IT Auditor

Job Opportunity:

A Cybersecurity Professional is responsible for monitoring, detecting, and responding to security threats within an organization's IT infrastructure. They act as the first line of defense against cyberattacks, working to identify, analyze, and mitigate security incidents.

Responsibilities:

• Demonstrate proficiency in auditing methodology
• Guide colleagues and peers
• Obtain relevant certifications (ISO LA, CISA, CISSP, AWS CCP)
• Successfully manage projects from initiation through completion
• Understand and demonstrate ability to speak to service lines at a high level and their leaders
• Demonstrate proficiency of SOC 1 guidelines and each Security, Availability, Processing Integrity, Confidentiality, and Privacy SOC 2 criteria
• Demonstrate understanding of principal service commitments and system requirements and how they impact scope of a SOC 2
• Know all four report opinion outcomes and ability to draft modified opinions
• Demonstrate ability to identify if exceptions would potentially yield a qualified opinion
• Demonstrate self-organization, consistently and proactively look ahead to future projects, and prepare accordingly
• Review and apply concepts of auditing methodology
• Review and apply concepts of AS 2.0 Reference Guide
• Review and apply concepts of EWP WP Guidance
• Obtain CCSK and begin pursuing second certification (ISO 27001 LA, CISA, AWS CCP)
• Understand and demonstrate ability to articulate differences between SOC 1 and SOC 2
• Participate on projects as a shadow or assessor for attestation offerings such as HIPAA, AUP, C5, etc.
• Begin understanding SOC 1 guidelines and each SOC 2 criteria for the Security, Availability, and Confidentiality categories
• Ability to articulate qualified vs unqualified opinion; know all four types of opinions
• Learn services and service line leaders
• Adhere to and complete all matters included in the Associate Score Card
• Accurately manage and report time worked to each project / initiative

Required Skills and Qualifications:

• Working knowledge of auditing services, methodology, and relevant professional standards
• Requisite knowledge of applicable technology and security domains
• High level of attention to detail and quality of work product
• Client service-oriented
• Excellent time management, organizational, and verbal and written communication skills
• Ability to work on-site or remotely as a valuable contributor to a collaborative team
• Capable of simultaneously managing assigned tasks for multiple projects
• Proficient using Microsoft Word, Excel, and PowerPoint, as well as auditing applications
• Full understanding and application of ethics, independence and values

Benefits:

• Bachelor's degree in accounting, finance, business management, technology, or other relevant subject area, or equivalent years of experience directly related to the duties and responsibilities specified
• 2+ years of related professional services experience in information security auditing, assessment, consulting or compliance, focused on ITGC or SOC controls
• Ability to work well independently, within a team and with clients as well as travel ~40-50%
• Maintains (preferred) or working towards obtaining least one certification relevant to auditing services

Other Opportunities:

• Shadow or assist experienced auditors on engagements
• Develop skills and knowledge in emerging technologies and methodologies
• Collaborate with cross-functional teams to deliver high-quality results
• Pursue certifications and continuous education to advance career