Risk & Compliance Auditor

About The Position

Requirements

• Bachelor's degree in Business or related field required.
• Minimum of 3 years of related auditing experience required, including exposure to information security controls.
• Experience addressing security and compliance terms in commercial contracts.
• Experience with ISO 27001 and privacy frameworks, and auditing to those frameworks.
• Experience completing security questionnaires and evaluating vendors.
• Experience with Governance, Risk and Compliance tools.
• Strong interpersonal, written, and verbal communication and presentation skills.
• Strong analytical, problem-solving, and conflict management skills.
• A curious and practical mindset that can balance compliance with ethical and business needs.
• Ability to work cross-functionally, with many teams, including sales, infrastructure, security, and product teams.
• Ability to influence and lead business partners and supporting teams.

Responsibilities

• Coordinates and conducts internal and external audits for SOC 2 Type II, ISO 27001, PCI-DSS, Professional Background Screening Association standards (FCRA) and other standards.
• Evaluates audit results, recommends improvements, and issues deficiency notices as needed.
• Evaluates, monitors and consults on resulting corrective action plans and remediation efforts.
• Coordinates and manages the completion of penetration tests with external consultants and internal resources, and the development, implementation, and monitoring of related corrective action plans, and distribution of resulting reports to interested parties.
• Reviews policies, guidance and training for information security, and provides consulting services promoting overall achievement of corporate security objectives and compliance with regulatory and customer requirements.
• Maintains security incident response plans and metrics.
• Leads evaluation of security incident reports, and execution of incident response efforts, including task management, resource coordination, after action reviews, and incident documentation.
• Participates in business continuity efforts by assisting with annual security incident tabletop exercises and generating a post-exercise review.
• Manages the Optro Governance, Risk & Compliance software platform, including creating audits, deploying audit questions, entering corrective actions, generating reports and monitoring completion status.
• Triages security policy exceptions.
• Evaluates and consults on the business risks and proposed compensating controls.
• Follows up on approved exceptions expiring.

Benefits

• 70+ years of stability and growth as a family-owned business
• Certified Great Place to Work® (8-time recipient)
• Named a Top 100 Most Loved Workplace®
• Recognized as a Top Company for Women to Work for in Transportation (2024)
• Collaborative culture
• Meaningful work
• Opportunities to make a real impact
• Professional Referral Program