Cyber Security Auditor

Cyber Security Auditor

Responsibilities:

- We're looking for a Security Audit Compliance/Cyber Security Auditor to join our Engineering Team. The team builds products for 10M+ users and internal teams. Our team consists of generalist engineers who work on building modern websites (SPA & Isomorphic), mobile apps for Android & iOS, REST APIs and servers, internal tools, and infrastructure for all our users.

- Updates job knowledge by participating in educational opportunities like reading professional publications, maintaining personal networks, and participating in professional organizations.

- Meets work standards by following production, productivity, quality, and customer-service standards; resolving operational problems; and identifying work process improvements.

- Ensures compliance with regulations and controls by examining and analyzing records, reports, operating practices, and documentation; and recommending opportunities to strengthen the internal control structure.

- Provides business-specific interpretations and supports automation opportunities while working with DevOps teams.

- Establishes credibility and maintains good working relationships with groups involved with payment security and compliance matters (InfoSec, Legal, Business Development, Internal Audit, Fraud, Physical Security, Developer Community, Networking, Systems, etc.).

- Collaborate with Compliance Specialists and business/service teams to understand and validate assessment scope.

- Review security controls that are technical in nature, such as access controls, data encryption in transit and at rest, and auditing and logging user activity.

- Responsible for building and influencing security as a core competency throughout our relationships with internal teams/partners/vendors; this includes providing education and training to the organization.

- Delivers recommendations and risk interpretations in a clear, concise and audience-specific format

- Engages with the Business and SMEs to ensure compliance to information security policies

- Supports ad-hoc data analysis requests

- Analysis of historical data to identify trends and insights

- Leads the creation, implementation, monitoring, and maintenance of security Policies and Standards

Some specific Requirements:

- Professional auditing qualification like ISO Lead Auditor with 3+ years in third party contractor underwriting or supplier vetting.

- Strong communication and multitasking skills

- A keen eye for detail

- 4+ years of relevant industry experience including information assurance, data privacy and compliance in healthcare domains.

- 3+ years of information security governance, audit, risk management or related client service or consulting experience.

- Skilled in risk management, business risk analysis and making complex business/risk trade-off recommendations and decisions.

- Technical knowledge and familiarity with information security standards.

- Related security control and compliance experience in various frameworks including: HIPAA, HITRUST, PCI DSS, GLBA, ISO, NIST, etc.

- CISSP, CISA, CISM, CIPP, CEH and/or other comparable security controls or audit certifications preferred.

- Experience with service-oriented architectures and web services security.