Job Description

Role Description: The Audit Manager, Information Security position will be an integral member of the Information Security and Risk Management team. This role will be responsible for organizing and managing internal and external audits. Work in Chief Information Security Officer (CISO) office under Director, Information Security Governance, Risk and Compliance, this role serves as an information security technology professional for the Client to support the design, implementation, and maintenance of a cohesive information security governance, risk and compliance program. The successful candidate will have a good mix of deep technical knowledge, understanding of industry best practice, frameworks and regulations, and a demonstrated background in information security risk management program. An experienced and motivated risk and compliance individual contributor is needed to work across a matrixed team in place today and growing in the future. The successful candidate has a track record of developing strong relationships, collaborating across teams, coordinating multiple timelines, and managing complex, cross discipline projects. The ideal candidate: is a self-starter, with the ability to drive tasks to completion independently and learn new skills on the job as program requirements evolve. possesses strong business judgment, deep analytical thinking, is comfortable managing multiple responsibilities within a fast-paced environment, and has worked collaboratively with others to develop, implement, and communicate business improvement and innovative strategies. possesses strong verbal and written communication skills, a solution-oriented approach, and relationship-building skills are important attributes to succeed in this role. Successful candidate will develop strong relationships, collaborate across teams, coordinate multiple timelines, and manage complex, cross discipline projects. global view of their business and think in terms of immediate problem solving but also automating, expanding, and scaling solutions broadly. thinks strategically at a global level and effectively develop key processes, procedures and communications that facilitate cross-functional implementation of compliance management processes and compliance reporting. Responsibilities: Develop audit program and plans for information security audits such as ISO and SOC 2, determine scope of audit coverage, and organize and manage internal and external audit engagements. Manage audit engagements and evidence collection for audits using GRC Tool OneTrust Oversee the process of audits, making recommendations on policies, and ensuring that the organization fulfills compliance obligations. Provide process design advice to Control Owners and Control Operators to build programs based on principles: compliance-by-design and security-by-design Coordinates and/or performs audit work, reviews audit reports prior to formal release, reviews management responses and reviews supporting workpapers to ensure reports are properly supported. Identifies factors causing deficient conditions and provides constructive, economical, and practical recommendations for audit findings. Drafts recommendations for management responses and corrective action plans. Support iterative review of assessment results, working with appropriate stakeholders across the lines of defense. Follows-up to determine adequacy and implementation of corrective actions. Validate evidence for sufficiency per control requirements. Identify and manage implementation of new compliance requirements/controls that are introduced by changes to regulations/standards/frameworks (new compliance requirements introduced per changes to ISO 27001, SOC 2, NIST 800-53, NIST CSF) Design automated and manual control testing methods. Conduct compliance assessments and internal control testing of critical business processes, critical information systems/assets (technology/application) and processes to evaluate design and operating effectiveness of controls, and proactively prepare stakeholders for external audits. Participate in policy reviews and provide meaningful feedback; facilitate policy operationalization Establishes and maintains effective working relationships with Control Owners and Control Operators. Create collateral to promote culture of compliance aligned to firms risk tolerance. Contribute to the development of scalable models and tools that speed up both decision making and accuracy for the organization. Assimilate risk and compliance assessment/audit data into concise and meaningful reports/dashboards for leadership. Experience: Experience with information security frameworks, industry standards (i.e., SOC 2, NIST 800-53; ISO 27001, ISO 27017, COSO, HITRUST) Experience with regulatory requirements (i.e., HIPAA etc.) Experience performing IT audits and control testing Experience using internal proprietary tool to manage assessment/audit process Experience gathering information from a range of different sources to help identify weaknesses in security controls Expert with security control design, development, implementation, and monitoring Demonstrated experience across multiple information security domains preferred Qualifications: Bachelor's degree in Computer Science, Engineering or related field or equivalent work experience CISA, CRISC, CISM, or CISSP certifications (one or more) preferred Demonstrated advanced verbal and written communication skills Excellent organization skills and be a self-motivated learner Why Join Us Remote work flexibility and a collaborative team environment. Work on meaningful Transformation projects with global clients. Continuous learning and growth opportunities. Supportive culture where your voice matters and your work makes an impact.