Job Information
Utah State Job Bank Senior Security Assurance IT Audit Analyst in SALT LAKE CITY, Utah
Description
Essential Duties and Responsibilities
Design and lead the information security risk assessment strategy, methodology, and process
Implement, manage and execute compliance programs associated with SOC 2, ISO 27001, Privacy compliance (multiple regulations) and federal NIST requirements
Coordinate execution of enterprise-wide information security risk assessments, including the negotiation, reporting and oversight of risk treatment plans to address findings
Work with business partners, Global Risk Management, IT Risk, Product and Data Security, Privacy, and outside consultants on required information security risk assessments and audits
Investigate, evaluate, and advise on implementation and effectiveness of security controls for compliance with applicable information security laws, regulations, and policies
Write effective communications to stakeholders and team
Design, write, and implement manual and automated controls, track implementation
Ensure key security internal controls are identified, implemented, tested, and remediated as required
Compliance control testing. Evaluate effectiveness of internal controls using various methodologies, including: inquiry, reviewing documentation, observing activities, analytics, identifying anomalies, and examining transactions.
Record audit findings and work in a clear and organized manner.
Triage process or control ownership changes affecting compliance monitoring
Test cloud provider settings and configurations
Evaluate and advise on security control recommendations to mitigate information security risks
Create, review, and test control attestations for the quarterly controls self-assessment program, including writing audit test-program steps
Manage Security Exception requests for risks and track resolution process
Advise on enhancements to enterprise Security Policies and Standards
Strategic planning for future framework implementation and arranging timelines with affected parties
Gap evaluations on current state operations compared to frameworks not yet implemented to determine an action plan
Work directly with colleagues to provide advisory services and guidance that will reduce organizational risk, improve their overall security posture, and achieve compliance
Create, QA, maintain, troubleshoot with developers, and publish metrics and dashboards
Create and deliver operational and executive summary reports for information security risk activities
Prepare reports and other deliverables that contain strategy, technical analysis, findings and recommendations
Evaluate acquisitions for their compliance posture and tools, create remediation plans to improve or change to Sorenson standards, noting exceptions
Process initial vendor requests and renewals, and manage the third-party security vendor risk management (TPRM) program and lifecycle
Represent the Security Risk and Compliance team on input to contract requirements relating to information technology and security controls
Create and maintain job aids for various functions
Manage risk and compliance resources for team, including training new staff members or cross-training teammates
Learn and perform some end-user type Administrator functions for the GRC software application
Respond to security assessments, questionnaires and audits from regulators, clients and third-party business partners
Respond to client third-party audit or assessment requests to facilitate business transactions and maintain strategic business relationships
Write and have approved, responses to client inquiries and maintain library of records, documentation, and responses
Other projects and duties as assigned
Education and Licensure
Minimum 4 year Bachelor... For full in fo follow application link.
Sorenson Communications is an EOE, Disability/Age Employer
#InformationTec nology