-oriented and will promote execution and change through influence and partnership. Experience clearly articulating information security risk into business terms and presenting to company management. Detail and team orientated; ability to work both independently and as a team member. Self-starter, ability to proactively problem-solve, identify, advocate for and execute improvements. Ability to maintain a positive attitude and embrace change, thrive in a fast-paced environment.
