Cyber Security Auditor in Parsippany-Troy Hills, NJ at Securitas Security Services USA

Date Posted: 10/30/2018

Job Snapshot

Job Description

Job Code: 85961320399

Category: IT

JOB SUMMARY: As a member of the IT Cyber Security team, the position will actively contribute to the maturation of the company's information security strategy and programs based on key processes, practices, and standards necessary to manage the risks and security controls for the Securitas lines of business.  The position will be responsible for the audit life-cycle management of applications, infrastructure and systems from initiation through production and end-of-life phases for all front-to-end components including technology assets, data flows, operational processing, user interfaces, procedural, physical and technical controls.

The individual in this role will report directly to the Director of Cyber Security and Compliance.

ESSENTIAL FUNCTIONS

  • Perform detailed assessments and audit reviews of control environments to ensure compliance to corporate security policies and standards
  • Perform general and application control reviews for computer information systems
  • Perform information control reviews of system development standards, operating procedures, system security, programming controls, communication controls, backup and disaster recovery, and system maintenance
  • Perform reviews of internal control procedures and security for systems under development, enhancement releases and existing systems
  • Conduct operational, compliance, and investigative audits, as assigned
  • Prepare audit finding memoranda and working papers to ensure adequate documentation exists to support completed audits and conclusions
  • Create artifacts, including documented policies, procedures, diagrams and other materials required for remediation and compliance evidence to comply with internal and external auditing requirements
  • Develop and drive the completion of audit finding remediation plans to achieve baseline compliance and remediation for identified deficiencies and control weaknesses
  • Facilitate the completion of remediation efforts with IT, Business and vendor stakeholders
  • Follow up on audit findings to ensure management and control owners have taken corrective actions
  • Support independent auditor activities for interim and year-end testing cycles as required
  • Perform monthly access and entitlement reviews across applications to identify where unauthorized access is granted and can be removed
  • Discover and document internal computer information systems to validate usage, functionality and risk exposures
  • Review and prepare IT compliance responses for audits, security questionnaires, contracts, service agreements, RFPs and SOWs for Securitas lines of business
  • Conduct compliance reviews of signed contracts to validate specified security controls are in-place and terms and conditions are being met
  • Support selection, design and completion of standard SIGs to be used for customer audit and security inquiries
  • Assist and perform other duties as requested by management.

Job Requirements

MINIMUM QUALIFICATIONS AT ENTRY

Additional qualifications may be specified and receive preference, depending upon the nature of the position.

Education/Experience: 

  • High School Diploma or GED required.
  • Bachelor's degree required.
  • 5+ years of compliance, audit and risk management experience within IT operations or related-business experience in large distributed enterprises
  • 2+ years of project management experience
  • Advanced education and professional security certifications such as CISSP, CISA, CISM and CRISC are preferred
  • Experience with data classification, access control, and security models
  • Experience with implementing and using DLP, GRC, IAM, ERM and SIEM tools 

Competencies (as demonstrated through experience, training, and/or testing):

  • Technical knowledge of information security concepts, vulnerability management, Active Directory and network policy management
  • Ability to review, interpret and assess a wide-range of diverse and distributed computer information systems
  • Ability to perform control reviews on systems development, operations and security procedures and standards
  • Experience in participating in complex technology projects involving multiple stakeholders and functional disciplines
  • Strong analytical and problem-solving skills
  • Excellent presentation, written and verbal communication, interpersonal and leadership, information gathering and analytical skills required
  • Ability to communicate audit and compliance issues clearly and concisely
  • Ability to work effectively with people at various levels throughout the organization
  • Must work well under pressure, grasp new ideas quickly, think outside the box, and be able to follow up in a dynamic environment
  • Strong multi-tasking skills in a fast-paced environment
  • Strong team player
  • Works well independently with minimum supervision

Working Conditions and Physical/Mental Demands

With or without reasonable accommodation, a candidate must have the physical and mental capacity to effectively perform all essential functions described.  In addition to other demands, the demands of the job include:

  • Maintaining composure in dealing with authorities, executives, clients, staff and the public, occasionally under conditions of urgency and in pressure situations.
  • Successful passage of background, reference, psychological, and controlled substance tests.
  • Handling and being exposed to sensitive and confidential information.
  • Occasional lifting and/or moving up to 10 pounds.