Threat Level: green Handler on Duty: Didier Stevens

SANS ISC: InfoSec Jobs InfoSec Jobs

Participate: Learn more about our honeypot network

Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!
Senior Security Auditor
Company Interos
Location Arlington, VA or Remote
Preferred GIAC Certifications GSNA, GCCC, GSTRT
Travel 5%
Salary Not provided
Contact Name Bryan Scarbrough
Contact Email bscarbrough/at/
Expires 2021-11-16

Job Description

The Senior Security Auditor's focus is to plan, assess, document, and report on security control compliance, effectiveness in annual and continuous monitoring capacities. The Senior Security Auditor is responsible to examine and analyze information systems operations and identify opportunities for improvement and assess risks. The Senior Security Auditor participates in audit planning and execution meetings, evaluates policies and procedures to ensure appropriate internal controls surrounding information systems are maintained and works with management to develop strategies and provide recommendations on strengthening controls, mitigating risk, and implementing corrective actions. This role is responsible to document and report audit findings to management. We are looking for a career-level professional within field considered highly skilled and proficient in their discipline.

Essential Functions/duties:
- Execute test procedures of critical technology functions, cloud-based infrastructure, cybersecurity, risk management, application, and third-party management.
- Perform risk assessments of business activities and perform relevant testing based on the risks and processes associated with the area being audited. Assist in communicating issues, risks and recommendations to all levels of management.
- Operate independently and ensure work is completed to schedule and meets our high-quality standards.
- Prepare clear, organized and complete documentation to support work performed.
- Develop and maintain strong and effective working relationships with key business partners and the extended Audit group.
- Leverage available data and analytical tools during the planning and fieldwork phases of audit delivery.
- Proactively follow-up on agreed audit actions to ensure management delivers their commitments within the agreed timescales.
- Proactively seek out learning opportunities to enhance skills and competencies related to role.
- Pursues annual re-certifications of FedRAMP, SOC2, ISO 27001 and others
- Other duties as assigned.

Minimum Qualifications:
- Relevant Bachelor’s degree and at least 6+ years of relevant experience required.
- Type of Credentials/Licenses: GSNA, GCCC, GSTRT, CISSP, CISA, CISM, CAP, CIA, and/or CEH preferred.
- Exposure to relevant industry frameworks (e.g. NIST cyber security framework, NIST 800 series, FedRAMP, CIS benchmarks, etc)
- Experienced in Red/Blue/Purple Team exercises
- General IT knowledge in one or more of the following areas is required:
- Cloud environments
- Networking
- Operating Systems (Windows, MacOS, *UNIX)
- Databases
- Application development
- Project management

Preferred Qualifications:
- Prior working experience with Cloud security preferred

Core Competencies:
- Strong analytical and time management skills.
- Self-starter and quick learner.
- Conducts complex, important work under minimal supervision and with wide latitude for independent judgment