Opening For Senior Cybersec Analyst Lead Auditor

Position

Position Summary:

• Develop and/or enhance program documentation and communication templates used within the program.
• Perform review and validation of documentation and evidence of compliance. Manage and ensure applicable remediations and implementations are executed.
• Collaborate with peers on compliance schedules and deliverables.
• Identify and implement process improvements for internal processes and those related to other IT teams.
• Manage audit requests from both internal and external auditors and review of evidence gathered from IT to ensure integrity, completeness and relevance.
• Manage and assess approval requests for elevated access of information or systems.
• Performs other related duties and participates in special projects as assigned.
• Interpreting security industry standards (CIS20, NIST 800 series, ISO 27001, SOC2, HITRUST).
• Appropriate candidate has in-depth knowledge of security controls, interpreting control requirements for SOC 2, ISO, or HITRUST audits, reviewing control evidence for completeness an accuracy, and ensuring evidence provided to auditors satisfies control requirements.
• Candidate must be capable of planning and leading meetings with control owners and external auditors. They are capable of clearly defining control requirements to control owners or explaining control evidence to external auditors.
• Performs other related duties and participates in special projects as assigned.

Job Knowledge & Skills

• Bachelor degree in Computer Science, Information Systems or discipline related to functional work or role with 5+ years of relevant work experience OR demonstrated ability to meet the job requirements through a comparable number of years of applicable work experience.
• Must have excellent communication skills; both verbal and written.
• IT Audit or Security Certifications such as CISA, ISO 27001LA, SOC2 is strongly preferred.
• Strong documentation skills to properly record appropriate responses in alignment with analysis.
• Supports all aspects of the Information Security Risk Management and Security Awareness Program.
• Identifies security risks that pose a threat to the Companys operations.
• Partners with internal teams to develop plans for risk reduction associated with gaps identified.
• Prepares reports and metrics related to the Risk Management and Security Awareness Program
• Internally assess, evaluate and make recommendations regarding the adequacy of the security controls for the information and technology systems.
• Perform risk assessments, document and track findings through resolution.
• Assist with the implementation of a role-based information security training curriculum and content for high risk positions including developers and IT staff.
• Manage Phishing campaigns across the organization including tracking repeat offenders and remedial training.
• Knowledge of NIST 800-53, NIST CSF, HITRUST, HIPAA, ISO 2700x, and other leading industry security standards and frameworks
• Knowledgeable in security concepts, techniques, tools, methods and practices
• Proven relationship management expertise with both business and technical personnel
• Articulates the value of security controls and their potential business Impacts
• Strong risk analysis, customer service, problem solving, and consulting skills
• Able to interpret and apply policies, standards and procedures in business relevant and applicable way
• Proficient with Microsoft Office Suite (Word, Excel, Power Point)
• Professional with ability to properly handle confidential information
• Ability to work well independently and in a team environment
• Ability to handle multiple tasks, prioritize and meet deadlines
• Ability to work within a matrix organization
• Must have flexibility and willingness to participate in the work processes of an international organization, including conference calls scheduled to accommodate global time zones.