VP – Security Audit & Assurance

Job Description

Job Description: We are seeking a highly experienced VP to lead and enhance our cybersecurity audit and assurance programs. The ideal candidate will have extensive experience in conducting and managing penetration testing, red teaming, social engineering assessments, secure code reviews, and full-scale IT and cybersecurity assessments. This leadership role involves overseeing security audits, and strengthening our client’s overall security posture. #Immediate Joiner. Key Responsibilities: Lead cybersecurity audits and assurance programs across IT systems, applications, and infrastructure for our clients. Oversee penetration testing, red teaming, and social engineering assessments, ensuring effective security testing strategies. Manage secure code reviews and application security assessments to identify and remediate vulnerabilities. Collaborate with SOC teams, vulnerability management teams, and security engineers to enhance threat detection and mitigation. Lead security audit and certification efforts, including ISO 27001, SOC 2 attestations, GDPR etc. Ensure compliance with international security frameworks and data protection regulations (ISO 27001, SOC 2, GDPR, CCPA, NIST, HIPAA, etc.). Evaluate third-party security risks and conduct supplier security assessments. Provide executive-level reports on security assurance findings, risks, and mitigation strategies. Ensure compliance with global security standards and frameworks. Mentor and develop a team of cybersecurity auditors, penetration testers, and security analysts. Qualifications and Skills: 18-20 years of experience in cybersecurity audits, security assessments, and assurance programs. Deep expertise in penetration testing, red teaming, social engineering tactics, and secure coding. Strong knowledge of security frameworks such as OWASP, SANS, CIS, NIST 800-53, ISO 27001, SOC 2, and PCI DSS, HIPAA, GDPR. Experience with security testing tools (Burp Suite, Metasploit, Kali Linux, etc.). Ability to engage with executive leadership and present security risks effectively. Certifications preferred: CISSP, CISA, OSCP, CEH, CRTP, or equivalent. Show more Show less