Jobs

Job List

Are you interested in posting a position with us?  Contact us at president@isacasfl.org to add a position here.

Job Posting-------------------------------------------------------------POSTED 05/09/2022


*Position Title:

IT Internal Auditor

*Location:

 100% Remote

*Position Type:

Full-Time

*Compensation:

Negotiable

*Start Date:

ASAP

 

 

*JOB DESCRIPTION

Job Summary:
Evaluates complex information systems and controls including but not limited to applications, business control processes, change control management procedures, security, networks, and computer and data center operations as part of the Company’s SOX IT and SSAE18 compliance activities.  Will conduct audits and provide assessments of operational, financial, and/or systems across all of ACI's divisions and functions to evaluate the adequacy of internal controls and deliver audit reports that add value to the area audited. The auditor must work well within a team to collaborate with clients both internal and external to the organization.

Job Responsibilities:

·          Support the SOX IT and SSAE18 engagements by developing test procedures based upon a scope of work defined by risk assessment, the existing internal control environment, and current specific control issues to be addressed. Executes internal audits within established business process controls, ensuring all audit timelines are met in accordance with schedule. 

 

·          Hold preliminary discussions of apparent deficiencies with operating personnel to verify and obtain explanations of and reasons for each apparent deficiency and document responses.

 

·          Coordinate the process walk through and controls testing; collect and analyze test results against established controls.

 

·          Obtain, analyze, and appraise evidentiary data as a basis for an informed, objective opinion on the adequacy and effectiveness of control systems, efficiency in the performance of activities, and compliance with any applicable laws and regulations

 

·          Perform other duties as assigned.

 

·          Understand and adhere to all corporate policies to include but not limited to the ACI Code of Business Conduct and Ethics.

 

*JOB REQUIREMENTS

Please provide a description of skill sets and other qualification necessary for applicants.

Travel:

Less than 25%

Education:

Bachelor’s Degree and/or equivalent work experience.

Experience:

·          2+ years related experience in IT Audit, Information Tech, or Systems Mgmt

·          Experience with SOX IT and/or SSAE18 engagements

Preferred Experience, Skills & Knowledge

·          Degree in Information Systems Management, Business Management, Accounting, or equivalent preferred.

·          Familiarity with computer-assisted audit tools and techniques (CAATTs); systems used to automate the audit process, i.e. basic office productivity software and more advanced software packages involving statistical analysis and business intelligence software.

Certification:

Ability to obtain at least one of the following certifications within the first year of employment: CISA, CISM, CRISC, CRMA, CISSP, GCIA, CEH, OSCP, CIA

 

 

CONTACT INFORMATION

Job Reference:

Requisition #4878

*Contact Name:

Laura Flynn

*Method:

Email: Laura.Flynn@ACIWORLDWIDE.com

Website:

www.aciworldwide.com

Apply Online

https://ebwg.fa.us2.oraclecloud.com/hcmUI/CandidateExperience/en/sites/CX/requisitions/preview/4878/?keyword=it+auditor&mode=location



Job Posting-------------------------------------------------------------POSTED 05/04/2022

Information Security Auditor

Allentown PA or Sarasota FL | Enterprise Risk Management | Full-time | Fully remote

 

Company Overview:

Andesa Services, Inc is a service and technology company. We are proud to serve the Life Insurance and Annuity industry through custom Software as a Service (SaaS) technology solutions and dedicated business support to end-users such as clients, brokers or policy holders. More information on these services can be found on our website at www.AndesaServices.com.

Andesa was established in 1983 and has locations in Allentown, PA and Sarasota, Fl. We are a 100% employee-owned company via an Employee Stock Ownership Plan (ESOP), which means when you join our team, you will not only become an employee-owner, you will be contributing to and taking part in the success and longevity of the company!

Career Opportunity:

We are currently seeking a driven and eager-to-learn individual to join our team as an Information Security Auditor.  An Information Security Auditor is responsible for the designing, testing, reporting, and maintaining of IT General Controls and Application level controls for Andesa in support of SOC-1/SOC-2/SOC-3 audits and client service level agreements.

