IT Audit/ Security Analyst

IT Audit / Security Analyst We are looking for a mid-level Security professional with an IT Audit background to support: our Sales organization in selling the security of our software, SaaS and professional services offerings to customer, annual security-related audits and execution of our IT General Controls (ITGCs) program. The ideal candidate has worked or working for one of the "Big 8 Accounting Firms" Arthur Andersen, Arthur Young, Coopers & Lybrand, Deloitte Haskins & Sells, Ernst & Whinney, Peat Marwick Mitchell, Price Waterhouse, Touche Ross. Our client helps enterprises around the world move faster, work smarter, and lead the way forward with an end-to-end solution for getting value out of data. Our platform is the only one on the market that allows for open-ended, curiosity-driven exploration, giving everyone - at any skill level - the ability to make real discoveries that lead to real outcomes and transformative changes. They operate in over 100 countries with over 50,000 customers around the world. This is a Direct Hire position with a salary $90,000 - 105,000 based on experience with good benefit program. This person will work a Hybrid schedule of some days in the office based out of the KOP location. Primary Responsibilities & Tasks will include but not limited to- Receive and respond timely to security-related requests (questionnaires, agreements, meetings) from prospects/customers related to software, SaaS and professional services offerings. Support annual security related audits including, but not limited to, SOX-lite Financial/ITGC audit, ISO/IEC 27001:2013 audit, and AICPA SSAE 18 SOC 2 Type II audit. Update and refresh existing security policies on an annual basis as part of our Information Security Management System (ISMS). Review both IT General Controls (ITGC''s) as well as Substantive Controls executed by Security''s offshore team weekly, monthly, quarterly and semi-annually around access, change and transaction activity for financially-significant systems. Escalate weekly Vulnerability Scan results against internal/external assets to asset owners for remediate Receive, facilitate and respond timely to data subject deletion and/or access requests in line with the GDPR requirements. Review existing security assessments/results executed by Qlik Security''s offshore team (e.g. BYOD audits). Secondary Responsibilities & Tasks Received and respond timely to Security Incident notifications from our 3rd party security alerting tools with employees and contractors for remediation. Review and approve/reject 3rd Party Risk Assessment from a security perspective when employees and contractors want to procure technology or professional services from external vendors. Required Skills 2-5 years in IT Audit, Security, Governance and Compliance. Holds one or more of the following qualifications: CISA (ISACA), CISSP (ISC2) Experience in mentoring, reviewing and assigning work to junior auditors. Ability to work independently as well as collaborate cross-functionally with all org levels (individuals and management). Ability to apply security competencies for continuous improvement of existing ISMS. Competencies based on the following industry security standards: ISO 27001, COBIT/COSO, SSAE 18 and others. Competencies with the following technology a plus: O365, NetSuite, Salesforce, ServiceNow, Workday, Jira, Tenable, Data Analytics software/SaaS, Data Integration software Key Words: IT Security Auditor SOX CISA ISO 27001 COBIT

Created: 2021-11-29