Senior Auditor, PCI QSA

(See all job postings)


REPORTS TO: DELIVERY MANAGEMENT TEAM

DEPARTMENT: DELIVERY

STATUS: FULL-TIME EXEMPT

LOCATION: VIRTUAL/REMOTE

 

OVERVIEW

CyberGuard Compliance is based in the United States but serves clients around the globe. Our leadership team has over 150 years of combined business management, operations, and related information technology (IT) experience. We are proud to offer our clients the highest quality highest quality SOC, PCI, HITRUST, ISO 27001 audits, other compliance and IT security assessment services available in the marketplace. Leveraging efficiencies gained from experience in performing thousands of SOC audits, IT security audits and other internal control assessments, our employees benefit from working collaboratively with the clients using a customized approach and efficient audit methodology and tools.

 

CyberGuard Compliance partners with a diverse client base, ranging from start-up  to Fortune 50 clients in all industries. Our ultimate firm resource is our people. We take great pride in serving our clients and offering our employees flexible work schedules, training, career paths, recognition, rewards, and a collaborative team environment that inspires exceptional performance.

 

The Senior Auditor will help develop and maintain productive working relationships with client personnel and assess clients' satisfaction, demonstrate proficiency with auditing concepts, and apply them to client situations, as well as identify and effectively communicate accounting and auditing matters to the client and internal management.

 

SUPERVISORY RESPONSIBILITY

This position has no direct supervisory responsibilities.

 

ESSENTIAL DUTIES AND RESPONSIBILITY

    • Perform testing on client audit engagements from start to completion.
    • Assist with leading client engagements from start to completion, which includes coordinating, executing, and reporting on internally-staffed and co-sourced audits.
    • Audit and design test procedures for IT controls across a range of areas/technologies (e.g., IT General Controls, application controls, system implementations, cybersecurity, privacy, database management systems, operating systems, ERPs).
    • Perform multiple projects and competing priorities in a rapidly growing, fast-paced, team environment.
    • Execute complex audits within the project budget and timeline.
    • Assist in all aspects of audits, including risk assessments, audit planning, audit testing, control evaluation, draft report review, and follow-up and verification of issue closure.
    • Support Delivery Management Team in preparing and managing engagement project plans, timelines, budgets, and economics.
    • Document audit workpapers, results, and reports with minimal intervention from management.
    • Complete assignments in an efficient manner while ensuring high quality is maintained.
    • Perform audit work in accordance with firm methodologies and professional standards.
    • Conduct interviews with client personnel, and address client questions regarding clarification of controls and processes.
    • Present and communicate status and findings to client personnel; keep supervisors informed in a timely manner of the engagement status and identified issues.
    • Proactively interact with key client management to gather information, resolve problems, and identify recommendations for business and process improvements.
    • Develop working relationships with personnel from various functional areas.
    • Assist with the tracking and monitoring of action plans and remediation.
    • Acquire an understanding of clients’ business, including objectives, services, operations, processes, IT systems, and controls.
    • Demonstrate and maintain technical competency in audit, compliance, and security areas.
    • Continue to learn from daily job experience and the study of internal audit standards, procedures, tools, and techniques.
    • Research and recommend process, security, technology, operations, and compliance enhancements.
    • Participate in team and company-wide initiatives aimed at continually improving firm processes and offerings.
    • Manage and perform position duties to ensure annual targets and goals are met.
    • Occasional evening and weekend work may be required as job duties demand.
    • Perform other duties and responsibilities as assigned.

 

REQUIRED EDUCATION, EXPERIENCE AND CERTIFICATION

    • Bachelor’s or Master’s degree in relevant field strongly preferred. Extensive IT security experience and several relevant certifications required in lieu of a Bachelor’s degree in the relevant field of study.
    • PCI QSA with active certification.
    • Hold at least one relevant security or audit industry certification from each group:
      • Group 1 (Information Security) - CISSP, CISM, ISO 27001 Lead Implementer.
      • Group 2 (Audit) - CISA, GSNA, ISO 27001 Lead Auditor, ISMS Auditor or higher, CIA.
    • 2-6 years of experience in Internal Audit, IT Risk/Compliance, or IT Security, preferably with a professional services firm.
    • Experience performing PCI DSS assessments and/or experience performing SOC 1 / SOC 2, HITRUST, or ISO 27001 assessments preferred. 
    • A high-level knowledge of all key areas of Information Security Technology.
    • Strong understanding of security strategy, risk management and security operations.
    • Ability to analyze cardholder data flows (business and application data flows) and accordingly identify the risks to cardholder data.
    • Ability to review network device (Firewalls/Switches/Routers/IDS/IPS/Load Balances, etc.) configurations and analyze network architectures.
    • Ability to review system hardening (Servers/Virtualization Devices/Cloud Infrastructure/Databases).
    • In-depth knowledge and experience in IT Security, including access controls, network Security, logging/monitoring, vulnerability assessments, system hardening, secure software development, application security, encryption, and key management best practices, etc.
    • In-depth knowledge and experience with PCI DSS, Risk Management Standards (OCTAVE/NIST/ISO).
    • Knowledge of IT risks and controls, concepts, audit methodology, practices, and procedures.
    • Awareness of prevailing IT risk management and cybersecurity risk management standards (COBIT, NIST CSF, ISO, etc.).
    • Knowledge of and experience assessing core IT infrastructure platforms (OS/400, Windows, UNIX, Oracle, SQL) and/or IT infrastructure / network components (domain controllers, firewalls, routers, IDS/IPS, etc.).
    • Understanding of cloud platforms and technologies is preferred.

 

REQUIRED SKILLS/ABILITIES

    • Clear and concise verbal and written communication skills.
    • Proficient with Microsoft Office Suite or related software.
    • Proficiency with or the ability to quickly learn the organizations software systems.
    • Strong project management, time management, analytical, interpersonal, attention to detail, and organizational skills.
    • Professional interpersonal skills with a dedication to superior client service.
    • Ability to build effective internal and client relationships with a positive and cooperative attitude.
    • Willing to take personal responsibility/accountability, and to go beyond expectations.
    • Ability to work independently with minimum supervision and prioritize multiple objectives in a rapidly changing environment.
    • Self-motivated with ability to complete assignments within time constraints and budgets.
    • Sound judgment and ability to maintain utmost confidentiality.
    • Ability and willingness to travel.


PHYSICAL REQUIREMENTS

This job operates in a professional virtual remote work environment. While performing the essential functions of this job, the employee is required to stand and sit for prolonged periods. Specific vision abilities required include close and medium distance vision and the ability to adjust focus. Must be able to hear normal sounds, distinguish sound as voice and communicate through human speech. This position requires the ability to routinely operate a keyboard, computer mouse, telephone, fax, scanner, copier, writing tools, scissors, and other standard office equipment. On an occasion, an employee will be asked to lift items weighing up to 25 lbs.


TRAVEL

Local and overnight (approximately 15%) travel expected for this position.

 

BENEFITS

    • Medical Insurance

    • Dental Insurance

    • Vision Plan

    • Life Insurance

    • Matching 401k Plan

    • Paid Vacation

    • Paid Sick Time

    • Paid Holidays

 

Unfortunately, at this time, we can’t consider candidates that require sponsorship or are outside of the United States.

CyberGuard Compliance, LLP is an Equal Opportunity Employer.