 Training Objectives:

  • In the first 30-Days: You will meet with employee-owners across all levels of the organization to better understand your roles and responsibilities with respect to your department, while also gaining insight into the history and culture of Andesa. In your specific role, you will demonstrate proficiency in Microsoft Office, and Atlassian product suite, while gaining an understanding of the SOC and ICQ process, and  the ERMO periodic tasks.
  • In the first 60-Days: You will participate in dissemination and collection of ICQ, review ERMO documents (ISPP, IT Security Governance, Mobile device management) control catalog, and conduct an internal audit.
  • In the first 90-Days: Cultivate professional relationships with ISP Auditors, and Andesa control owners. Participate in developing Quarterly ICQ presentations, client inquiries, and incident reports.

 Primary Job Duties: 

  • Coordinate SOC-1,SOC-2, and SOC-3 reviews with external auditors.
    • Design and execute tests of key IT controls assigned to the Risk Management Office.
    • Assign control activities to “owners” and ensure that they carry out these activities.
    • Educate control owners as appropriate to ensure understanding of controls assigned.
    • Provide a sound basis for the “Management Assertion” in the SOC reports.
    • Respond to client inquires on the SOC2 reports – i.e. testing exceptions, control remediation, etc.
    • Assist external auditors in walk-thru visits of Andesa facilities and in collection of their requested test samples
    • Update SOC report narrative sections each year to ensure it accurately reflects Andesa’s product service offerings
    • Provide a written bridge letter and associated diligence for clients
    • Watermark and distribute the SOC reports to all clients and appropriate third parties
  • Drive the quarterly Internal Control Questionnaire (ICQ) process designed to assess the design and operating effectiveness of existing SOC controls.
    • Provide quarterly report to Senior Staff on the state of IT controls including control deficiencies in need of remediation.
  • Perform annual security training
  • Ensures IT compliance incidents are promptly addressed, documented and resolved; considers implications, makes recommendations and takes appropriate follow-up

 Identify IT controls, assess their design and operational effectiveness, determine risk exposures and develop remediation plans

 Qualifications:

  • Bachelor degree in Auditing, Information Systems or equivalent experience.
  • At least two (2) years relevant work experience (Auditing, IT Controls, etc.) 
  • Appropriate professional certification preferred – e.g., CISA.

 Competencies:

  1. Strong communication skills
  2. Perform security reviews of Andesa’s systems and identify gaps in security architecture
  3. Business Continuity
  4. Review or conduct audits of information technology (IT) programs and projects
  5. Risk Management

 Physical Demands & Work Environment:

  • Physical Demands: While performing the duties of this job, the employee is regularly required to talk or hear. The employee frequently is required to sit/stand for long periods of time; routinely walk; use hands to finger, handle or feel; and reach with hands and arms.
  • Work Environment: This job operates in a professional office environment and routinely uses standard office equipment such as computers, phones, photocopiers, filing cabinets and fax machines. The noise level in the work environment is usually moderate.

 Additional Position Information:

  • Employment Status: This is a full-time (40-hours per week), exempt (salaried) position with benefit eligibility.
  • Work Schedule: Hours for this position shall encompass normal business hours to meet the needs our clients. 
  • Location: This position may report from or to our Allentown or Sarasota office in the office, remotely or on an agreed upon hybrid situation. Close proximity to Allentown is preferred. Some travel required.

Equal Opportunity Employer

  • In accordance with the law and in alignment with our values, Andesa seeks to hire talented individuals with diverse backgrounds and experiences to help us achieve our Andesa Forever vision. We are committed to creating a work environment that is inclusive and respectful to all potential and existing employee-owners. Therefore, we do not hire, fire, discipline, promote or make pay decisions based on characteristics that are protected by applicable laws and regulations. Protected classes may include, age, ancestry, color, family or medical care leave, gender identity or expression, genetic information, marital status, medical condition, national origin, physical or mental disability, political affiliation, protected veteran status, race, religion, pregnancy and/or sexual orientation.


