Audit and Compliance Security Analyst - Remote
Title: Audit and Compliance Security Analyst - Remote
Mandatory skills:
standard security concepts, standard security practices, standard security procedures,
customer service, IT audit, security, compliance requirements,
internal control systems, security features governing, IT application, LAN s, physical IT operations, application controls, IT security controls,
audit objectives, audit tasks, audit procedures, audit guide, security audit, IT security strategic, security solutions, shared infrastructure technology,
IT systems, software, web-based applications, information technology controls, IT service-delivery management,
regulatory compliance requirements, assessment processes, security concepts, risk management, investigation techniques, Information Systems Audit, Control Association,
writing technical, management, analysis reports, papers
Description:
Position Summary
The client manages the information technology (IT) assets and uses technology to improve government efficiency and service delivery. The client administers enterprise solutions and consults on technology services for client, local government and educational systems.
This position is responsible for:
Reporting on whether electronic information systems operated and used by the client are effectively managed and controlled
Assessing whether the application and general computer controls are adequate and functioning as intended, especially in the area of privacy and security
Recommending and, as appropriate, assisting in documenting improvements to existing or design-stage information systems to increase efficiency or adequacy of controls
Evaluating the adequacy of policies and procedures related to the effective operation and control of the information systems
Facilitating development of responses to external audit findings and the resolution of IT policy and procedural issues
Ensuring compliance with regulatory and other industry standards for infrastructure services provided by the client.
The position requires 4-7 years of experience, familiar with standard security concepts, practices, and procedures.
Relies on limited experience and judgment to plan and accomplish goals.
A certain degree of creativity and latitude is required.
In addition, this position requires strong communications skills, both verbally and in writing, provides excellent customer service and consulting to internal and external stakeholders, and the ability to work with cross-functional teams.
Goals and Worker Activities:
40% A. Provision of technical guidance on IT audit, security, and compliance requirements
A1. Research, review and keep current on client regulatory compliance requirements and security best practices.
A2. Maintain contacts and productive relations with IT managers and staff as a means of providing assistance with audit and compliance needs and areas of potential risk.
A3. Provide technical guidance, as requested, to department managers in appropriate IT areas, such as development and implementation of internal control systems; development of policies and procedures; establishing benchmarks to measure the effectiveness of an IT application or function; and enhancing security features governing access to applications, IT Infrastructure (e.g., servers, firewall, LAN/WAN, databases, etc.) and physical IT operations.
A4. Identify audit topics that should be considered for audit or limited review, based on indicators of any significant system changes, risks faced by the department and/or possible benefits of conducting such assessments.
A5. Assist client managers in developing responses to audits by external auditors, and in tracking responses to ensure that corrective actions are taken.
A6. Plan and conduct follow-up reviews to determine whether recommendations have been implemented to adequately address the findings.
A7. Focus on IT systems issues, functions or activities when identifying risks facing the department and potential audits issues, such as management controls, applications, IT operations and data management.
A8. Perform research and analysis and provide feedback on physical security of the data centers as requested.
40% B. Administration of the documentation, communication, and assessment of the adequacy of security controls for information systems
B1. Participate in meetings with the client customers to review and understand their requirements as they relate to enterprise security. Develop plans to raise security awareness.
B2. Perform appropriate tests of general IT controls and specific application controls to verify that controls being audited are functioning as intended.
B3. Recommend to management changes that are necessary to improve the design and operating effectiveness IT security controls.
B4. Draft correspondence, finding sheets and audit reports that clearly explain the findings and conditions disclosed during the audit, the basis for the audit conclusions and specific recommendations for corrective action. Participate in discussions related to the IT audit findings and potential recommendations.
B5. Review assessments or Service Organization Controls (SOC) reports of business associates and provide guidance to program areas on how they can use these to monitor the operations that are outsourced.
B6. Develop an audit or limited review work plan detailing specific audit objectives, audit tasks to be performed, the criteria to be used in assessing whether the IT system, function or activity being reviewed is performing effectively, and the timelines for completing planned tasks.
B7. Track, monitor, review IT findings within the audit reports and provide guidance to the client staff, technical infrastructure staff and program areas on risks and remediation plan adequacy.
B8. Meet with the client customers to understand their security requirements and recommend alternatives that relate to the enterprise shared IT Infrastructure systems security strategies.
B9. Participate on enterprise incident response teams working on security related issues.
B10. Investigate security and compliance related issues for the enterprise and the client as requested.
