About Andesite:

Cybersecurity analysts are drowning in an increasingly data-dense security environment. Teams are overburdened. The industry faces a dire talent shortage that threatens the resilience of both government and commercial organizations. 

Andesite is building the next generation cybersecurity analyst experience. Our mission is to supercharge the analysts protecting our country’s networks. When analysts work in our advanced AI security analytics platform, they can analyze decentralized data sets at scale and more quickly respond to threats. They become better and smarter, just by doing the things they’re already built to do. 

We have deep experience with this problem. Our team is born out of the security community and comes from a diverse range of backgrounds and experiences including the CIA, NSA, military, big tech, and start ups.  

We are backed by top investors like General Catalyst and Red Cell Partners. After raising a $15M seed round, we are rapidly scaling. 

Available Location: McLean, VA (hybrid) or Remote (in United States)

The Role:

Andesite is looking for an Audit Manager to join our Security & Compliance team to design, assess, and evaluate our information security and compliance controls, policies, and procedures. You will focus on ensuring our information assets meet rigorous third-party compliance requirements. You have a track record of successfully moving audits to successful closure. As the Audit Manager, you will ensure controls adequately protect and align with industry standards, regulations, and best practices—and more importantly, the controls maintain security measures appropriate for a software-as-a-service vendor.

What You’ll Do:

• Audit Management: Design and conduct detailed assessments and audits for FIPS and NIST 800-53 (Rev. 5), High category for FedRAMP High, and Trust Services Criteria for SOC 2. This includes conducting regular security audits and assessments to identify security controls and processes vulnerabilities and recommending improvements.
• Audit Development: Create and conduct quarterly internal audits to prepare for third-party and customer audits, focusing on security effectiveness and compliance requisites.
• Security by Design: Identify security and other weaknesses in systems and networks and create strategies to capture and close non-conformities, working with control owners to prevent or limit security breaches and ensure our commitments are met. This also includes developing and implementing security measures to protect computer systems and networks.
• Cross-Functional Collaboration: Collaborate cross-functionally across internal functions such as executives, product, engineering, and sales, with the ability to communicate complex technical topics.
• Third Parties: Develop and maintain positive relationships with clients, third-party assessors, and providers to ensure effective communication, timelines, and reporting.
• Thirst for Knowledge: Stay current on the latest or impending revisions to third-party compliance, regulations, and the latest cybersecurity trends, threats, and technologies to ensure audit activities focus on the security posture remaining strong and compliant.

What You Have:

• 5+ years of audit experience, including time at a rapidly scaling startup
• Bachelor’s degree in computer science, Information Technology, or related field
• Must have a current CISA (certified information security auditor) or similar professional certification
• Expertise with regulations and standards, such as FedRAMP, SOC 2, CMMC, NIST, ISO, PCI, and HITRUST – preferably in SaaS
• Experience auditing security controls such as VPN, data loss prevention, IDS/IPS, firewalls, containers, and orchestration
• Familiarity with cloud computing and virtualization technologies
• Experience with governance, risk, and compliance (GRC) tools
• Experience working with and assessing vendors and suppliers
• Strong leadership and management skills
• Strong analytical and problem-solving skills
• Excellent communication and interpersonal skills
• Strong understanding of IT security principles and practices
• Excellent communication, collaboration, and reporting skills
• An ability to work under pressure with aggressive timelines in a fast-paced environment

Even Better If You Have:

• Master’s degree in computer science, Information Technology, or related field.
• Certification such as CISSP or CISM.
• Experience with NIST AI RMF.

What We Offer:

• Top-of-market competitive salary, bonus, and equity package
• 100% employer paid, comprehensive health insurance including medical, dental, and vision for you and your family
• Unlimited PTO, with your manager’s approval
• Flexible work environment where you manage your work day
• A remote-first environment, with occasional travel to collaborate with customers, your team, and teammates from across the company in person
• Home office reimbursement
• 14 weeks of fully-paid parental leave

Salary Range: $140,000 -$175,000. This represents the typical salary range for this position based on experience, skills, and other factors.

Andesite is an equal opportunity employer, and qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender perception or identity, national origin, age, marital status, protected veteran status, or disability status.

We encourage candidates from all backgrounds to apply, even if you don’t feel like you’re a perfect fit. If you’re passionate about contributing to our mission, we’d love to hear from you!

#LI-RCP