Position Summary:This is an exciting role that will support a variety of audit, compliance and security initiatives! The individual will own the complete life cycle of internal audits, client-requested audits, and compliance reviews. The Information Security Auditor must have the ability to drive key relationships and collaborate with internal and external stakeholders to identify and manage operational and security risks. This position will also be a key interface with external auditors. This role will have direct influence over ongoing transformation of Netcracker's security posture.Role and Responsibilities:
Continually monitor the Netcracker IT control environment and identify key risks, related controls and gaps
Understand and drive adherence to corporate security policies and procedures
Maintain the RCM and track findings
Bridge cross-functional conversations to address control enhancement and finding remediation
Manage internal audits, external audits, and compliance reviews (e.g., SSAE 18, PCI-DSS, ISO)
Stay abreast of regulation and compliance changes and create awareness for control owners
Draft management attestations and representation letters
Conduct periodic risk assessments (e.g., vendor, insider threat, SANS Top 20)
Act as a liaison between internal and external stakeholders on IT controls and compliance areas
Assist with privacy compliance projects (e.g., GDPR, Data Privacy Framework)
Participate in various risk management initiatives and projects, as assignedRequired Experience:
2-4 years' experience in Big 4 IT Audit experience preferred
3-5 years' in Information Security, IT audit and/or IT Risk Management experience a plus
CISM, CISSP, CIA or CISA a plus
Working knowledge and understanding of COSO, COBIT, IIA International Professional Practices Framework (IPPF), SSAE 18, PCI-DSS, ISO 27001/27018/22301, NIST 800 standards and frameworks
Knowledge of relevant applications and technical platforms a plus: Windows Active Directory, Linux, Oracle, JIRA, Cisco and Fortigate Firewalls, SIEM tools, Nessus reports, Cloud architecture
Excellent project management skills with the ability to meet tight deadlines
Strong verbal and written communication skills
Highly developed interpersonal skills, with emphasis on collaboration, influencing and building strong long-term relationships
Proactively seeks guidance but can also work independently
Familiarity of GRC platforms
Education:
Bachelor degree in Information Systems Auditing, Computer Science, or related field