Job Title: Security Audit Analyst
Location: 100% Remote
Skills: Must have experience with SOC2, HIPPA, auditing, compliance, risk management, and testing
Salary: $90k - $130k base (+full benefits, bonus, etc.). This is a full time, direct hire role. No contracting.
We are in startup mode in terms of governance, and looking for someone who will excel in this arena.
This position will be responsible to implement security measures and monitor the effectiveness of IT controls for security. This position participates in raising the level of security awareness among employees, works to assess branch facilities for security, works with external vulnerability assessments and auditor activities, and assists with security policies, activities, standards, and mitigation of information security risks.
Essential Duties and Responsibilities
-Primary person responsible for Third Party Risk Management, assessment requests, vendor evaluations and remediation oversight
-Track enterprise compliance across several security frameworks including NIST and SCF.
-Develop and deliver operational and executive reports / metrics to track and report on security initiatives, processes, and risks.
-Aid development of security processes and procedures and manage security controls.
-Engage in the development of security and privacy awareness training.
-Perform information security assessments, compliance gap analyses, and risk assessments
-Develop written information technology and security policies and procedures
-Work directly with clients to provide advisory services and guidance that will reduce organizational risk, improve their overall security posture, and achieve compliance
-Prepare reports and other deliverables that contain strategy, technical analysis, findings, and recommendations
-Provide approved responses to client inquiries and maintain library of records, documentation, and responses
-Ensures key security controls are identified, implemented, tested, and remediated as required
-Manage / configure enterprise GRC tool.
Education
-Minimum 4 Year / Bachelor's Degree in a related field
-Certification - One or more of the following Certifications: CISSP, CRISC, CISA, CISM or other equivalents
Experience
-Minimum Years of Experience 3-5 years Experience in Information Security with combinations in operational security, risk management, IT, Compliance and Audit.
-2 years experience specific to Security Risk Management and Compliance programs, process and execution.
Knowledge, Skills, and Abilities
-Ability to write solution workflow diagrams, system documentation, playbooks, etc.
-Strong analytical skills
-Excellent written and verbal communications skills, including presentational skills
-Ability to work with others in both individual and team settings.
-Understanding of or experience with industry and regulatory standards, including NIST 800-53, HIPAA Security Rule, ISO 2700x, AICPA SOC 2, PCI DSS, GDPR, CCPA
-Prior experience auditing and performing quality control actions of audits.
-Experience with GRC tools for information gathering and reporting
-Expertise and understanding of five or more of following areas:
-Cyber risk program management and delivery
-Security architecture
-Security technologies (e.g., firewalls, security event monitoring, intrusion detection and prevention, malware detection)
-Data protection
-Application security/SDLC
-Third party risk management
-Cloud security
-Security Training & Awareness
Benefits
Applicants must be authorized to work in the U.S.
Jen Dorand is recruiting for this position and the positions below.
Email me to apply for this position
Employees will receive paid leave to the extent required by state or local law. This job was first posted by CyberCoders on 05/02/2024 and applications will be accepted on an ongoing basis until the position is filled or closed.
CyberCoders, Inc is proud to be an Equal Opportunity Employer
All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, age, sexual orientation, gender identity or expression, national origin, ancestry, citizenship, genetic information, registered domestic partner status, marital status, status as a crime victim, disability, protected veteran status, or any other characteristic protected by law. CyberCoders will consider qualified applicants with criminal histories in a manner consistent with the requirements of applicable state and local law, including but not limited to the Los Angeles County Fair Chance Ordinance, the San Francisco Fair Chance Ordinance, and the California Fair Chance Act. CyberCoders is committed to working with and providing reasonable accommodation to individuals with physical and mental disabilities. If you need special assistance or an accommodation while seeking employment, please contact a member of our Human Resources team to make arrangements.
Your Right to Work – In compliance with federal law, all persons hired will be required to verify identity and eligibility to work in the United States and to complete the required employment eligibility verification document form upon hire.