20% C. Performance of information technology security initiatives
C1. Participate on cross-functional teams in needs assessment, design, or implementation projects to address security audit and compliance needs.
C2. Review internal project study requests and project plans for compliance with IT security strategic goals.
C3. Evaluate customer requirements to determine if security solutions meet the client audit and compliance controls. Provide cost-benefit analyses as needed and solicit funding to develop and implement new projects and services.
C4. Provide information technology security expertise to system developers, system administrators, project managers and other IT professionals to ensure adequate security controls in IT systems.
C5. Recommend methods and technologies to improve management of the security infrastructure, its efficiency, and its effectiveness.
Knowledge, Skills and Abilities:
Ability to deliver quality service and maintain positive working relationships with customers.
Ability to function as a team member, including the open sharing of information, and willingness to help wherever needed.
Ability to communicate clearly and effectively to both technical peers and less technical customers in person and via written media such as email, reports, and project charters.
Knowledge of and ability to apply IT service-delivery management best practices and procedures.
Ability to learn quickly; synthesize complex information, identify key points and communicate results accurately and effectively.
Considerable knowledge and skill in standard audit procedures, including preparing an audit guide and identifying the steps taken in conducting the audit.
Considerable knowledge of information technology controls.
Considerable skill and experience in IT systems, software, and web-based applications.
Considerable knowledge of regulatory compliance requirements and assessment processes.
Considerable knowledge of security concepts, risk management and investigation techniques.
Knowledge of practices of the Information Systems Audit and Control Association or any other applicable background for the audit of information systems.
Considerable skill in writing technical, management and analysis reports and papers.
Notes:
Remote
VIVA USA is an equal opportunity employer and is committed to maintaining a professional working environment that is free from discrimination and unlawful harassment. The Management, contractors, and staff of VIVA USA shall respect others without regard to race, sex, religion, age, color, creed, national or ethnic origin, physical, mental or sensory disability, marital status, sexual orientation, or status as a Vietnam-era, recently separated veteran, Active war time or campaign badge veteran, Armed forces service medal veteran, or disabled veteran. Please contact us at for any complaints, comments and suggestions.
Contact Details :
VIVA USA INC.
3601 Algonquin Road, Suite 425
Rolling Meadows, IL 60008
Title: Audit and Compliance Security Analyst - Remote
Mandatory skills:
standard security concepts, standard security practices, standard security procedures,
customer service, IT audit, security, compliance requirements,
internal control systems, security features governing, IT application, LAN s, physical IT operations, application controls, IT security controls,
audit objectives, audit tasks, audit procedures, audit guide, security audit, IT security strategic, security solutions, shared infrastructure technology,
IT systems, software, web-based applications, information technology controls, IT service-delivery management,
regulatory compliance requirements, assessment processes, security concepts, risk management, investigation techniques, Information Systems Audit, Control Association,
writing technical, management, analysis reports, papers
Description:
Position Summary
The client manages the information technology (IT) assets and uses technology to improve government efficiency and service delivery. The client administers enterprise solutions and consults on technology services for client, local government and educational systems.
This position is responsible for:
Reporting on whether electronic information systems operated and used by the client are effectively managed and controlled
Assessing whether the application and general computer controls are adequate and functioning as intended, especially in the area of privacy and security
Recommending and, as appropriate, assisting in documenting improvements to existing or design-stage information systems to increase efficiency or adequacy of controls
Evaluating the adequacy of policies and procedures related to the effective operation and control of the information systems
Facilitating development of responses to external audit findings and the resolution of IT policy and procedural issues
Ensuring compliance with regulatory and other industry standards for infrastructure services provided by the client.
The position requires 4-7 years of experience, familiar with standard security concepts, practices, and procedures.
Relies on limited experience and judgment to plan and accomplish goals.
A certain degree of creativity and latitude is required.
In addition, this position requires strong communications skills, both verbally and in writing, provides excellent customer service and consulting to internal and external stakeholders, and the ability to work with cross-functional teams.
Goals and Worker Activities:
40% A. Provision of technical guidance on IT audit, security, and compliance requirements
A1. Research, review and keep current on client regulatory compliance requirements and security best practices.
A2. Maintain contacts and productive relations with IT managers and staff as a means of providing assistance with audit and compliance needs and areas of potential risk.
