Security Analyst (APPZ-SEXX)

Primary Responsibilities:

• Participate in planning, scheduling, and preliminary analysis for all internal and external audit projects.
• Coordinate audit activities including notification and scheduling for all affected parties of audit timing, scope, objectives, approach, and deliverables.
• Work closely with external auditors and internal audit teams on managing and supporting the audits.
• Identify, document, and map technology processes and internal controls of applicable technology infrastructure and operational areas per the scope of the audit project.
• Perform risk assessments of technology infrastructure and operational processes and controls for assigned areas.
• Complete audit testing, inquiry, observation, and other analysis required to meet the objectives of audit projects.
• Communicate progress and results of audits throughout the audit engagements.
• Develop value-added recommendations to deal with issues identified during assigned audits and draft audit reports to formally communicate the results of the audit and related recommendations.
• Monitor implementation of outstanding audit recommendations and validate their implementation.

Required Skills & Qualifications:

• Bachelor’s degree in Information Systems or related field, or equivalent experience
• Certified Information Systems Auditor (CISA) and/or Certified in Risk and Information Systems Control (CRISC) strongly preferred. Other certifications add value such as Certified in Governance of Enterprise IT (CGEIT), Certified Information Security Manager (CISM), Certified Information Security Professional (CISSP), CPA, and/or CIA.
• Minimum 3 years of internal or external audit experience with Big 4 Audit Firms, with exposure to the following compliance frameworks AT101 Type2 SoC1 and SoC2 (SSAE16), ISO2700x, FedRamp, COPPA, ITIL, NIST, PCI DSS
• Understanding of Cloud industry technologies and IaaS, PaaS, SaaS platforms preferred. The ability to quickly acquire and apply knowledge of changing technologies implemented is essential.
• Good understanding of audit process/methodology, and risk management/advisory ability.
• Ability to adapt to a changing environment, meet deadlines, and handle multiple projects.
• Experience in using a risk-based audit approach in evaluations of and recommendations for management processes.
• Ability to present audit findings and recommendations in a manner that will be understood and accepted by all responsible parties.
• Posses the tenacity to pursue difficult and sensitive issues to an acceptable conclusion
• Excellent communication, interpersonal, time management and issue resolution skills.
• Excellent analytical skills, organizational skills, ingenuity and the ability to work as part of a team