Job Posting-------------------------------------------------------------POSTED 04/04/2022


IT Auditor – Staff Level -CISA required- Remote

ABOUT THE JOB:

Perform internal audits of NCCI Holdings, Inc.  These audits are designed to help the organization accomplish its objectives by bringing a systematic, disciplined approach to evaluate and improve the effectiveness of risk management, control, and governance processes.  The Information Technology (IT) Auditor specifically identifies and reports on moderately complex IT related risks and controls, predominantly of a technical nature, in accordance with the Institute of Internal Auditors (IAA) Professional Practices Framework and the Information Systems Audit and Control Association (ISACA).  Other duties involve non-IT audits, performing special projects, reviews and investigations as directed by area management and the board of directors.

 

WHAT YOU WILL DO IN THIS POSITION:

  • Identifies, evaluates and reports on moderately complex IT related risks, either as they pertain to the business area audited or as self-contained IT functions.  Internal audit projects are generally conducted by an integrated audit team to provide assessment of both business processes and relevant IT objectives.
  • Assesses business risks and evaluates the effectiveness of controls at the network, operating system, database, and application levels
  • Performs non-IT audits and conduct special reviews of NCCI processes to evaluate and improve the effectiveness of risk management, control, and governance processes
  • Monitors select development projects and initiatives to ensure that significant control objectives are accomplished
  • Assists division management in the implementation of audit recommendations

WHAT YOU MUST BRING TO THE POSITION:

  • A Bachelor's degree in Information Systems, Computer Science, Accounting, Finance or other related field, and one (1) year of experience
  • Certified Information Systems Auditor (CISA) designation is required.
  • In-depth knowledge of internal controls, standards of internal auditing as promulgated by the Institute of Internal Auditors (IIA), IT Governance frameworks such as Cobit5, Center for Internet Security, TeamMate experience, Generally Accepted Accounting Principles, and familiarity with internal control procedures gained through experience. 
  • Proficiency in the use of data analysis software such as using SQL queries, ACL, Power BI, as well as general office software, such as word processing, spreadsheets and flowcharting. 
  • Ability to understand security best practices for Windows and Linux operating systems, network communication, database technology (SQL Server, Oracle), web development tools and ecommerce. 
  • Ability to work independently as well as collaboratively with other audit staff.  Be able to represent the department and NCCI in a professional manner to all levels of technical staff and management. Ability to build working relationships with stakeholders without impairing independence.
  • Excellent critical thinking and analytical skills to discern when audit issues are found on assignments and determine how critical the issues are.
  • Good oral and written communication skills. Good interpersonal skills to discuss audit issues and recommendations in a tactful and professional manner. The ability to discuss audit issues with both technical staff and business management.
  • Ability to be flexible and creative in the approach to complete assignments that vary in nature and scope. Ability to quickly develop an organizational understanding and be able to articulate impact of audit issues to the organization. 


WHAT WOULD MAKE YOU A MORE VIABLE CANDIDATE:

  • Master’s Degree in Information Systems/Computer Science, Accounting, Finance, Business Administration, Data Science, or Cyber Security.
  • 1-3 years of experience in public accounting or internal audit. Certified Information Systems Security Professional (CISSP), Certified Information Security Manager (CISM), Certified Internal Auditor (CIA), Certified in Risk Mgmt Assurance (CRMA), Certified Fraud Examiner (CFE), or Certified Public Account (CPA), MariaDB experience or insurance experience

WHO WE ARE:

Since 1923, NCCI has been committed to fostering a healthy workers compensation system. We are the nation’s trusted source for accurate, objective workers compensation information. We are the industry leader. At NCCI, we recognize that our employees are the reason our legacy endures today. We’re motivated by the opportunity to do challenging and interesting work, and our Total Rewards package attracts top talent. Our employees care about each other and the communities in which they live and work. Our values of integrity, respect, quality and excellence, responsibility, and commitment, guide our success.

We require a drug screen and background check. EEO / Smoke free environment


To learn more and apply on-line, visit the NCCI career site: https://jobs.ncci.com/




Job Posting-------------------------------------------------------------POSTED 03/30/2022

Sr. IT Internal Auditor job a Chewy in Dania Beach.

