Information Security Auditor

at Windham Professionals

Salem, NH

Posted on Sep. 8, 2016

Full Time

Windham Professionals Inc. is a full-service Accounts Receivable Management and Customer Care Company. We have locations in NH, NV, NY, and TN and expanding. Consider joining our company as we are on the cutting edge of new growth creating a world class BPO service provider.

The Information Security Auditor works in direct support of the Information Security Office to plan and conduct Information Technology audits and reviews to strengthen their technology controls and ensure the integrity, confidentiality and availability of company systems and electronic assets. The Information Security Auditor will obtain an in-depth understanding of the systems and/or functions being audited and prepare detailed audit programs to assess the adequacy and effectiveness of controls. This position executes the audit plan in a team-based environment; interacting closely with various levels of staff and management while preparing audit work reports/summaries and presentations to support procedures, results, findings and recommendations.

The Information Security Auditor collects data from a variety of sources and analyzes in support of compliance assurance, cost containment and process improvement initiatives. Performs simple to complex data analysis and interpretation.

The Information Security Auditor assists in the formation and ongoing support of WPI’s information security policies, setting procedures and guidelines to ensure that all information systems are functional, secure and safeguarded.

The Information Security Auditor participates in the identification, tracking, and monitoring of information security policies and is responsible for adhering to the rules and regulations of the various governance bodies for certification. Utilizes established processes and tools to focus on risk identification, analysis, and remediation. This position requires an advanced knowledge and capability to manage projects and oversee IT governance practices.

The Information Security Auditor provides a working knowledge and understanding of regulatory compliance concerns, data protection, industry standards, security and risk frameworks including FISMA, FDCPA, TCPA, COBIT, PCI-DSS, SOX, NIST and ISO 27001. This position assures compliance with privacy, customer trust and information security laws and regulations applicable to financial services and revenue recovery industries.

Responsibilities:
1. Assists in creation and maintenance of information security policies, procedures, and standards.
2.Monitors compliance to information security policies, procedures and governance practices.
3.Audit and assess Sub Contractor adherence to regulatory compliance.
4. Oversees risk and compliance assessments and swiftly responds to audit findings.
5. Perform moderately complex analyses and prepares reports to management.
6. Communicates security requirements and procedures in relation to regulations.

The Information Security Auditor works with the Information Security Manager to make critical decisions regarding information security certifications, policies, procedures, and audit remediation. This position requires the ability to maintain confidences and handle sensitive information related to potential security breaches or regulatory compliance. As a member of the Information Security team the Information Security Auditor must assure applicable security controls and regulatory compliance practices are represented in system design and architecture decisions.

Qualifications:

- Bachelor’s degree in Computer Science or Information Security, or equivalent experience
- 3-5 years progressive experience in IT Risk Management, Information Security, or IT Audit as a Manager or Senior Analyst.
- Extensive knowledge of data security practices, procedures and resilient architectures in a highly regulated industry.
- Working knowledge and understanding of regulatory compliance concerns and financial industry standards (e.g. FISMA, FDCPA, TCPA, COBIT, PCI-DSS, SOX, NIST and ISO 27001).
- Excellent understanding of network topologies, access controls, intrusion detection and related technologies.
- Ability to work collaboratively and remain calm and focused during an audit or regulatory review.
- Ability to handle confidential information responsibly and meet critical project timelines through effective project management principles.
- Previous experience as a network auditor or compliance professional.
- Security certification CISSP, CISA, GSNA, etc. is preferred.
- Project Management experience helpful.Demonstrates understanding of relevant terminology, such as: threat, vulnerability, risk, asset, exposure, safeguards, etc.
- Demonstrates fundamental understanding of risk, IT and security controls, compliance, authentication, accountability, data security, disaster recovery and contingency planning.
- Ability to articulate technical processes, both oral and written, to different audiences and varying levels of complexity.
- Demonstrates understanding of regulatory and compliance terminology, such as: NIST, SANS, CISSP, COBIT, PCI, ISO, etc.
- Demonstrates fundamental understanding of Networking – TCP/IP and other protocols. Common network device functions, such as routers, switches, hubs, wifi access points, etc.
- Interpersonal / relationship building skills with technical and business personnel
- Experience with documentation tools e.g., MS Visio, SharePoint, or like applications.

Windham Professionals provides Equal Employment Opportunity for all individuals regardless of race, color, religion, gender, age, national origin, marital status, gender identity, sexual orientation, status as a protected veteran, genetic information, individuals with a disability, and any other basis protected by federal, state or local laws. EEO/AA Disabled/Vet.

Save job

Quick Apply

Choose One: Paste
Click to try another word
Save your application info for next time?
Yes, please! I agree to the Terms of Service.
Other Apply Options