IT Audit & Risk Assessor

Responsibilities:

• Manage CJIS obligations, including monthly and yearly audits, clearances for employees, and associated CJIS efforts
• Assist with Federal and international government security audits (e.g. FedRAMP, StateRAMP, Canadian government compliance obligations Strategize and outline goals and objectives of the GRC (IT Audit and Risk management) programs.
• Assist with security efforts to meet HIPAA, SOC 2 Type I & II, and other compliance requirements.
• Work directly with Information Security, Legal, HR, Compliance and Development teams to ensure secure IT and IS best practices are fully adopted at Filevine.
• Help train employees on auditing secure coding techniques to mitigate the need for break-fix/out-of-band patching.
• Review audit, compliance and risk assessment issues that arise and manage them to resolution.
• Provide audit frameworks and risk assessment methodologies contemplating new software solutions to help mitigate security vulnerabilities and other business risks.
• Maintain documented Policy and Procedure libraries for compliance purposes.
• Complete Third-party vendor risk management and security questionnaires for Filevine.
• Provided annual Internal audit and risk assessment functions.
• Facilitate and lead annual penetration testing and auditing efforts.
• Develop a familiarity with new auditing and risk assessment tools and techniques.

Qualifications:

• Bachelor’s Degree or equivalent in Computer Science, Computer Engineering, Information Technology, or related field
• 4+ years of experience in IT Audit and direct experience related to risk assessment methodologies.
• Proven work experience as IT Audit & Risk Assessor with a passion for details and security.
• Familiarity with auditing and assessing the OWASP Top 10.
• Experience with managing risks, fraud, and security threats.
• Knowledge of web related technologies (Web applications, Web Services and Service Oriented Architectures, Web Databases) and of network/web related protocols.
• Experience assessing, testing, or auditing technical IT and security controls.
• Working knowledge of and demonstrated experience with SOC II Type I & II, HIPAA Security Rule, FedRAMP Moderate, CJIS, GDPR, CCPA/CPRA and other compliance frameworks.
• Demonstrated knowledge of assessing development methodologies (Agile, Waterfall).
• Ability to work in a fast-paced environment.
• Must exhibit excellence in partnering, teamwork, and quality performance.
• Able to effectively give, receive, and respond to feedback.
• Excellent oral and written communication skills with the ability to communicate security concepts to a technical and non-technical audience including senior management.
• Demonstrated ability to establish relationships and build rapport to influence colleagues at all levels, uncover issues, and identify needs.

Preferred Qualifications:

• Significant experience with auditing frameworks, formal audits, and risk assessment experience.
• Significant experience with automated auditing and compliance tools.
• GRC tool Certification or equivalent experience.
• CISSP Certification or equivalent experience.
• CISM Certification or equivalent experience.
• CISA Certification or equivalent experience.
• CIPP/US Certification or equivalent experience.
• CRISC Certification or equivalent experience.