Position: Information Security Audit and Compliance Analyst
Location:: Remote
Salary:: $85,000-120,000 DOE
We are a well established and growing SaaS company looking to hire an Information Security Audit and Compliance Analyst to join one of our InfoSec team.
In this position, you will maintain policies, procedures, and standards across IT. You will also perform controls testing across all IT disciplines.
You will be leveraging industry best practices and business needs to help advance the compliance program and support the information security risk management program. In this role, you will be working with stakeholders across IT to address gaps, and work with owners to develop timely solutions to reduce IT security risk across our organization.
This position reports to our Chief Information Security Officer. Our InfoSec team is small but critical to our company so this role is a blend of strategic design and tactical execution of initiatives. The most important skills candidates must possess is experience conducting SOC audits.
This is a full-time, permanent position. This position can be 100% remote. We are also open to offering relo assistance for those who are wanting to work onsite in a hybrid format in the Atlanta area.
**Candidates with completed questionnaires will be reviewed first**
What You Will Be Doing
-Working with business owners and process owners to create or modify policies, procedures, process, and standards
-Reviewing documents for accuracy related to policy, internal controls and audit requirements
-Performing annual business impact assessment
-Reviewing vendor SOC reports for appropriate IT controls, as part of the Vendor Risk Monitoring program
-Collecting and reporting on remediation plans along with charting progress of open risk items to resolution
-Conducting testing of IT Controls for SOC 2, PCI and SOX to identify and evaluate risk exposures and determine the effectiveness of controls
-Reviewing process documentation and assisting control owners to develop a repeatable process, help create flow charts, and procedures to remediate control gaps
-Creating status reports for management on open findings
-Keeping senior management apprised on the status of information security issues and initiatives
What You Need for this Position
Must Haves:
-Bachelors degree from a four-year college or university required
-2-5+ years of experience in SOC 2 controls testing with experience testing operating systems and networks
-Good understanding of IT Processes to develop policies and procedures for change control, software upgrades, release management, etc
-Ability to write detailed IT and security policies
-Knowledge of a wide variety of information security concepts, services, and technologies
-Experience working in a global organization with stakeholders located across the globe
-Ability to problem solve and manage business needs/IT changes in a rapidly changing complex technical environment
-Excellent verbal and written communication skills to technical and non-technical audiences of various levels in the organization
-Proficiency in establishing and maintaining effective working relationships with employees
Nice to Haves:
-PCI, and SOX controls testing experience
-CISSP, CISA, SANS GIAC, or relevant security certification(s) preferred
What's In It for You
-Bonus
-Medical, Dental and Vision Benefits
-Fully Remote Compatible
So, if you are a Remote Information Security Audit Analyst with experience, please apply today!
Colorado employees will receive paid sick leave. For additional information about available benefits, please contact Rachel Reid
For this position you must be currently authorized to work in the United States. We do not sponsor for this position.
Email me to apply for this position