Job Title: Security Control Testing Analyst
Location: Remote (U.S. candidates only)
Responsibilities:
- Planning & Scoping of Asset Based Assessments to include development of communications, risk & control matrices, scope documents and other supporting information
- Perform walk-throughs with business partners identifying actual versus expected controls
- Create test strategies to test actual controls
- Document all work performed to meet the IIA reperformance standard
- Document issues and final reports
- Present to leadership results of assessments
Qualifications:
- Experience in control testing to include experience in some of the three lines of defense (Audit, ERM, First Line areas)
- Experience in audit and information security risk assessments
- Knowledge of applicable federal and state laws, rules and regulations (i.e. Federal Financial Institutions Examination Manual (FFIEC), National Information of Standards and Technology (NIST), and International Standards Organization (ISO))
- Knowledge of NCUA, FFIEC, GLBA, NIST (including the Cyber Security Framework and 800 Series), ISO 27001/27002, SANS/CIS 20, PCI DSS, and other Information Security requirements and frameworks
- Experience in working with all levels of staff, management, stakeholders, and third parties
- Effective planning and organizational skills
- Effective research, analytical and problem solving skills
- Strong verbal, written and interpersonal communication skills, including technical writing
- Bachelor Degree in business, information systems or related field or equivalent work/military experience
- CISSP, CISA, CCSP, CRISC or other Information Security certifications
- Ability to present findings and conclusions clearly and concisely
- Ability to build effective relationships through rapport, trust, diplomacy, and tact
- Strong word processing and spreadsheet software skills
Apply below