As an IT audit point of contact, the incumbent will coordinate audit processes and be the liaison for all IT audit requests. This position is also responsible for coordination of remediation activities through tracking and verification.
Involvement in planning activities of information technology, operational and compliance audits across the enterprise and assist with the coordination between IT and internal/external audit participants by acting as the liaison.
Coordinate with independent auditors in executing audit procedures for the organization, close-out and finalize audits / projects, identification and assessment of issues, review of supporting documentation, and the coordination of remediation activities.
Responsible for providing guidance and support for business units during applicable audits.
Creates and interprets information security policies and assists with their implementation and enforcement.
Conduct information security training and awareness activities (phishing and social engineering campaigns, newsletters, etc.).
Collaborate with Human Resources on the content and assignment of compliance training and related initiatives.
Work with various business partners to facilitate the completion of risk assessments and targeted compliance risk assessments.
Assist in the assessment and review of new vendors and/or new and existing technology to ensure adequate levels of control are in place to maintain compliance with security requirements.
Manage or assist with the onboarding of new information security compliance tools.
Monitor status of user security access reviews as well as handle the coordination of POS terminal inventory reviews across all locations.
Assist risk owners with identification of key risks and mitigating controls as well as action plans to address any gaps in the mitigating measures identified.
Monitor status and compliance with Payment Card Industry (PCI) standards.
Experience / Educations / Certifications
Bachelor’s degree with emphasis in related field or equivalent work experience.
5+ years’ of Security and IT Risk experience with regulatory, internal audit and/or compliance testing, including the development of remediation activities or steps.
An equivalent combination of education and/or experience may be substituted for the above requirements.
Experience with development of General Controls and/or IT Compliance related standards.
Working knowledge and exposure of IT Governance, Risk Management, and Compliance practices.
Working knowledge and understanding of ISO framework.
Experience with the audit process involving relevant regulatory requirements specific to General Data Privacy Regulation (GDPR), Sarbanes-Oxley (SOX), Payment Card Industry/Data Security Standard (PCI-DSS) and Privacy Shield.
Cybersecurity/ IT risk assurance expertise.
Experience with information security tools and utilities.