A3. Provide technical guidance, as requested, to department managers in appropriate IT areas, such as development and implementation of internal control systems; development of policies and procedures; establishing benchmarks to measure the effectiveness of an IT application or function; and enhancing security features governing access to applications, IT Infrastructure (e.g., servers, firewall, LAN/WAN, databases, etc.) and physical IT operations.
A4. Identify audit topics that should be considered for audit or limited review, based on indicators of any significant system changes, risks faced by the department and/or possible benefits of conducting such assessments.
A5. Assist client managers in developing responses to audits by external auditors, and in tracking responses to ensure that corrective actions are taken.
A6. Plan and conduct follow-up reviews to determine whether recommendations have been implemented to adequately address the findings.
A7. Focus on IT systems issues, functions or activities when identifying risks facing the department and potential audits issues, such as management controls, applications, IT operations and data management.
A8. Perform research and analysis and provide feedback on physical security of the data centers as requested.
40% B. Administration of the documentation, communication, and assessment of the adequacy of security controls for information systems
B1. Participate in meetings with the client customers to review and understand their requirements as they relate to enterprise security. Develop plans to raise security awareness.
B2. Perform appropriate tests of general IT controls and specific application controls to verify that controls being audited are functioning as intended.
B3. Recommend to management changes that are necessary to improve the design and operating effectiveness IT security controls.
B4. Draft correspondence, finding sheets and audit reports that clearly explain the findings and conditions disclosed during the audit, the basis for the audit conclusions and specific recommendations for corrective action. Participate in discussions related to the IT audit findings and potential recommendations.
B5. Review assessments or Service Organization Controls (SOC) reports of business associates and provide guidance to program areas on how they can use these to monitor the operations that are outsourced.
B6. Develop an audit or limited review work plan detailing specific audit objectives, audit tasks to be performed, the criteria to be used in assessing whether the IT system, function or activity being reviewed is performing effectively, and the timelines for completing planned tasks.
B7. Track, monitor, review IT findings within the audit reports and provide guidance to the client staff, technical infrastructure staff and program areas on risks and remediation plan adequacy.
B8. Meet with the client customers to understand their security requirements and recommend alternatives that relate to the enterprise shared IT Infrastructure systems security strategies.
B9. Participate on enterprise incident response teams working on security related issues.
B10. Investigate security and compliance related issues for the enterprise and the client as requested.
20% C. Performance of information technology security initiatives
C1. Participate on cross-functional teams in needs assessment, design, or implementation projects to address security audit and compliance needs.
C2. Review internal project study requests and project plans for compliance with IT security strategic goals.
C3. Evaluate customer requirements to determine if security solutions meet the client audit and compliance controls. Provide cost-benefit analyses as needed and solicit funding to develop and implement new projects and services.
C4. Provide information technology security expertise to system developers, system administrators, project managers and other IT professionals to ensure adequate security controls in IT systems.
C5. Recommend methods and technologies to improve management of the security infrastructure, its efficiency, and its effectiveness.
Knowledge, Skills and Abilities:
Ability to deliver quality service and maintain positive working relationships with customers.
Ability to function as a team member, including the open sharing of information, and willingness to help wherever needed.
Ability to communicate clearly and effectively to both technical peers and less technical customers in person and via written media such as email, reports, and project charters.
Knowledge of and ability to apply IT service-delivery management best practices and procedures.
Ability to learn quickly; synthesize complex information, identify key points and communicate results accurately and effectively.
Considerable knowledge and skill in standard audit procedures, including preparing an audit guide and identifying the steps taken in conducting the audit.
Considerable knowledge of information technology controls.
Considerable skill and experience in IT systems, software, and web-based applications.
Considerable knowledge of regulatory compliance requirements and assessment processes.
Considerable knowledge of security concepts, risk management and investigation techniques.
Knowledge of practices of the Information Systems Audit and Control Association or any other applicable background for the audit of information systems.
Considerable skill in writing technical, management and analysis reports and papers.
Notes:
Remote
VIVA USA is an equal opportunity employer and is committed to maintaining a professional working environment that is free from discrimination and unlawful harassment. The Management, contractors, and staff of VIVA USA shall respect others without regard to race, sex, religion, age, color, creed, national or ethnic origin, physical, mental or sensory disability, marital status, sexual orientation, or status as a Vietnam-era, recently separated veteran, Active war time or campaign badge veteran, Armed forces service medal veteran, or disabled veteran. Please contact us at for any complaints, comments and suggestions.
Contact Details :
VIVA USA INC.
3601 Algonquin Road, Suite 425
Rolling Meadows, IL 60008