A Compliance & Cybersecurity Auditor that will work with clients for various types of assessments, program development, user awareness, knowledge of information security, compliance, and privacy industry practices and requirements. Ability to work independently or with a team to complete engagements defined by client goals.
The person that takes this role will first and foremost deeply understand information protection, compliance, and privacy requirements while maintaining client satisfaction, lead and participate in projects through the whole project life cycle and deliver on time, and possess strong communication skills with clients and other team members. There are no rock stars or ninjas on our team, we collaborate together to be the best we can collectively be at assisting clients with their information protection, privacy, and compliance objectives
- Plan and execute full life cycle assessments. This includes project scoping, resource assignment recommendations, some RFP/SoW work, performing the penetration test, communicating progress with clients, writing professional quality reports, presenting findings to executive and technical audiences.
- Effective communication. Writing and presenting are a large part of professional penetration testing. Senior penetration testers are expected to excel at communicating with client audiences (executive and technical audiences) and be a good communicator within the team while collaborating on projects.
- Inspect and evaluate information systems, management procedures and security controls, and physical environment
- Evaluate the efficiency, effectiveness and compliance of operation processes with corporate security policies and related government regulations
- Develop and administer risk-focused assessments for IT systems
- Execute and properly document the audit process on a variety of computing environments and computer applications
- Assess the exposures resulting from ineffective or missing control practices
- Accurately interpret audit results against defined criteria
- Weigh the relevancy, accuracy and perspective of conclusions against audit evidence
- Provide a written and verbal report of audit findings
- Develop rigorous best practice recommendations to improve security on all levels
- Work with management to ensure security recommendations comply with company procedure
- Collaborate with departments to improve security compliance, manage risk and bolster effectiveness
- Ability to train/mentor others in information protection, privacy, audit and compliance techniques and awareness
- Interface with clients and staff with professionalism and an overall positive attitude. A variety of problems will arise and will be dealt with, but senior staff will pro-actively construct solutions. Negative demeanors are not a fit with the team.
- CISSP, CISM, CISA, GSNA, IRCA ISMS Auditor, IIA CIA, or Certified ISO 27001 Lead Implementer required. One audit and one security certification better option
- Ability to occasionally travel. Our team’s work load is predominately remote but for occasional onsite requirements senior staff needs to be able to travel to client locations and maintain a good image for the company and team
- Exceptional assessment and analytical abilities
- Senior level experience with enterprise information protection, audit, compliance, and privacy. Must be strong at working independently and self-motivation
- Knowledge of network equipment, various operating systems, security and IT support software
- Rich experience in speaking and working with clients remote and onsite
- Capable of managing multiple projects at once
- Great written and verbal communication
- Comfortable with online collaboration-based workflow. Encrypted chat is used to collaborate with remote colleagues and reports are written as a group in many cases
- General discretion and mature information protection, compliance, audit, and privacy practices are expected
- Understand and review technical configurations
- Ability to perform user awareness training
- Ability to pass a criminal background check
- Competitive salary
- 401k plan
- Full medical and dental benefits
- Performance based bonus
- Full remote, if desired, or work in our NYC headquarters office
- Work on great projects. CipherTechs has fascinating clients and projects that unfortunately cannot be discussed here but our plate is always full of interesting projects.
- Work for a great company. CipherTechs’ headquarters is two blocks from the NY Stock Exchange, and we host a lot of client and company events. We engage and form friendships with clients and helps build long lasting business relationships. CipherTechs founders are very technical and listen to engineering teams. Collaborate with the Blue Team, Red Team, and DFIR. CipherTechs’ sales team sells a lot of different security products so our lab always has interesting things to attack, evade, and build play books against.
- Mobile or Internet expense reimbursement
- Maintain ownership of any published code (your GitHub account belongs to you)
- On-going training and infosec conference opportunities
- Opportunity to speak at CipherTechs technical events and infosec conferences