Previous Job
Previous
Enterprise Security Consultant
Ref No.: 18-10840
Location: Dallas, Texas
Title: Information Security Analyst/Auditor
Duration: 6-12 months possible convert
Location: Dallas, TX – candidate will work mostly remote but is expected to come to Dallas office for team meetings, hiring manager is based in Dallas (may consider Palo Alto as a secondary option)
 
Hiring Manager’s Note:
Need Infosec expertise to manage customer audits, will interact with customer to explain process. Need someone outgoing and with good communication that can interface with customers
Someone that has audit experience but does not have to be auditor, familiar with one or two standards
CISSP or CISA would be preferred
Experience in general IT/networking or cloud would be a plus
 
Job Description:
Client is the leading provider of collaborative business commerce solutions. Client’s combines industry-leading software as a service (SaaS) technology to optimize the complete commerce lifecycle with the world's largest web-based community to discover, connect and collaborate with a global network of trading partners and expert capabilities to augment internal resources and skills, delivering everything needed to control costs, minimize risk, improve profits and enhance cash flow and operations – all in a cloud-based environment. Whether you’re buying, selling or managing cash, you can do it more efficiently and effectively in the Client’s® Commerce Cloud. Over 300,000 companies, including more than 80 percent of the Fortune 500, use Client’s solutions to drive more efficient inter-enterprise commerce.
Security and Privacy are vital components of Client’s success as a cloud company. Our customers entrust us with their Confidential Business Transactional Data and some Personally Identifiable Information because of the value that we add by processing that data for them. Client’s Trust Office team is responsible for identifying, assessing and managing threats, vulnerabilities, and associated risks to Client’s information assets and resources. This includes providing expertise and operating and maintaining various integrated security technologies to protect the integrity, confidentiality and availability of all information resources throughout a highly distributed cloud environment. Success will depend upon building rapport and credibility with multiple stakeholders across Client’s. As a leader in Cyber Security, this candidate will have opportunities to mentor, support, and contribute to goals and initiatives that ensure the secure usage of technology, industry standards, and best practices. If you want to be a game changer in building confidence in the cloud for our customers, consider joining our team. We are looking for ambitious people who thrive in a dynamic environment, are passionate about security and ready for a challenge.
The Sr. Compliance Audit Analyst evaluates, tests, documents, tracks, and improves security and privacy controls and collaborates with Operations, General Counsel and Risk Management, Security Services and other stakeholders to ensure customer requirements and contractual and service level deliverables are met. The auditor will work with a client to provide an audit of security systems used by that Client’s including testing of policies to determine whether there are risks associated with them. The auditor may interview members of the staff to learn about any security risks. The audit reports will outline whether the system runs effectively and make changes where necessary to improve the system.
Responsibilities:
• Review existing security and privacy compliance controls for customer, contractual, regulatory, and policy requirements and perform the necessary gap analysis. Consider future industry certifications such as FedRAMP, HIPAA and ITAR.
• Prepare control implementation evidence including process, policy, data flow diagrams etc.
• Design audit/compliance programs, working closely with internal teams to ensure audit readiness, design control language and communicate control strengths and weaknesses.
• Create and maintain internal and external audit schedules and prioritize, facilitate and track audit related processes, activities, tasks and deliverables.
• Describe, evaluate and support testing of manual and automated controls throughout the environment, in liaison with internal and external auditors.
• Interpret results and validate adequacy, reliability and effectiveness of controls.
• Work with business owners on remediation plans that address identified gaps based on severity of risk and non-compliance.
• Identify, document and elevate visibility to information risk that creates potential for exposure to the company.
• Apply COBIT5, COSO, ITIL, ISF, OWASP, ISO 27K or NIST frameworks to all documentation and remediation efforts.

Requirements
To be successful, the ideal candidate must be passionate about our customers, partners and technology. Success will depend upon building rapport and credibility with multiple stakeholders across Client’s. As a leader in Cyber Security, this candidate will have opportunities to mentor, support, and contribute to goals and initiatives that ensure the secure usage of technology, industry standards, and best practices.

• 5+ years of experience in information security and privacy audits and risk/gap assessments.
• Knowledge of Cloud Security concepts, techniques, tools, methods and best practices including DLP, encryption, vulnerability management, GRC, segregation of duties, IT infrastructure and software change management, security, availability, incident handling, and data transmission integrity.
• Understanding of technology use, trends and risks as it applies in a business context and environment.
•Ability to communicate complex security risks to non-technical staff
• Ability to develop and track key performance indicators (KPIs) and metrics for benchmarking and operational success.
• Strategic mind-set to ensure a clear focus on the go forward agenda and the ability to apply risk based decisions balancing cost/opportunity and risk.
• Knowledge of key security and privacy principles and standards including SOC 2, PCI-DSS, BSI, and regulatory requirements (GDPR, etc.).
 
The ideal candidate will have the following qualities:
• Business acumen and track record of working with internal teams and external parties to see the “big picture”, understand technical architectures, perform gap analysis against requirements and achieve business goals.
• Knowledgeable in Cloud Security, Application and Web Application Security and the concepts, techniques, tools, methods and practices used to secure them.
• Demonstrated self-starter qualities of independence, initiative and creativity.
• Organized and execution/results oriented with excellent planning and multi-tasking abilities.
• Strong verbal and written communication skills and ability to influence others.


Education

• Bachelor’s Degree in MIS, Computer Science, or other related field, with focus on Information Security.
• Industry certifications including relevant SANs, CISSP, CRISC, CIPP, CIPM, CIPT and/or CISA.
Client is an EEO/Affirmative Action employer and does not discriminate based on race, religion, color, national origin, gender, sexual orientation, age, disability, veteran status, or any other protected category.