Information Security Auditor - Remote
Company: Center for Internet Security, Inc.
Location: East Greenbush
Posted on: October 23, 2024
Job Description:
Information Security Auditor - Remote
Job Locations
US
ID
2024-1978
Category
Information Security
Type
Regular Full-Time
Remote?
Yes
Overview
The Information Security Auditor is part of the Corporate
department, which resides on the Information Security team and
reports to the Information Security Audit Manager. The Information
Security Auditor will partner with other cybersecurity team members
to promote the CIS mission and help support our growth. The primary
purpose of this position is to evaluate and manage the control
implementation within the organization and measure compliance to
internal standards and best practices. The Center for Internet
Security (CIS) makes the connected world a safer place for people,
businesses, and governments through our core competencies of
collaboration and innovation. We are a community-driven nonprofit
responsible for industry-leading best practices for securing IT
systems and data. CIS is also a trusted resource for cyber threat
prevention, protection, response, and recovery for U.S. State,
Local, Tribal, and Territorial (SLTT) government entities and
election offices. CIS has an award-winning reputation for investing
in its people (click here to learn more), as well as continuous
learning and development. We offer our employees diverse
opportunities to expand their impact personally and professionally,
in their local communities, and among one another. Core Leadership
Principles drive our employees at every level of the organization,
empowering them to be leaders in everything they do. Salary Range:
$69,600 - $114,900 We offer a competitive total rewards package at
the Center for Internet Security:
- Base salary is determined on a number
of factors including, but not limited to, education, experience and
skills
- Health (PPO, EPO, HSA), Dental & Vision Insurance eligibility
starting from the first day of hire
- $500 wellness card for Health Coverage Participants
- 401(k) with 4% Company Match, vested from the first day of
hire
- Flexible Spending Account (FSA) & Dependent Care Account
(DCA)
- Life Insurance
- Bonding Leave
- Paid Volunteering Program
- Bonus eligibility
- Paid Time Off (PTO) inclusive of vacation, personal and sick
time
- Paid Holidays
- Wellness Program
- Employee Engagement Activities
- Professional Development Opportunities
- Tuition Reimbursement
- Student Loan PayDown Program
- Employee Referral program
- Employee Assistance Program
What You'll Do
- Define the required controls to be reviewed per the
documentation framework and control implementation strategy
- Responsible for reviewing and assessing control implementation
and effectiveness in accordance with the organization's information
security program, including privacy and artificial
intelligence
- Actively engage in the information security audit engagements
by serving as a liaison between external audit entities and
internal teams
- Coordinate with the business units within CIS to ensure that
there is alignment on the control requirements
- Demonstrated understanding of the audit frameworks, audit
artifact requests, and quality assurance process to ensure that the
artifacts provided meets the applicable criteria, including the
ability to recreate the artifacts
- Implement risk-based monitoring to define risk treatment
strategies and align to implemented control effectiveness when
performing the reviews of the artifacts
- Monitor security incidents, metrics, account review, and
perform incident response as necessary when deviations from
expected baselines occur
- Provide input into new strategies, technologies, and projects
within the organization to assure 'secure by design', 'privacy by
design' and adherence to current control requirements
- Responsible for ensuring program level compliance with
applicable laws, standards, and guidance
- Other tasks and responsibilities as assigned
What You'll Need
- Bachelor's degree in a related field*
- 3+ years' experience in IT auditing, security operations, or
related position
- Experience with the CIS control and compliance evaluation
requirements, examples would include (ISO27001, ISO27701, SOC 2,
NIST Cybersecurity Framework (CSF), NIST 800-53, NIST 800-171,
CMMC, etc.)
- Knowledge and application of the CIS Critical Security Controls
and MITRE Framework
- DHS Fitness/Suitability Determination
- The position is open to U.S. citizens and requires a favorably
adjudicated DHS Fitness Review for Public Trust Positions**It's a
Plus if You Have:
- Master's degree in either Computer Science, Cybersecurity, or
IT Compliance
- Non-Profit experience
- Contributed to or developed information technology policies,
standards, and procedures
- Experience with training end users, system administrators,
peers, and executives in regard to controls, compliance, and
cybersecurity best practices
- CISA certification
- COBIT5, FIBF, CJIS or other related frameworks for implementing
cybersecurity controls*Additional years of relevant experience or a
combination of an Associate's degree or equivalent and relevant
experience may be substituted for the Bachelor's degree. **Factors
that may cause a negative Fitness Review decision include:
- Criminal Conduct
- Dishonest Conduct
- Employment Misconduct
- Alcohol Abuse
- Drug Use (illegal drug use or use of a legal drug in a manner
that deviates from approved medical direction) Additionally,
illegal drug use includes the use of drugs that are illegal for
federal purposes despite being legal in select states and
countries, such as marijuana.)
- False Statements
- Financial Issues
- Have not resided in the US for three (3) of the past five (5)
yearsAt CIS, we are committed to providing an inclusive environment
in which the diverse backgrounds, experiences, and views of our
employees, members, and customers are valued and respected. It is
through this commitment that we are able to work together towards
our common mission: to make the connected world a safer place.
Keywords: Center for Internet Security, Inc., New Haven , Information Security Auditor - Remote, Accounting, Auditing , East Greenbush, Connecticut
Didn't find what you're looking for? Search again!
Loading more jobs...