Stetson Cybergroup

IT Auditor

Location: Hauppauge, NY

Job Description

The Stetson Cybergroup is a team of IT industry veterans who have dedicated our attention to one of the most important aspects of IT support needed today—cyber security. Because we are far from new to the IT field, we are aware of the risks businesses face and fully understand what is at stake.

We are building our Audit team and we are looking to add an IT Auditor to our team. Our Audit team works with our clients to make a more risk-aware, effective IT organization that can deliver transformational business change and meet regulatory compliance requirements.

Reporting to the Director of Audit, the IT Auditor will be responsible for assisting with the execution of various engagement objectives within assigned areas. The ideal candidate is a team player who exhibits initiative, accepts responsibility, communicates effectively, and manages multiple concurrent assignments of varying sizes and complexity. The IT Auditor enjoys flexibility, meaningful and diverse client work, and a supportive and innovative work environment.

Essential Duties and Responsibilities:
  • Conduct IT and cybersecurity audits and investigations of complex information technology including evaluating whether security vulnerabilities are properly identified and mitigated,
  • Perform information control reviews to include system development standards, operating procedures, system security, programming controls, communication controls, backup and disaster recovery, and system maintenance,
  • Perform reviews of internal control procedures and security for systems under development and/or enhancements to current systems,
  • Prepare and examine technical assessment findings and assisting in the development of IT and cybersecurity audit plans and programs,
  • Conduct operational, compliance, financial and investigative audits, as assigned,
  • Conduct fieldwork to gather and/or verify information and ensure all procedures and testing necessary to meet audit objectives,
  • Conduct tests of internal controls for audits and investigations of IT, cybersecurity, telecommunications, and other technical services related projects,
  • Prepare audit finding memos and recommendations, and working papers to ensure that adequate documentation exists to support the completed audit and conclusions,
  • Prepare and present written and oral reports and other technical information in a pertinent, concise, and accurate manner for distribution to management and clients,
  • Follows up on audit recommendations to ensure that corrective action(s) are taken,
  • Develop and implement tools to analyze data and improve audit efficiency and effectiveness,
  • Maintains currency of knowledge with respect to relevant state-of-the-art technology, equipment, and/or systems,
  • Perform miscellaneous job-related duties as assigned and understanding of business and system processes,
  • Work effectively as part of a team atmosphere, or individually when required, to perform duties and achieve daily operational goals.

Minimum Qualifications
Any combination of the following:
  • Bachelor’s degree, from an accredited college including or supplemented by twenty-four (24) semester credits in cybersecurity, network security, computer science, computer programming, computer engineering, information technology, information science, information systems management, network administration, or a pertinent scientific, technical or related area; and/or
  • Two (2) years of experience as an IT Auditor; and/or
  • Professional designation in, or ability to begin or complete a program to achieve, one or more of the following certifications:
                 o Certified Information Systems Auditor (CISA)
o Certified Information Systems Security Professional (CISSP)
o Certified in Risk and Information Systems Control (CRISC)
o Certified in the Governance of Enterprise IT (CGEIT)
o CSX® Cybersecurity Practitioner Certification (CSX-P)
o Certified Information Security Manager (CISM)
o CompTIA Security+
o Certified Internal Auditor (CIA)

Preferred Skill
  • Working knowledge of cybersecurity frameworks including the National Institute of Standards and Technology Cybersecurity Framework (NIST-CSF) and Center for Internet Security controls (CIS), COBIT, PCI-DSS, HIPAA, Sarbanes-Oxley PII, ITIL, ISO 27001 and 27002, COSO principles or other information security frameworks,
  • Knowledge of the current cyber threat landscape, with a specific focus on the technical aspects of adversarial Tactics, Techniques and Procedures (TTPs) and their relation to the cyber kill chain and other analytical models,
  • Knowledge of laws, regulations, policies, and ethics as they relate to cybersecurity and information privacy,
  • Experience with IT audits, assessment of IT risks and controls, information security and cybersecurity, systems implementation, and systems architecture,
  • Knowledge of IT controls and evaluating the design and operating effectiveness of controls,
  • Knowledge of Cloud Environments and Supply Chain Vendors,
  • Understanding of IT departments, applications, system infrastructure, network layer, and security,
  • Proficiency in basic PC applications (MS Excel, Word, PowerPoint, and Visio), and Microsoft Networking including Active Directory and Group Policy,
  • Developed interpersonal and written communications skills, including the ability to communicate effectively with both technical and non-technical audiences.

    For consideration, kindly send your resume to Chelsea Perruso (