Senior Information Systems Auditor

Description

Audit and Compliance Expertise:

• Review existing audit findings and exceptions to ensure compliance with standards.
• Assess IT policies for alignment with governmental regulations and industry standards.
• Evaluate processes related to data processing, data security, and programming guidelines.

IT Governance Knowledge:

• Familiarity with SOC 1, SOC 2, and SOC 3 reporting frameworks.
• Knowledge of standards such as NIST, ISO 27001, GDPR, CCPA, HIPAA, or other relevant regulations.

Tools and Technology:

• Experience with GRC (Governance, Risk, and Compliance) tools like RSA Archer, ServiceNow GRC, or MetricStream.
• Familiarity with audit tools and frameworks for compliance tracking and reporting.

Policy Development and Documentation:

• Edit and draft IT policies to mitigate risks and support organizational compliance objectives.
• Ensure documentation aligns with regulatory requirements and industry best practices.

Risk Assessment and Mitigation:

• Identify potential risks and vulnerabilities within IT systems.
• Recommend enhancements to mitigate risks in compliance with state and federal laws.
• Proactively address and resolve outstanding audit findings.
• Draft Corrective Action Plans for existing and new audit findings.

Analytical and Communication Skills:

• Strong ability to analyze complex systems and identify areas for improvement.
• Excellent written communication skills for policy drafting and audit documentation.
• Effective collaboration with stakeholders to address compliance gaps.

Education and Qualifications:

• Overall, 10 years of experience in relevant fields.
• Bachelor’s or Master’s degree in Information Technology, Cybersecurity, or related disciplines.

Certifications (one or more of the following):

• Certified Information Systems Auditor (CISA) – ISACA
• Certified Information Systems Security Professional (CISSP) – (ISC)²
• Certified Risk and Information Systems Control (CRISC) – ISACA