Info Systems Audit Associate II
Sempra•San Diego, CA
About The Position
The role primarily focuses on conducting comprehensive internal audits of IT systems with an emphasis on evaluating cybersecurity risks. By collaborating with cross-functional teams, the role will address key vulnerabilities, assess control mechanisms, and contribute to the overall strengthening of IT security frameworks and risk mitigation strategies. The position executes a broad range of testing and analysis for information systems audits. It recommends practical adjustments to test steps, communicate routine issues to stakeholders, and contribute to reporting.
Requirements
- Typically requires a 4-year degree in a relevant field, or equivalent combination of relevant education and experience.
- Typically requires 2 years of related experience.
- Must reside in Southern California or be willing to relocate upon hire.
- IT Audit Methodologies - Proficiency in applying structured approaches and methodologies for conducting IT audits, ensuring thorough evaluation of systems and controls.
- Risk Assessment Techniques - Expertise in identifying and assessing risks associated with information systems, and developing strategies to mitigate these risks.
- Information Security Standards - Understanding of industry standards and frameworks such as ISO 27001, NIST, and COBIT for evaluating and improving information security practices.
- Data Analytics Tools - Proficiency in using data analysis tools to examine large datasets for patterns and anomalies that may indicate fraudulent activity.
- Network Security Assessment - Ability to evaluate and assess network security controls, identifying vulnerabilities and recommending improvements to protect information assets.
- Cybersecurity Fundamentals - Knowledge of cybersecurity principles and practices to assess the effectiveness of security measures and protect against digital threats.
- System and Application Controls - Expertise in evaluating system and application controls to ensure accuracy, reliability, and security of data processing and information flows.
- Regulatory Compliance - Ensuring an organization's adherence to laws, regulations, guidelines and specifications relevant to its business processes.
- Report Writing and Documentation - Skill in preparing detailed reports and documentation of fraud investigations and prevention activities for stakeholders.
- Continuous Monitoring Tools - Proficiency in implementing and utilizing continuous monitoring tools to track system performance and detect potential security breaches in real time.
Responsibilities
- Performs control testing for application, technology, and operations processes and evaluates whether evidence meets defined criteria.
- Proposes refinements to test procedures when populations or tools differ from plan while maintaining methodological compliance.
- Analyzes privileged access, security configuration hardening, logging and other cybersecurity control artifacts to identify exceptions and potential impact.
- Summarizes testing results and drafts preliminary observations that link criteria, condition, cause, and effect.
- Coordinates with technology teams to obtain extracts or configuration exports required for sampling and analysis.
- Participates in entrance and exit meetings, explaining straightforward procedures and conclusions.
- Contributes to follow‑up reviews by confirming remediation activities and gathering validation evidence.
- Performs other duties as assigned.
Stand Out From the Crowd
Upload your resume and get instant feedback on how well it matches this job.
Upload and Match Resume
What This Job Offers
Job Type
Full-time
Career Level
Entry Level
