GDH has partnered with an enterprise organization in need of a Cyber Security Auditor Lead. The Cyber Security Auditor Lead works independently and within teams to process all work related to developing, planning, and executing internal cyber security audits. The Security Auditor Lead will use these audits to determine the adequacy, efficiency, and effectiveness of the internal security measures of IT Department and all technology systems. The Security Auditor monitors the compliance and regulatory landscape, prepares compliance evidence and reviews, creates process documentation, and otherwise contributes to the development and maintenance of a sound information security program. The Auditor must drive progress, using influence to ensure that security controls are enforced. The Auditor acts as the subject matter expert for all PCI compliance issues and facilitates preparation of annual Report on Compliance. They will also contribute to the yearly HIPAA and Data Privacy audits as well. The Auditor contributes to the completion of financial audits by gathering and producing evidence and exhibits relating to IT controls.
· Plan and execute audits focusing on information security, developing necessary tools, techniques, and programs to facilitate repeatable processes.
· Develop audit findings including recommendations for improvements in policies, procedures, and methods.
· Act as the primary IT interface with Internal auditors, financial auditors, PCI auditors, HIPAA auditors, Privacy auditors and any other external auditors as required. Provide any requested information and arrange meetings with personnel. Provide responses and compensating controls to audit comments.
· For the above, ensure that security procedures are being followed, enforce best practices, ensure corrective action is taken, when necessary, recommend changes to procedures, and initiate projects to correct problems.
· Conduct periodic audits to ensure that user provisioning and decommissioning process are working as expected and in a timely manner.
· Keep informed of changes in equipment, infrastructure, or technology that require changes to existing audit and compliance procedures.
· Recommend changes in policies and procedures to Sr. GRC Lead or Director of Cyber Security then implement changes according to prescribed approval process.
· Ensure that corrective action is taken whenever audits reveal deviations from applicable policies, procedures, or standards violations.
· Ensure compliance with relevant industry and governmental standards, including but not limited to the Payment Card Industry Data Security Standard and HIPAA Standards (as it relates to IT practices).
· Keep apprised of changes to standards and inform leadership of material changes requiring mitigation.
· Facilitate the completion of annual PCI, HIPAA, Data Privacy audits then submit result to relevant internal and external parties.
· Participate in the creation and upkeep of information security processes and documentation.
· Participate in the general functions related to IT governance, risk, and compliance, including participation in the IT risk assessment process.
· Provide security support to IT Department and the company at large.
· Troubleshoot and resolve security issues and problems for systems.
· Resolve problems and communicate solution to customers.
· Participate in design and implementation of end-user security strategy for new systems.
· Attend project meetings that require regulatory, compliance, or IT risk presence, meet with business owners as needed.
· Participate in the evaluation and installation of third-party security tools.
· Attend training, professional group meetings, seminars, and read publications to remain current on trends, products, tools, and vendors, and how they apply.
Associates degree, preferably in MIS or Computer Science or equivalent work experience.
6 years of experience in technical areas of IT. Three or more years of experience with Security and/or standards administration. Experience with IT auditing methods and procedures. Experience with the PCI-DSS standard (preferably in retail), IT related HIPAA, and Data Privacy compliance.
Strong understanding of IT cybersecurity controls, risk/compliance frameworks such as ISO, COBIT and NIST, and compliance standards such as HIPAA, PCI DSS, and awareness of Privacy compliance such as GDPR/CCPA. Knowledge of data analysis tools for auditing purposes. Strong written and verbal communication skills with a keen attention to detail. Strong business process skills across the IT organization with project management skills.
Knowledge of Active Directory and Microsoft servers. Knowledge of AS/400 systems, web filtering software, and endpoint security software.