IT Auditor
1 month ago
Santa Clara, United States
Certified Employment Group
Full time
Job DescriptionJob DescriptionTitle: Product Security Compliance Assessor (IT Auditor)
Pay Rate Range: $48 - $54
Remote Position: Yes (US person)
Duration: 5 months with possibility of extension
Start Date: ASAP
Job Description:
- Help to interpret the relevant, applicable government regulations.
- Work with different teams including Legal, Cybersecurity, Finance, IT Operations, R&D, Products, and other stakeholder teams to coordinate control requirements, reporting and mapping to policy, regulation, and best practice.
- Work with stakeholders to build plan of actions and milestones, track progress against gaps, and communicate changes or risks to plans in a timely manner.
- Identify, document, and report control deficiencies and associated recommendations for improvements.
- Develop and communicate reports to describe regulatory risks and associated remediation actions.
- Understand current information security regulatory applicability and monitor for upcoming regulatory changes and revisions.
- Support the alignment of the policies and standards to both regulations and best practices.
- Review and challenge to support compliance with policies, standards, and regulations.
- Evaluate, operate, and maintain tools or artifacts to capture and publish regulatory assessment results.
- PM, Design, and implement compliance solutions to stabilize and operationalize responsible program(s).
Requirements:
- Bachelor’s degree in computer science, Information Security, or a related field.
- Strong communicator to present to all levels.
- Experience in interpreting regulatory requirements and policies.
- Experience in conducting compliance and gap assessments and designing metrics.
- IT audit experience required
- Knowledge of NIS800-218/Secure Software Development Framework, EU NIS 2 Directives, and Cybersecurity Resilient Act. Understand what the regulation is
- Experience in applying security best practices within an SDLC framework.
- Familiarity with various SDLC methodologies (e.g., Agile, Waterfall).
- Experience with security automation tools for SDLC.
- Ability to prioritize tasks, manage deadlines, and work independently.
- Ability to independently run in a fast-paced environment and proactively identify and bridge knowledge gaps.
- Candidates with 5+ years of relevant experience preferred with the above requirements.
- CIA/CISA/CRISC, or CISM preferred.
- Big 4 (KPMG, PwC, Deloitte or EY) IT audit experience or from reputable public accounting firm such as BDO, Grant Thornton or Crowe.