Sr. IT Security Auditor II

Xorbix Technologies is a Global IT service and software company providing technology solutions across a variety of business disciplines. We have a need for a Senior IT Security Auditor II for our client in Milwaukee, WI.

The Sr. IT Security Auditor II is responsible for understanding and evaluating the internal control and risk environment. Senior IT Auditor II serves as a lead of multiple project teams to assess the organizations information technology (IT) risk and enhance IT business systems, processes, and controls. Projects focus on the assessment and/or evaluation of IT systems and the mitigation of IT-related business risk and the organizations efforts to ensure that IT investments provide maximum security and risk mitigation in the most cost effective manner. Collaborates with the business to analyze, evaluate, and enhance information systems facilitating the business' internal control processes. He or she completes all internal audit work in compliance with established audit methodology while meeting all organizational and professional ethical standards. The incumbent will lead and/or conduct complex engagements and significantly broaden the value, service levels, and capabilities of the Risk and Advisory Services efforts at the client.

 

Contract Duration:

· 3 months with the possibility of conversion. Candidate must be sincerely interested in the opportunity to convert.

 

Key responsibilities

• Lead the functions around security administration at the network, application, database, and/or server level
• Lead secure web coding practices and standards
• Analyzes highly complex processes to support detailed audit documentation, representative of the current IT control environment
• Continuously assesses opportunities to improve the internal control environment across company
• Develops and maintains productive team-oriented client and staff relationships through individual contacts and group meetings
• Maintains awareness of significant changes across the organization. and the potential impact on the established control environment
• Pursues professional development opportunities, including external and internal training, and shares information gained with co-workers
• Identifies technology risks and independently evaluates the efficiency and effectiveness of the information technology infrastructure and application controls, including security and internal controls
• Works with audit engagement team to document the business processes that are dependent upon Information Technology

Required skills/experience

• 5 - 8 years relevant business experience, including documentation of business processes, risk and controls identification

· Must have a solid understanding of Business, Finance and IT areas

· Must have IT Audit experience (the number of years determines which level this position would be on a perm basis - prefer 5 years or more of IT Audit experience to be at a Sr. IT Auditor II level)

· 2+ years of IT experience in ANY of the following: network security, web application secure coding standards, data protection / privacy

• Helpful to be bilingual in English and Spanish, but not required (English is required)
• Ability to work in Visio to create detailed data/process walkthrough documentation
• Some exposure to working with data analytics
• Demonstrated ability in planning, project management, and leading staff
• Ability to maintain composure under pressure while managing multiple assignments and priorities
• Ability to effectively teach and mentor staff
• Demonstrated work successes utilizing project plans, issues logs, risk/mitigation strategies, automated testing tools, cost/benefit analysis tools
• Proven track record in applying broad business knowledge and practical experience to working with/ managing technology risks and controls
• Working knowledge of one or more operating system platforms including mainframes, client/server, UNIX, AS400
• Working knowledge of one or more security products such as RACF and Oracle Identity Manager
• Ability and experience in translating business rules into technical definitions
• Exposure to a variety of technologies that can be used to export, import, manipulate data. For example: Windows, Unix and mainframe based FTP,MS Access, MS Excel, Microsoft SQL Server
• Exposure to database administration principles and practices
• Excellent oral, written, listening, and presentation skills
• Demonstrated ability to effectively communicate with all levels of management and staff
• Some exposure to Accounting/Finance principles
• The incumbent may be required to travel 20 - 25% of the time to New York, Miami, and other possible locations as business requires
• Demonstrated a dedication to teamwork
• Demonstrated integrity within a professional environment

Technical/ Educational / Certification Requirements:

• Bachelor's degree, from an accredited college or university, preferably in Accounting, Finance, Business Administration, Computer Science, Information Systems, or related field required
• Working knowledge of the Sarbanes-Oxley Act of 2000
• Desire to obtain related professional certification, such as CISA, CISSP, CISM, CIA
• Ability to operate a computer with a high level of proficiency in the Microsoft Office suite of products. Includes experience with large spreadsheets, databases and word processing programs
• In-depth knowledge of the components and underlying technologies supporting specific business components and the threats and vulnerabilities associated with these technologies

The main components include:

· Network security. Candidates must possess practical / working experience in network security including firewall, router, and server security configuration. Use of automated tools to monitor the network security/vulnerabilities, incident response, patch management (again, as it relates to security threats, vulnerabilities, etc.).

· Web Application secure coding standards. Client has MANY outward facing web applications used for multiple purposes. Each of these web applications can be a potential risk from two sides: A potential "door" to our secured, internal network, and the security and protection of the information used by each application (whether it be HIPPA protected, PCI compliance, financial privacy, or just sensitive internal or customer info). Candidate(s) should possess experience in web application secure coding practices, vulnerability assessments of web app code, threat modeling, secure testing standards/ approaches, and risk management.

· Data protection / privacy skills. This area is driving more into Database Administration and Data Governance experience specifically around the identification and classification of internal data and appropriate technical skill sets for securing, both from a loss (data walks out of the building somehow) and/or improper disclosure of sensitive information.

 

Apply online.