The task will be to support technology security and privacy audits and assesses the effectiveness of the processes and controls in accordance with defined test attributes.
Attend and/or coordinate meetings with key security and operations stakeholders, scribe minutes, and participate, as needed.
Review and demonstrate understanding of security and operations processes and procedures across several distinct lines of business within audit scope. Identify and document IT security risks and opportunities for improvement.
Identify and document operational/ privacy risks and opportunities for improvement during audit reviews.
Conducts root cause analysis, compensating and mitigating controls, and impact analysis.
Draft audit programs, questionnaires and reports supporting lead auditors/ managers.
Document fieldwork, test procedures and results and other relevant deliverables in accordance with BA&A practices.
Actively collaborate with BA&A team members at all levels to achieve business goals and objectives.
Skills and experiences needed for to be successful in this position:
Key skills and abilities include attention to detail, influencing, facilitation, business process improvement/development, analysis, and problem solving.
Technology experience - experience of SOC1/2, HIPPA, PCI, privacy regs compliance preferable. Also prefer experience of working in Oracle, AWS and/or Azure cloud services.
Understand cloud operations and security, as well as network design.
Prior experience in SOC compliance/certification work would be helpful
Have knowledge in AWS, but not required