Title: Product Security Compliance Assessor (IT Auditor)

Pay Rate Range: $48 - $54

Remote Position: Yes (US person)

Duration: 5 months with possibility of extension

Start Date: ASAP

Job Description:

• Help to interpret the relevant, applicable government regulations.
• Work with different teams including Legal, Cybersecurity, Finance, IT Operations, R&D, Products, and other stakeholder teams to coordinate control requirements, reporting and mapping to policy, regulation, and best practice.
• Work with stakeholders to build plan of actions and milestones, track progress against gaps, and communicate changes or risks to plans in a timely manner.
• Identify, document, and report control deficiencies and associated recommendations for improvements.
• Develop and communicate reports to describe regulatory risks and associated remediation actions.
• Understand current information security regulatory applicability and monitor for upcoming regulatory changes and revisions.
• Support the alignment of the policies and standards to both regulations and best practices.
• Review and challenge to support compliance with policies, standards, and regulations.
• Evaluate, operate, and maintain tools or artifacts to capture and publish regulatory assessment results.
• PM, Design, and implement compliance solutions to stabilize and operationalize responsible program(s).

Requirements:

• Bachelor’s degree in computer science, Information Security, or a related field.
• Strong communicator to present to all levels.
• Experience in interpreting regulatory requirements and policies.
• Experience in conducting compliance and gap assessments and designing metrics.
• IT audit experience required
• Knowledge of NIS800-218/Secure Software Development Framework, EU NIS 2 Directives, and Cybersecurity Resilient Act. Understand what the regulation is
• Experience in applying security best practices within an SDLC framework.
• Familiarity with various SDLC methodologies (e.g., Agile, Waterfall).
• Experience with security automation tools for SDLC.
• Ability to prioritize tasks, manage deadlines, and work independently.
• Ability to independently run in a fast-paced environment and proactively identify and bridge knowledge gaps.
• Candidates with 5+ years of relevant experience preferred with the above requirements.
• CIA/CISA/CRISC, or CISM preferred.
• Big 4 (KPMG, PwC, Deloitte or EY) IT audit experience or from reputable public accounting firm such as BDO, Grant Thornton or Crowe.