Security Engineer I - IT Auditor (Remote)
About The Position
The Security Engineer I – IT Auditor will report to the Audits and Assessments Security Engineering Manager in the Technology Department. This role is responsible for assessing the design and testing operating effectiveness of general computer controls and application controls and will also be responsible for conducting third-party (vendor) risk assessments for vendors and other external partners. Work collaboratively with control operators. Assess the risk posed by potential findings and present the findings to the 3rd Party Auditors and senior management. The IT Auditor will also need to stay aware of emerging technologies and risks.
Requirements
- 1-3 years of applicable experience in internal or external IT auditing, or security compliance and/or relevant experience in information technology.
- Bachelor’s Degree in Information Technology, Cybersecurity or related field with focus on information systems preferred
- Experience with a leading internal/external IT audit professional firm
- Possess a combination of technology, security, and analytics skills
- Intellectual curiosity to find new and unusual ways of how to solve cyber security issues
- Ability to approach cyber security challenges while keeping an eye on what is important
- Experience interpreting, analyzing, and maintaining systems
- Ability to creating and maintaining respectful, strong working relationships with both IT and business units to integrate security principles with business operations
- Strong client service orientation
- Ability to prioritize, plan and take initiative and be highly self-motivated
- Strong verbal and written communication skills; positive attitude; ability to work as team member
Nice To Haves
- Technical Certifications a plus
- Knowledge of the Financial Services Industry preferred
- Experience in a high availability environment preferred
Responsibilities
- Perform third-party (vendor) risk assessments, including reviewing security and compliance documentation, identifying control gaps, tracking remediation items, and communicating results to stakeholders.
- Assist in planning audits, executing audit work, and preparing audit reports.
- Developing a keen understanding of IT risks and control activities for information systems, technical infrastructure, data centers, computer operations, and key applications.
- Performing general and application control reviews for simple to complex computer information systems, like Linux, Windows, and databases such as SQL Server, Oracle, and cloud platforms such as Azure.
- Providing recommendations to improve control posture and strengthen IT processes identified through the course of audits and control testing.
- Preparing and presenting written and oral issues/reports and other technical information in a pertinent, concise, and accurate manner for distribution to management.
- Keeping abreast with new technologies and IT control frameworks such as NIST Cyber Security Framework, NIST 800-171 publications, and Cloud Security Frameworks.
- Other duties as assigned.
Stand Out From the Crowd
Upload your resume and get instant feedback on how well it matches this job.
What This Job Offers
Job Type
Full-time
Career Level
Entry Level
