Sr. Control Assurance Assessor

View full description

Requirements:

• Bachelor's degree in computer science, management information systems, or relevant field, or equivalent demonstrable experience.
• 3+ years' experience performing IT Audit or security control testing.
• 5+ years' experience in Information Security or Information Technology.
• Demonstrated experience in conducting security control testing and evaluations within an internal audit framework.
• Professional certification such as CISA, CISM, CISSP, PCI QSA, ISO 27001 Lead Auditor, or equivalent.
• Proficiency in industry standards and frameworks (e.g., NIST 800-53, ISO 27001/27002).
• Familiarity with privacy regulations (e.g., GDPR, CCPA) and sector-specific frameworks (e.g., HIPAA, PCI).
• Knowledge of security tools such as Sailpoint, Rapid7, Wiz.io, MS Defender, SIEM.
• Familiarity with cloud technologies like AWS and Azure.
• Experience using generative AI for test strategies and reports.
• Proficiency in automation and analytics tools (e.g., Excel, Tableau, Alteryx).

Responsibilities:

• Conduct security control assessments, managing the process from planning through to reporting.
• Understand controls in scope, gather asset populations, and select samples.
• Evaluate whether the controls are designed and working as intended.
• Write and communicate issues, and report on test results.
• Develop test plans, test cases, and procedures using security tools' data.
• Use queries and dashboards to identify potential control failures.
• Ensure accurate and timely control testing, providing peer reviews.
• Document findings, including root cause analysis and remediation recommendations.
• Deliver clear progress updates and results as the primary liaison with team members.
• Contribute to testing program efficiency by establishing measurable indicators and integrating feedback.