The IT Auditor prepares and executes the internal process necessary to achieve one or more of the following compliances with an accredited audit firm: SOC 2, PCI, ISO 27001, or FedRAMP, within a product brand. The Security Auditor scopes the proper policy, controls, and processes to a specific product examination(s), working directly with Legal, HR, Procurement, IT, SecOps, DevOps, and CloudOps departments.

WHAT YOU’LL DO

• Responsible for the internal preparation and execution for one or more compliance audit engagements, within a product brand
• Participates in interviews and walkthroughs with multiple stakeholders to communicate processes and gather evidence to for audit firm test objectives 
• Schedule, organize, and monitor audit evidence and activity through a GRC tool
• Advise on technology, security standards, and processes to bridge the gap between practice and expected control performance 
• Review or edit reports for service systems, and control descriptions, management assertions, operation overviews, subservice organization, and user entity controls
• Other duties as assigned

QUALIFICATIONS

• Bachelor’s degree in Computer Science, Security Management, Cybersecurity, or comparable work experience 
• Minimum 2 years direct experience with internal/firm IT audit, or consulting
• Advanced knowledge of security frameworks SOC 2, PCI, ISO, CMMC, or FedRAMP 
• Excellent analytic, communication, collaboration, and documentation skills
• Ability to articulate compliance concepts with peers and to a technical audience
• Proficient with Microsoft 365 business applications, and GRC tools 
• Desirable Certifications: CIA, CISA, CISM, CISSP, CRISC, GIAC

ID: 2975