Senior IT Security Auditor
Are you passionate about security in the cloud Are you looking for a place to put your skills in vulnerability management, penetration testing to use on the latest cloud-based technologies If so, Clarabridge is the place for you. We are seeking a Senior IT Security Auditor to join a highly successful team within a fast-paced growth company.
Our security mission: Clarabridge strives for customer confidence and trust by delivering software that provides security and privacy for data protection throughout the customer lifecycle backed by globally recognized standards, compliance, and regulatory drivers.
We are looking for a Senior IT Security Auditor who is a multi-faceted person with a passion for global audit, compliance, and privacy activities, ensuring administrative, physical and technical safeguards for data protection, including access control, intrusion detection, virus protection, incident response, security engineering, architecture, cyber, and many other regulatory considerations. You must possess an excitement for ensuring organizations processes map to policy, regulatory, and industry best practices for data protection and privacy while showing value to others about this important but often feared organizational imperative.
You will perform internal audits and oversee or assist with handling inquiries from external auditors and assessment, as well as analyzing customer security requirements, ensuring security program adequately supports requirements through technology, procedures, and processes. Additional duties include contract review and contributing to the development and implementation of security policies and procedures that address regulatory, compliance, and privacy. Further, you will assist with identifying current and emerging compliance and privacy requisites and possess experience with developing and evaluating controls for a variety of regulations and assessments, such as ISO 27000 series, HIPAA/HITRUST, SOC, FedRAMP, and PCI and have familiarity with international data protection (EU/Swiss-U.S. Privacy Shield frameworks, GDPR, etc.).
About the role:
The Senior IT Security Auditorreports to the Senior Director, Information Security and has the following responsibilities:
- Developing and executing audits to find gaps in software, configurations, policies, procedures, and processes.
- Cataloging results and communicating findings, including recommendations, to key stakeholders.
- Applying expertise and contributing to multiple complex activities in support of audits, penetration testing, security operations, applications, platforms, operating systems, corporate policies, and procedures and compliance.
- Developing metrics and reporting key risk indicators.
- Designing and performing IT and infrastructureaudits related to information security policy, regulations, governance, and other security-related provisions and best practices.
- Managing and coordinating audit-related activities with internal stakeholders and external auditors and validatingcontractual obligations to ensure compliance.
- Actively track and communicate constraints, conflicts, or gaps to existing processes, as well as tracking global cross-functional team remediation.
- Monitoring and tracking best practices and emerging compliance changes/impacts for continuous improvement opportunities.
This position requires or prefers the following competencies for this position:
- Master’s degree with at least three years or a bachelor's degree with at least five years of relevant technical or business experience and project management experiencepreferred.
- Experience working with a SaaS vendor a must.
- Big 4 auditing firm or consulting experience a plus.
- Hands-on experience conducting internal audits, penetration testing, code review, and engaging with internal and external customers is strong may be considered if the experience is commensurate to SaaS vendor.
- Experience with ISO, HITRUST, PCI, NIST, and SOC a must.
- Experience with GRC applications desired.
- Hands-on experience mapping various audit standards (NIST, COBIT, CSA, Federal, etc.) and hands-on auditing of data center (IaaS and SaaS) operations are required.
- Experience with EU-U.S. and Swiss-U.S. Privacy Shield frameworks and other international data protection regulations (e.g., GDPR) strongly desired.
- Professional certifications CISA is required, and CISSP, CISM, CCSP or other security/audit-related and PMP certifications are desired.
- Must have familiarity with industry accepted practices regarding systems, networks, and a variety of security concepts, practices, and procedures.
- Excellent analytical, strong communications, and soft and hard skills, with the ability to speak to a variety of audiences about complex security and business matters.
- Experience with contracts is desired.
- Have a strong passion for audit and be able to perform and prioritize a variety of tasks, be self-directed.