TPRM Auditor
1 month ago
VISO Trust is a venture-backed startup with a fully remote workforce based in North America. When hiring, we look for signs that a candidate will thrive in our culture, where we put people first and value ownership, curiosity, honesty and humility in the pursuit of excellence. We also value our differences, employing a team rich in diverse perspectives and experiences. We are dedicated to equal employment opportunities regardless of status or membership in a protected class or lack thereof.
Key Skills
● Strong analytical/critical thinking skills
● Excellent written, verbal communication and organisational skills
● Ability to perform policy and standard gap analysis based on leading security frameworks
● Knowledge of common control and policy taxonomies and hierarchies and related language
● Knowledge of common third party assurance related documents, their structure and analysis, such as AICPA SOC reports, PCIDSS ROC, HiTrust, ISO 27001 Statements of Applicability, etc..
Responsibilities
● Apply Company methodology to evaluate control presence and determine risk
● Document assessment procedures for subsequent automation
● Review business and technical assessments, questionnaires and related documentation
● Schedule and conduct review calls with third parties: ensure and track questionnaires sent to third parties, track and report on abandoned third parties, receive and review questionnaires responses and finalize reports
● Coordinate other due diligence that needs to be done in addition to security questionnaire when needed
● Collaborate with the Company Audit, Product, Engineering and Machine Learning personnel to develop continued program process and platform improvements
● Report on assessment outcomes, risk levels, and remediation progress
Requirements
● Bachelor’s degree with a major in Information Security or equivalent combination of education and experience, ie. CISSP, CISA, CIPP, CRISC, CEH, and/or CISM
● 4-6 years of experience with third party cyber risk management
● Have performed IT risk assessments against OWASP, PCI, GLBA, NIST, ISO, SIG/AUP or other standards
● Strong knowledge base in information security, risk management, privacy, operations, enterprise networking, systems evaluation, and architecture
● Ability to discern business relevant risk associated with technology control deficiencies, and to identify the corresponding remediation which is required to mitigate the business impact
● Knowledge of security, risk and privacy regulatory frameworks such as NIST, SOX, PCI, HIPAA, ISO, Safe Harbor, CSA, etc.
● Self-starter who can function independently with limited direction but work closely with others when necessary
Submit your resume below to apply for this position or share at
-
Senior ServiceNow IRM Developer
2 weeks ago
delhi, India AvanteNow Full timeJob Title: Senior ServiceNow IRM DeveloperExperience Level:6-8 years of ServiceNow Development experience specially in IRM module of ServiceNowMandatory and Good to Have Skill Set:Mandatory:ServiceNow development experience with hands-on experience in Integrated Risk Management (IRM)Developing and implementing IT, GRC (Governance, Risk, and Compliance),...
-
[15h Left] ServiceNow GRC Architect
5 days ago
Delhi, India AvanteNow Full timeJob Title: Senior ServiceNow IRM DeveloperExperience Level:- 6-8 years of ServiceNow Development experience specially in IRM module of ServiceNowMandatory and Good to Have Skill Set:Mandatory:- ServiceNow development experience with hands-on experience in Integrated Risk Management (IRM)- Developing and implementing IT, GRC (Governance, Risk, and...