The primary purpose of this position is to support the enterprise information security program by preparing and conducting audits of the information systems environment and associated business processes in the pursuit of maintaining and/or exceeding compliance requirements.
80% Performs day-to-day information security audit functions
- Ensures network security best practices are implemented through auditing: router, switch, firewall configurations, change control, logical access controls, separation of duties, monitoring, and incident response.
- Review, document, evaluate, and test manual and automated computer controls throughout the corporate IT environment, including server, application, middleware, and client-side
- Digest vulnerability testing output, prioritize remediation, and lead remediation efforts with relevant parties.
- Develop and implement testing methodologies for application development, IT infrastructure, security, and availability.
- Conduct network architecture and application security reviews.
- Interpret audit results and make conclusions on the adequacy and reliability of controls; prepare and present reports as necessary.
- Maintain up-to-date baselines for the secure configuration of software and hardware.
- Design and perform reengineering of processes and procedures in need of remediation.
- Conduct gap analysis via testing and recommend specific actions to fix gaps in processes and/or process management.
- Ensure regulatory compliance pertaining to security mandates/guidelines per HIPAA, PCI-DSS, and other related mandates.
15% Assists manager and/or information security officer as needed
- Assists with development and presentation of information security awareness training.
- Participates in meetings with vendors for the purposes of audits and/or due diligence
- Creates and maintains security documentation as needed.
- Assists with ongoing business continuity and disaster recovery planning.
· Bachelor’s degree in IT related field or relevant work experience.
· 3+ years of experience in the IT audit field.
· CISSP and/or CISA required.
· Experience with information technology auditing techniques.
· Demonstrated understanding of information security principles, concepts, practices, and standards including but not limited to, firewalls, intrusion prevention and detection, network devices, TCP/IP and related internet protocols.
· Must be detail oriented.
· Knowledge of regulatory frameworks preferred: HIPAA, PCI-DSS, ISO 27001, NIST, etc…
· Able to perform multifaceted projects in conjunction with day-to-day activities.
· Must possess excellent written and verbal communication skills.
· Demonstrated ability to interact in a positive, respectful manner and establish and maintain cooperative working relationships.
· Ability to display excellent customer service to meet the needs and expectations of both internal and external customers.
· Ability to effectively organize, prioritize, multi-task and manage time.
· Excellent listening and interpersonal communication skills to identify critical core competencies based on success factors and organizational environment.
· Demonstrated accuracy and productivity in a changing environment with constant interruptions.
· Demonstrated ability to analyze information, problems, issues, situations and procedures to develop effective solutions.
· Ability to exercise strict confidentiality in all matters.