This is a contract to hire position that is hybrid in Miami.****
IT Sr. Auditor who will serve as the liaison between the customer and the software development team via clearly documented process requirements. Work DSARs in ServiceNow system, execute playbook (excel), update system flows based on interviews, document analysis, business process descriptions, workflow analysis and use cases. Requires excellent verbal and written communication skills as well as excel. Will also perform access, SOC and control reviews as needed.
Leads, manages & executes audits of the information technology & cybersecurity control design and effectiveness in accordance with information technology & security, authoritative sources including the Enterprise Security Office corporate standards; Sarbanes Oxley (SOX); Control Objectives for Information and Related Technology (COBIT); National Institute of Standards and Technology (NIST); and/or International Organization of Standards (ISO). Leads & manages audits, projects, activities and remediation plans to mitigate information technology and security risks within LTS. Assesses the information technology control environment and recommends enhancements and improvements to control activities, measures and routines.
Principle Duties and Responsibilities:
- Leads, manages and/or executes internal, information technology audits and rigorous control self-testing programs to ensure controls are designed adequately and working effectively to mitigate information technology and security risks within agreed policies, procedures, standards and risk limits.
- Audits, assesses and ascertains that controls and processes are in place to ensure that information technology risks have been adequately managed and in line with business priorities.
- Defines information technology policy, standards and framework and proactively bridges the gap between control requirements, technical issues and business risks.
- Proactively manages changes in the industry, information technology governance and external risk compliance landscape.
- Ensure information technology risk management practices are embedded in the enterprise and that systems and data criticality and sensitivity are defined.
- Constructs corrective action plans for resolution of control weaknesses and provides expert guidance on how to avoid and prevent similar situations in the future.
- Define and deliver key performance indicators on audit issue and control weakness closure rate. Conduct testing and validation of remediation action plans and enhancements to control routines.
- Engage Enterprise Security Office as appropriate in support of security related control testing and remediation as warranted.
- Demonstrates effective working relationships with key stakeholders
- Incorporates business strategy into decision making process, mentors less experienced associates on strategies
Technical Skills
- Experience in managing and executing audits and assessments of information technology and security control environments.
- Strong awareness and knowledge of the following areas of information technology: cloud computing and security, governance, service management; and security authoritative sources providing control and control measurement best practices.
- Ability to provide expertise and recommended actions toward the design and operation of control measures and routines to ensure compliance with information technology and security standards, polices and applicable regulations.
- Must rely on extensive knowledge, ingenuity and professional experience to effectively manage ambiguity across varying levels of control environment maturity.
- Proactively researches / recommends changes to business processes, information management practices and controls as well as new applications of technology in assigned area
- Knowledgeable in all aspects of system development lifecycle; influences methodology
- Provides support and guidance to colleagues
- Aligns solutions with IT strategy and standards
Education and Experience
- Knowledge and experience auditing Information Technology and Cloud Security controls in accordance Sarbanes Oxley (SOX); Control Objectives for Information and Related Technology (COBIT); National Institute of Standards and Technology (NIST); International Organization of Standards (ISO), and/or other related authoritative sources and standards.
- 10+ years of technical audit and/or related governance experience with working knowledge of information technology governance, information technology quality assurance, and/or information security risk assessment.
- 8+ years audit experience assessing information technology, cloud security and related compliance and control measures.
- Preferred CCSP – Certified Cloud Security Professional, and Microsoft Certified: Microsoft Azure Fundamentals & Solution Architect
- sql scripting skills
- Strong knowledge of California Consumer Privacy Act and Data Subject Access Request Process.
- Knowledge of critical control environments & measures related to security architectures, systems and environments.
- Excellent communication and program management skills.
- Excellent Excel skills.
Additional Skills:
- Experience at working as a leader and collaborator in a team-oriented environment is essential.
- Can conform to shifting priorities, demands and timelines through analytical and problem-solving capabilities.
- Reacts to project adjustments and alterations promptly and efficiently.
- Flexible during times of change.
- Ability to read communication styles of team members and contractors who come from a broad spectrum of disciplines.
- Persuasive, encouraging, and motivating.
- Ability to elicit cooperation from a wide variety of sources, including upper management, clients, and other departments.
- Ability to defuse tension among project team, should it arise.
- Ability to bring project to successful completion through organizational dynamics.
- Strong written and oral communication skills.
- Strong interpersonal and operational skill sets.
- Adept at conducting research into project-related issues and products – strong analytics skills.
- Must be able to learn, understand, and apply new technologies.
- Ability to effectively prioritize and execute tasks in a high-pressure environment is crucial.
- Tenacious, driven, energetic and a high degree of professional integrity.
- Influences others and works with integrity and ethically; upholds organizational values
- Sensitive and responsive to internal and external needs; implements new solutions
- Promotes a supportive and collaborative teamwork environment across diverse groups
- Evaluates interdependencies; thinks critically / systemically when solving problems
- Behaves as a role model for proper behavior related to diversity