Job Summary
Responsible for facilitating internal and external audits with internal Data and Control Owners and external Auditing Firms. Audits in scope include ISO 9001, ISO 27001, SOC 1, 2, and 3, and Service Provider Payment Card Industry Data Security Standards (PCI DSS).
Key Role and Responsibilities:
1. Facilitate training for internal employees covering in scope requirements, standards, and controls.
2. Conduct meetings to obtain, review, and analyze information from complex systems to include applications, operating systems, databases, and Network devices data in order to identify risk, exposures, and help identify compensating controls to reduce identified security gaps and risk.
3. Conduct meetings with internal employees and external auditors in order to address security control gaps identified in the information provided for review and evaluation by the external auditor.
4. Prepare weekly and month status reports providing details of outstanding audit items and overall status of each audit.
5. Conduct weekly meetings to review the status of each audit and facilitate working sessions to help address open audit issues.
6. Closely manage multiple audits with varying deliverable dates across numerous stakeholders in order to drive successful completion of each audit engagement and provide visibility of roadblocks that could jeopardize an audit completing on time.
7. Perform research and analysis for various audit topics to gain insights and make recommendations to properly address in scope issues.
8. Contribute to the overall success of the team and assist in capturing lessons learned and conducting postmortems to improve the processes and tools for our internal partnering teams and the PCI audit management team.
9. Create postmortem presentations identifying issues encountered during the audit that must be addressed to ensure compliance with all applicable requirements, standards, and controls.
10. Ensure the appropriate Data and Control Owners visibility to the postmortem issues and they provide remediation plans to address all open issues.
Desired Skills
1. Bachelor’s degree in Computer Science, Information Systems, or Accounting is preferred.
2. 5 – 10 years’ experience in IT operations, Security Operations, and Auditing is preferred.
3. In-depth knowledge and experience in IT Security, access controls, network security, logging and monitoring, vulnerability assessments, system hardening, and secure software development is preferred.
4. In-depth knowledge of auditing practices and experience with ISO 9001, ISO 27001, PCI DSS, and AICPA SOC audits is preferred.
5. The following certifications are an asset, CISSP, CISM, CCSK, CCSP, Project Management, and CISA.
Required Skills
1. Advance audit management, project management, time management, Microsoft PowerPoint, Excel, Outlook, and Word skills.
2. Advanced verbal and written skills.
3. Proven ability to perform complex analysis of data to determine trends and develop action plans.