Job Details

Email to Friend Save Back

Cybersecurity Audit Analyst

DURHAM-27709, NC, US
04/25/2020

-

Required Skills

Agile methodology

Company

Infinity Consulting Solutions, Inc

Experience

3 to 5 Year(s)

Job Description

Infinity Consulting Solutions (ICS) is currently sourcing for a Cybersecurity Audit Analyst to work in our client’s Enterprise Cybersecurity group in Durham, NC.

Enterprise Cybersecurity

Our Client’s ECS provides centralized cybersecurity services and governance for the enterprise.

The organization is structurally aligned with the National Institute of Standards and Technology (NIST) Cybersecurity Framework Core Functions (i.e., Identify, Protect, Detect, Respond and Recover).

It offers outstanding services including, but not limited to, cybersecurity architecture and engineering, development and operations, detection and response, enterprise policy administration and exception management, information security administration, risk assessment, penetration testing, secure code review, disaster recovery management, vendor technology risk review and management of external audit programs (e.g., ISO27001, SOC1).

Position Overview

The Enterprise Cybersecurity (ECS) Internal Audit Engagement (IAE) team is seeking an experienced cybersecurity risk professional to support and partner with 4 ECS Product Lines (ECS PLs) and the client’s Corporate Audit function.

The role supports ECS’s goal of cyber risk reduction and requires steadfast engagement and partnership with ECS PLs and Audit.

From audit kickoffs, through Audit fieldwork, assessment of Audit observations, tracking of ECS remediation and ultimate closure of issues, the IAE team member must strike a balance between appropriately prioritizing ECS PLs’ response while also ensuring Audit’s observations are addressed.

Primary Responsibilities

Partner with ECS Product Lines (PLs) to gain in-depth understanding of PLs and PL roadmaps, backlogs, etc.

Partner with Audit and ECS PLs to confirm reported Audit observations as "complete (stable) and "valid before ECS PL contributes to a response (plan) to address observation.

Partner with ECS PLs on drafting responses (Action Plans, Plan-for-Plans) to address valid Audit observations.

Partner with ECS PLs to ensure Action Plans and Plan-for-Plans have accurate target completion dates, detailed conditions of closure, and single accountable ownership.

Track PL audit issues to ensure status/health of PL efforts.

Support IAE Early Warning System (proactive engagement, identification and customer concern of risks.

Partner with IAE scrum master to ensure PL work reflected on IAE and PL Product team Jira boards/backlogs.

Engage ECS peers for cross-PL/product efforts where there are shared responsibilities and/or
dependencies.

The ideal candidate for this role will have the following skills and/or knowledge

Understanding and experience within a Cyber Security organization/culture (vulnerabilities and attacks, systems at risk, defenses/countermeasures, policies, etc.).

Experience working with a Corporate Audit function.

Experience with Agile methodology.

Ability to collaborate and work across ECS PLs to address risks.

Investigator/analyst approach to deep dive into Audit findings to understand and communicate material risks and appropriate responses.

Strong problem-identification and problem-solving skills

Ability to work independently and as part of team.

Excellent written, verbal and presentation skills.

Ability to influence and motivate change.

Education and Experience

Bachelor’s degree in a technology, computer science or engineering strongly preferred.

3+ years of demonstrable experience in cybersecurity risk management or technology operations.

5+ years of proven experience managing projects end-to-end.

Basic understanding of NIST Cybersecurity Framework core standards and practices, COBIT 5 for Risk, and FAIR risk management framework.

Certification a plus: CISSP (Information Systems Security Professional), CEH (Certified Ethical Hacker), CISA (Certified Information Systems Auditor).