|Location||Arlington, VA or Remote|
|Preferred GIAC Certifications||GSNA, GCCC, GSTRT|
|Contact Name||Bryan Scarbrough|
The Senior Security Auditor's focus is to plan, assess, document, and report on security control compliance, effectiveness in annual and continuous monitoring capacities. The Senior Security Auditor is responsible to examine and analyze information systems operations and identify opportunities for improvement and assess risks. The Senior Security Auditor participates in audit planning and execution meetings, evaluates policies and procedures to ensure appropriate internal controls surrounding information systems are maintained and works with management to develop strategies and provide recommendations on strengthening controls, mitigating risk, and implementing corrective actions. This role is responsible to document and report audit findings to management. We are looking for a career-level professional within field considered highly skilled and proficient in their discipline.
- Execute test procedures of critical technology functions, cloud-based infrastructure, cybersecurity, risk management, application, and third-party management.
- Perform risk assessments of business activities and perform relevant testing based on the risks and processes associated with the area being audited. Assist in communicating issues, risks and recommendations to all levels of management.
- Operate independently and ensure work is completed to schedule and meets our high-quality standards.
- Prepare clear, organized and complete documentation to support work performed.
- Develop and maintain strong and effective working relationships with key business partners and the extended Audit group.
- Leverage available data and analytical tools during the planning and fieldwork phases of audit delivery.
- Proactively follow-up on agreed audit actions to ensure management delivers their commitments within the agreed timescales.
- Proactively seek out learning opportunities to enhance skills and competencies related to role.
- Pursues annual re-certifications of FedRAMP, SOC2, ISO 27001 and others
- Other duties as assigned.
- Relevant Bachelor’s degree and at least 6+ years of relevant experience required.
- Type of Credentials/Licenses: GSNA, GCCC, GSTRT, CISSP, CISA, CISM, CAP, CIA, and/or CEH preferred.
- Exposure to relevant industry frameworks (e.g. NIST cyber security framework, NIST 800 series, FedRAMP, CIS benchmarks, etc)
- Experienced in Red/Blue/Purple Team exercises
- General IT knowledge in one or more of the following areas is required:
- Cloud environments
- Operating Systems (Windows, MacOS, *UNIX)
- Application development
- Project management
- Prior working experience with Cloud security preferred
- Strong analytical and time management skills.
- Self-starter and quick learner.
- Conducts complex, important work under minimal supervision and with wide latitude for independent judgment