The IT Audit Governance team is responsible for monitoring the effectiveness of cybersecurity, technology, and operational controls, and ensuring regulatory compliance. This position has exposure across the company and exposes team members to a wide set of IT general security controls (i.e., access management, change management, logical security) and remediation activities including developing and coordinating meaningful process improvement strategies.
What You'll Do
? Primary responsibilities include conducting regular reviews on access rights of users and working with management to design and/or revise system user roles to align with user’s roles and responsibilities.
? Facilitate user access reviews for a variety of systems including on-prem servers (Windows & Linux), databases, applications, cloud resources, etc. manually or using automated access review tools.
? Familiarity or willingness to learn IGA tools such as SailPoint IdentityNow, Sonrai Security
? Prepare and scope reviews, while meeting with stakeholders to develop an understanding of the business and technology and identifying the key risks and controls to be assessed
? Participate in meetings with process and control owners to ensure enterprise level access controls are properly created to address any access related risks identified by management.
? Facilitate and track audit remediation activities with stakeholders to completion
? Work with internal auditors and regulatory examiners to collect and prepare requested documents and consulting with stakeholders on remediation efforts.
? Perform special projects related to cybersecurity as assigned by management.
? Assess the effectiveness of controls to mitigate identified risks and offer solutions for process improvements related to audit remediation efforts
? Analyze material risks as they relate to priorities and overall strategy by monitoring internal and external factors and applying key business initiatives
Minimum Qualifications- Education & Prior Job Experience
? Bachelor’s degree in information technology or other related field experience
? Experience in audit roles or a related control function - relevant certification or industry accreditation (e.g., CPA, CFA, CIA) encouraged
? Working knowledge of ITSM/ITAM, regulatory compliance (SOX, PCI DSS, GDPR/PII and HIPAA) and cybersecurity principles
? Strong proficiency in basic PC applications (Excel, Word, PowerPoint) with a general understanding of simple data analysis techniques like VLOOKUP, Pivot Tables etc.
? Excellent critical thinking and problem-solving skills with the ability to learn industry standards (NIST 800-171, NIST 800-871)
? Strong written and oral communication skills, PC skills, team building skills and the ability to work independently