Senior Information Security Auditor

About the position

We are seeking a detail-oriented and experienced Information Security Auditor to join our growing IT security and compliance team. The ideal candidate will support the organization in ensuring adherence to regulatory standards, maintaining compliance frameworks, lead audits and assessments related to PCI DSS and other IT security policies. This role involves collaborating with multiple departments to enhance security and compliance measures effectively.

Responsibilities

• Lead and manage internal and external audit engagements, serving as the primary point of contact for auditors and ensuring timely and accurate completion of audit requests.
• Ensure the organization's compliance with PCI DSS and SOC 2 standards by implementing controls, conducting assessments, and managing remediation plans.
• Assist in the creation, review, and updating of IT security and compliance policies to align with regulatory requirements.
• Identify compliance risks, conduct risk assessments, and recommend corrective actions to minimize security vulnerabilities.
• Prepare and maintain audit documentation, facilitate internal and external audits, and coordinate responses to compliance inquiries.
• Conduct training sessions and awareness programs to educate employees on compliance requirements and best practices.
• Assess third-party vendors for compliance with PCI DSS and other relevant security standards.
• Stay updated on regulatory changes and emerging compliance trends to ensure the organization remains compliant with evolving requirements.
• Work closely with IT, Security, Legal, and Business units to integrate compliance measures into daily operations.

Requirements

• Internal Security Assessor (ISA), Qualified Security Assessor (QSA), PCI Professional (PCIP), Certified Information Systems Auditor (CISA), Certified Information Security Manager (CISM), or other relevant certifications.
• Bachelor's degree in Information Technology, Cybersecurity, Business, or a related field or equivalent years of experience.
• 5+ years of experience in IT compliance, IT security, or a related field.
• Hands-on experience with PCI DSS compliance.
• Familiarity with other compliance frameworks such as ISO 27001, SOC 2, HIPAA, GDPR is a plus.
• Understanding of IT security controls and best practices.
• Experience with compliance assessment tools and audit methodologies.
• Knowledge of network security, encryption, and data protection practices.
• Strong analytical and problem-solving abilities.
• Excellent communication and interpersonal skills.
• Ability to work independently and manage multiple projects simultaneously.
• Detail-oriented with a strong commitment to accuracy and compliance.

Benefits

• Considerable employer contributions for health, dental, and vision programs
• Generous PTO, paid holidays, and paid parental leave
• 401(k) matching program
• Merit advancement opportunities
• Career development & training
• Team spirit and culture fostering community, connection, and belonging