The senior analyst internal audit will be part of a global function, and help lead the organization’s various information security audit, compliance, enterprise risk management, and data protection initiatives. This individual will work within the Internal audit function in the Global compliance and continuity team, whose responsibility it is to collaborate with internal and external stakeholders to ensure controls are in place to meet information privacy, security, regulatory and contractual requirements, and to maintain risks at acceptable levels. The individual should be well-grounded in leading practices in cybersecurity, to assist in sustaining a secure and compliant enterprise.
The primary responsibilities include managing and facilitating Ensono internal audit program for security and compliance. Security control framework is designed to address organizations requirements to meet the industry standards related, but not limited to, the following frameworks: PCI DSS, SSAE18 SOC 1 SOC 2, ISO 27001, ISO 27017, ISO 22301, ISO 20000, ISO 9001, GDPR, HIPAA, ITAR and FEDRAMP. In the capacity of senior analyst internal audit, the individual must be able to independently perform audits based on this control framework. As a senior analyst, the candidate must also be able to define new controls based on the organization’s business requirements. Proficiency in auditing techniques like sampling, interviewing, analyzing configuration’s, etc. are highly desired.
The individual will also assist in facilitating applicable third-party audits and evaluations of Ensono. This position is key to overseeing our organization’s deployment of controls and adherence to applicable requirements to help manage risk. The fundamental objective is to provide reliable assurance to our internal and external stakeholders that Ensono is doing the right things to safeguard the enterprise and positioned to continuously deliver on its obligations.
DUTIES AND RESPONSIBILITIES
Manage and oversee the maintenance of technical and organizational controls across multiple technology platforms and diverse system environments within scope of our industry certifications and attestations (ISO, PCI DSS, SSAE18, etc.)
Facilitate internal and external audits and work directly with Ensono service auditors, customers, and their auditors.
Manage internal audit program and optimize the process for better efficiencies.
Work on SOC 1, SOC 2 certification programs
Test technical controls n the enterprise across a diverse platforms including, but not limited to, Windows, Unix/Linux, virtualization, Mainframes, network, storage, etc. and Cloud platforms like AWS, Azure, GCP.
Provide guidance on framework-based information security and privacy requirements
Participate in enterprise risk management, including conducting risk assessments, maintaining an enterprise risk register and the application of remedial actions
Identify process gaps and assist with the plans for remediation.
Participate in strategic planning and design of controls, and continuous improvement
Work with business units to understand key controls and processes
In an advisory capacity, lead and provide guidance to teams to achieve desired results on a range of issues related to data protection, information security, risk management, regulatory compliance, product ideation and go-to-market initiatives
SUPERVISORY RESPONSIBILITIES This position does not have direct reports but may mentor less experienced associates in the role.
4-year Bachelor’s degree in computer science, information security, information technology or related fields (years of experience will be considered)
Maintains 1 or more professional certifications such as CISA, CISSP, CISM, CRISC, CGEIT, CIPP/T, QSA/ISA
Knowledge of leading practices in information security and governance frameworks
Experience in performing technical audits, privacy and security risk assessments for IT infrastructure including Windows, Unix/Linux, virtualization, Mainframes, network, storage, etc. and Cloud platforms like AWS, Azure, GCP.
Experience with working with auditors and facilitating audits
Knowledge of the SSAE18 SOC 1 SOC 2 standards, PCI DSS, ISO 27001, ISO 27017
IT process knowledge in areas such as user access management, change control, incident management, networks, systems operations, security, compliance and risk management
Good understanding of IAAS and PAAS cloud services.
Understanding of control concepts and processes
Strong customer relationship and interpersonal skills
Excellent written and verbal communication skills
Honesty, curiosity, reliability, passion and collaboration – the foundation of Ensono’s culture
What will set you apart:
Hands-on experience managing SOC and ISO programs/certificates (including the following: SSAE18 SOC 1 SOC 2, ISO 27001, ISO 27017, 9001, 22301 and 20000)
Knowledge of the PCI DSS, GDPR, UK DPA, FEDRAMP, ITAR
Understanding of private and public cloud platforms and modern technologies like AI.
Advanced degree in technology, information security or related fields
Technical background or training in IT business systems
Prior related consulting experience in cybersecurity, privacy or compliance
General knowledge of technology outsourcing methodologies, operations and cloud computing