Senior Analyst, IT Corporate Audit - Cybersecurity

About The Position

Requirements

• 3+ years of experience in information security, risk, or compliance, with a focus on cybersecurity controls.
• At least one relevant cybersecurity certification (e.g., CISSP, CISM, or equivalent)
• Bachelor’s degree in Information Technology, Cybersecurity, or a related field preferred or equivalent experience (High School Diploma + 4 years of relevant experience).

Nice To Haves

• Experience in a large, complex environment (e.g., healthcare, insurance, or retail).
• Demonstrated ability to independently execute moderately complex audit or control testing areas.
• Working knowledge of regulatory and industry frameworks (e.g., HIPAA, ISO, PCI DSS, NY DFS, NAIC, SOX, HITRUST).
• Familiarity with cybersecurity domains such as cloud security, vulnerability management, ransomware, and security testing tools.
• Proven ability to collaborate across teams and build strong stakeholder relationships.
• Strong analytical, problem-solving, and critical thinking skills.
• Effective written and verbal communication skills.

Responsibilities

• Independently execute cybersecurity audit testing, including performing detailed test procedures, evaluating control design and operating effectiveness, and documenting results in accordance with audit standards and methodology.
• Own assigned audit areas end-to-end, including walkthroughs, evidence collection, validation, and workpaper documentation, ensuring accuracy, completeness, and audit defensibility.
• Perform testing procedures to assess key cybersecurity domains, including cloud security (Azure & GCP), network security, data protection, application security, and third-party/vendor risk management.
• Identify control gaps, document exceptions, and contribute to the development of audit findings and recommendations.
• Apply risk-based thinking when evaluating issues, including consideration of mitigating and compensating controls.
• Collaborate with Audit Managers and team members to support audit execution, validate control effectiveness, and ensure timely completion of deliverables.
• Partner with IT, compliance, and business stakeholders to understand processes, obtain evidence, and validate remediation activities.
• Build and maintain effective working relationships across technology teams.
• Leverage data analytics and emerging technologies (e.g., AI tools) to enhance audit testing procedures, coverage, and efficiency.
• Contribute to continuous improvement of audit methodologies, tools, and testing approaches.
• Develop clear, concise, and well-supported workpapers and documentation.
• Effectively communicate audit results, issues, and risks to audit team members and management.
• Stay current on cybersecurity risks, trends, tools, and techniques and apply insights to audit testing and risk identification.
• Support knowledge sharing and training efforts within Internal Audit to enhance cybersecurity awareness and capabilities.

Benefits

• medical
• dental
• vision coverage
• paid time off
• retirement savings options
• wellness programs