Information Technology Auditor II
Around $70,000 annually, DOE
Ideal start date: January 1, 2018
Also referred to as: Intermediate Level Information Systems Auditor, Information Systems Auditor II, Level II Information Technology (IT) Auditor, Information Technology Auditor II. Reports directly to the CISO. Occasionally directed in several aspects of the work.
Requirements and Responsibilities:
Audits information systems, platforms, and operating procedures in accordance with established corporate standards for efficiency, accuracy and security.
Evaluates Third party vendors and IT infrastructure in terms of risk to the organization and establishes controls to mitigate loss.
Determines and recommends improvements in current risk management controls and implementation of system changes or upgrades.
Maintains current governance, risk and compliance program and improves reporting analysis.
Participates in onsite audits to present status of current controls and policies.
Requires understanding of technology and the controls it addresses.
Must be fluent with networking and security technologies to determine risk associated with requested configuration changes.
Previous experience performing PCI audits is preferred to capture concepts such as segmentation, ingress/egress filtering, anti-virus, firewall/intrusion detection, OWASP, and multi-factor authentication.
Bachelors degree is preferred but may be substituted with relating experience.
Requires 2 to 4 years of related experience.
Some travel may be required, approx 5 times per year for 2-3 days.
Certifications: CISA, CCNA, Security+, CEH or relevant skills preferred but not required.