Cybersecurity Auditor

Job Summary:

A SOC (Security Operations Center) Auditor is a cybersecurity professional responsible for monitoring, detecting, and responding to security threats within an organization's IT infrastructure.

This role acts as the first line of defense against cyberattacks, working to identify, analyze, and mitigate security incidents. The successful candidate will have a strong understanding of Schellman Methodology and relevant professional standards.

• Demonstrate proficiency in Schellman Methodology
• Guide associates and peers
• Obtain certifications such as ISO LA, CISA, CISSP, AWS CCP
• Successfully run a project from fieldwork through completion
• Understand and demonstrate ability to speak to service lines at a high level and their leaders
• Demonstrate proficiency of SOC 1 GITCs and each Security, Availability, Processing Integrity, Confidentiality, and Privacy SOC 2 criteria
• Demonstrate understanding of Principal Service Commitments and System Requirements and how they impact scope of a SOC 2
• Know all four report opinion outcomes and ability to draft modified opinions
• Demonstrate ability to identify if exception(s) would potentially yield a qualified opinion
• Demonstrate self-organization, consistently and proactively look ahead to future projects, and prepare accordingly
• Schellman Methodology
• Read STMV quarterly, and demonstrate ability to apply concepts (sampling methodology, TA language structure, exception wording, etc.)
• Review and demonstrate ability to apply concepts of AS 2.0 Reference Guide
• Review and demonstrate ability to apply concepts of "EWP WP Guidance"
• Obtain CCSK and begin pursuing second certification such as ISO 27001 LA, CISA, AWS CCP
• Understand and demonstrate ability to articulate differences between SOC 1 and SOC 2
• Participate on project as a shadow or assessor for attestation offerings such as HIPAA, AUP, C5, etc.
• Begin understanding SOC 1 GITCs and each SOC 2 criteria for the Security, Availability, and Confidentiality categories
• Ability to articulate qualified vs unqualified opinion; know all four types of opinions
• Learn services and service line leaders
• Adhere to and complete all matters included in the Associate Score Card
• Accurately manage and report time worked to each project / initiative

• Working knowledge of services, methodology, and relevant professional standards
• Requisite knowledge of applicable technology and security domains
• High level of attention to detail and quality of work product
• Client service-oriented
• Excellent time management, organizational, and verbal and written communication skills
• Ability to work on-site or remotely as a valuable contributor to a collaborative team
• Capable of simultaneously managing assigned tasks for multiple projects
• Proficient using Microsoft Word, Excel, and PowerPoint, as well as service delivery applications
• Full understanding and application of ethics, independence and values

• Bachelor's degree in accounting, finance, business management, technology, or other relevant subject area, or equivalent years of experience directly related to the duties and responsibilities specified
• 2+ years of related professional services experience in information security auditing, assessment, consulting or compliance, focused on ITGC or SOC controls
• Ability to work well independently, within a team and with clients as well as travel ~40-50%
• Maintains (preferred) or working towards obtaining least one certification relevant to services (i.e. CPA, CCSK or CISA)