Principal IT Security Auditor

Clarabridge   •  

Reston, VA

Industry: Software

  •  

8 - 10 years

Posted 409 days ago

Are you passionate about security in the cloud? Are you looking for a place to put your skills in vulnerability management, penetration testing to use on the latest cloud based technologies? If so, Clarabridge may be the place for you!  Below is a snapshot of our Principal IT SecurityAuditor role within our Security team. If this role takes your fancy and you are in interested in a career at Clarabridge pleaseapply here and let's chat - we are always keen to speak to highly talented and passionate people! 

 

The auditor shall perform internal audits and oversee or assist with handling inquiries from external auditors and assessment, as well as analyzing customer security requirements, ensuring security program adequately supports requirements through technology, procedures, and processes.  Additional duties include contract review and contributing to the development and implementation of security policies and procedures that address regulatory, compliance, and privacy.  Further, the incumbent shall assist with identifying current and emerging compliance and privacy requisites, and possess experience with developing and evaluating controls for a variety of regulations and assessments, such as ISO 27000 series, HIPAA/HITRUST, SOC, FISMA, FedRAMP, and PCI and have familiarity with international data protection (EU-U.S. Privacy Shield, GDPR, etc.).

 

What you'll do:

The Principal IT SecurityAuditor reports to the Senior Director, Information Security and has the following responsibilities:

  • Developing and executing audits to find gaps in software, configurations, policies, procedures, and processes.
  • Cataloging results and communicating findings, including recommendations, to key stakeholders.
  • Applying expertise and contributing to multiple complex activities in support of audits, penetration testing, security operations, applications, platforms, operating systems, corporate policies, and procedures and compliance.
  • Developing metrics and reporting key risk indicators.
  • Designing and performing IT and infrastructureaudits related to information security policy, regulations, governance, and othersecurity-related provisions and best practices.
  • Managing and coordinating audit-related activities with internal stakeholders and external auditors, and validatingcontractual obligations to ensure compliance.
  • Actively track and communicate constraints, conflicts, or gaps to existing processes, as well as tracking global cross-functional team remediation.
  • Monitoring and tracking best practices and emerging compliance changes/impacts for continuous improvement opportunities.

 

About you:

This position requires or prefers the following competencies for this position:

  • Master’s degree with at least three years or a bachelor's degree with at least seven years of relevant technical or business experience and project management experiencepreferred.
  • Experience working with a SaaS vendor a must. Big 4 auditing firm and/or Federal Government, conducting internal audits, penetration testing, code review, and engaging with internal and external customers is strongly may be considered if the experience is commensurate to SaaS vendor.
  • Experience with NIST, ISO, HITRUST, SOC and PCI a must.
  • Hands-on experience mapping various audit standards (NIST, COBIT, CSA, Federal, etc.) and hands-on auditing of data center (IaaS and SaaS) operations is required.
  • Experience with EU-U.S. Privacy Shield and otherinternational data protection regulations (e.g., GDPR) strongly desired.
  • Professional certifications CISA is required, and CISSP, CISM, CCSP or othersecurity/audit-related and PMP certifications are desired.
  • Must have familiarity with industry acceptable practices regarding systems, networks, and a variety of the security concepts, practices, and procedures.
  • Excellent analytical, strong communications, and soft and hard skills, with the ability to speak to a variety of audiences about complex security and business matters.
  • Penetration testing and code review experience is also desirable.
  • Experience with contracts is required.
  • Able to perform and prioritize a variety of tasks and be self-directed.