Job Description- Auditor
As an IT Auditor – External Audit, you will organize and facilitate information system audits and security special reviews for third party audits of multiple SaaS, PaaS, and IaaS services within the Oracle Cloud Infrastructure.
- Develop detailed audit execution plan
- Work with multiple teams and personnel to gather audit evidence within specified timelines
- Report on audit status and corresponding problems to management
- Plan and execute service gap assessments reviews as assigned
- Identify, interpret, and evaluate Information Security risks and translate those into Business Risks
- Advise technical team members on methodologies to be compliant with a given set of controls
- Present findings to audited technical teams and negotiate suggested action plans
- Maintain solid fundamental understanding of Oracle Cloud services at a technical resource
- Foster a positive work environment by soliciting feedback from colleagues and developing the skills of staff auditors
- Provide feedback and support to update and maintain audit processes
- Promote a risk-conscientious environment; ensure efficient and effective risk and compliance management practices by adhering to required standards and practices
- Project manage and act as liaison with external auditors
- Assign and oversee the collection of audit evidence
- Other duties as assigned
- Bachelor’s Degree in Business Administration, Computer Science, Information Systems Administration or an alternative technology related field.
- 3-5 years of Information Security, Internal Audit, or relevant IT audit or compliance experience.
- Knowledge of at least one of the following compliance frameworks: SSAE 18 (SOC 1, SOC 2, SOC 3), ISAE3402/3000, ISO27001/ISO27002, PCI-DSS, CSA STAR or HIPAA.
- Knowledge of Cloud delivery models
- Good understanding and knowledge of business risks related to IT system general controls, systems / applications development, change management, logical access security, security technologies, local area network and wide area network concepts, contingency and recovery.
- Working knowledge of technology infrastructure (UNIX and Windows environments, Routers Firewalls, Networking protocols, Cloud Services, Encryption, and/or Data Loss Prevention products).
- Can communicate well with virtual teams
- Excellent analytic, oral and written communication skills
- Open travel requirements (25%) with occasional travel overseas
- Prior experience with Cloud delivered services
- CISA, CISSP, CISM, or other relevant certification preferred
- PCI Experience a Plus
- Previous experience in compliance consulting a plus
- Experience in Financial Services or Public Accounting a plus
- Experience with Sarbanes-Oxley a plus
Detailed Description and Job Requirements
Executes security controls to prevent hackers from infiltrating company information or jeopardizing e-commerce programs.
Researches attempted efforts to compromise security protocols. Maintains security systems for routers and switches. Administers security policies to control access to systems. Maintains the company*s firewall. Uses applicable encryption methods. Provides information to management regarding the negative impact on the business caused by theft, destruction, alteration or denial of access to information.
Job duties are varied and complex; independent judgment needed. May have project lead role. Prefer 5 years relevant experience and BA/BS degree.