Audit Manager

Job Description

Client questionnaires Security auditing ISO 27001:2022 Audit coordination NIST CSF Audit program development Security Analyst / Client Analyst experience Good to Have: CISSP certification ISO certification OneTrust GRC tool experience Role Overview: We are seeking an experienced and motivated Infosec Audit Manager to join our Information Security and Risk Management team. This role reports to the Director of Information Security Governance, Risk, and Compliance and supports the CISOoffice. You will be responsible for managing and coordinating internal and external audits while ensuring regulatory compliance and enhancing the organizationsecurity posture. The ideal candidate is a self-starter with deep technical knowledge, strong audit and compliance experience, and excellent communication and relationship-building skills. Key Responsibilities: Audit Management: Develop audit programs and plans for ISO, SOC 2, and other audits. Manage internal and external audit engagements and coordinate evidence collection through the OneTrust GRC tool. Oversee the entire audit process, ensuring compliance with relevant standards and frameworks. Review audit reports, management responses, and supporting documentation to ensure accuracy and quality. Identify gaps and provide actionable, practical recommendations for improvement. Validate the sufficiency of evidence in line with control requirements. Design both automated and manual control testing methodologies. Governance, Risk & Compliance (GRC): Support the implementation of compliance-by-design and security-by-design principles across the organization. Assess compliance with evolving regulatory requirements such as ISO 27001, NIST 800-53, SOC 2, and HIPAA. Coordinate with stakeholders to perform internal control testing and risk assessments. Conduct internal compliance assessments and prepare stakeholders for external audits. Develop and maintain scalable models and tools for compliance management and reporting. Draft and review internal policies, provide feedback, and support operationalization of policies. Generate audit dashboards and reports for leadership to drive informed decision-making. Stakeholder Engagement & Collaboration: Collaborate effectively across teams and establish strong relationships with control owners and operators. Promote a culture of compliance and awareness aligned with the firmrisk tolerance. Provide guidance and training on security and compliance practices. Experience & Qualifications: Bachelordegree in Computer Science, Engineering, or related field (or equivalent work experience). 812 years of relevant experience in information security audits and compliance. Hands-on experience with security frameworks and standards: ISO 27001:2022, SOC 2, NIST 800-53, NIST CSF, COSO, HITRUST. Experience with regulatory compliance (e.g., HIPAA).