Our Opportunity:

Chewy is looking for a Senior IT Internal Auditor to be based in the Dania Beach, FL office and will report to the Head of IT Audit. This position will be responsible for evaluating and making recommendations to ensure that the control environment adequately safeguards the company's assets, both business and infrastructure related, and ensuring that the electronic information is complete, reliable, and adequately secured. The Sr IT Internal Auditor will also make recommendations to improve the efficiency, security and effectiveness of internal controls and operating processes in the corporate IT department, as well as compliance with government and industry regulations utilizing the industry frameworks. The role requires the person to be able to build good working relationships with process owners and management, communicating effectively and timely, and be able to multitask when required.

What You'll Do:

  • Work in a fast-evolving IT environment and able to keep up with understanding new risks and challenges
  • Independently and proactively helps plan, perform, and report on assigned audit engagements related to Cyber, Privacy, IT SOX and operational audits
  • Perform interviews, conduct fieldwork, and develop audit work papers to support findings and recommendations
  • Evaluate the adequacy and effectiveness of internal controls and compliance with corporate policies and procedures
  • Appropriately plan and execute audits in accordance with the department’s policies and procedures and agile audit framework, including prioritizing work areas, monitoring progress and ensuring a timely review to meet audit objectives within the scheduled time frame
  • Perform risk-based audit testing, root cause analysis, and prepare audit work-papers as per Chewy Internal Audit department and IIA Standards
  • Work with audit leaders to identify technology control risks to improve process effectiveness
  • Support the development of action plans and communicate recommendations to management
  • Communicate with co-workers, management, customers and others in a courteous and professional manner
  • Build and maintain ongoing trusted relationships with key Chewy personnel
  • Consult with the Company's external auditors and provide assistance as needed during the financial and internal control audit processes
  • Execute special projects and process improvements on ad-hoc basis

What You'll Need:

  • BA/BS in Information Systems, Computer Science, Accounting or a related field
  • Experience with Cybersecurity, including working knowledge of security and technology frameworks (i.e. NIST, ISO, COBIT 5)
  • Solid understanding of IT SOX and internal controls
  • Good understanding of IT General Computing Controls, Technology Infrastructures, and/or Business Application design. Knowledge of information technology frameworks and industry best practices
  • Strong process analysis, risk and control identification, and problem-solving skills
  • Strong analytical, project management and organizational skills
  • Ability to work on multiple projects under tight time constraints
  • Ability to deal with imperfect information and ambiguity
  • Ability to network and collaborate cross-functionally
  • Minimum of 3 - 5 years of relevant experience
  • Prior experience with a Big 4 accounting firm preferred, not required
  • CISSP, CISM, CISA or other applicable professional certifications OR certification in-progress
  • Ability to manage and deliver projects within budget, on time and of high quality
  • Preference for a fast-paced environment and the ability to display flexibility and focus under pressure
  • A Team-player and relationship-builder attitude
  • Position may require travel


For more info, or to apply:  https://careers.chewy.com/us/en/job/3967112/Sr-IT-Internal-Auditor

Job Posting-------------------------------------------------------------POSTED 03/20/2022

Candidates can apply directly via our website www.thebreakers.com/careers - Technology Services. Should they require assistance for completing an application or have questions, our HR office can be reached at 561-653-6649 x7000.

The Network Security Manager is responsible for the management of technology security resources including the ongoing monitoring of company network threats and related reporting. Responsibilities include staying informed of emerging threat landscapes, mitigation of system vulnerability, and working with Information Technology teams to implement end-to-end security infrastructure.

Responsibilities will also include, however, not be limited to, the following:
  • Manage compliance reporting for PCI Data Card standards
  • Through collaboration with a qualified security assessor, complete quarterly and annual internal and external vulnerability assessments and penetration testing to assess the security of the network
  • Manage firewall, including spam administration
  • Act as the first responder for SIEM alerts and notifications
  • Execute and report results of phishing campaigns
  • Conduct company-wide security awareness training
  • Assess security technology and in-use programs to make recommendations for improvements
  • Lead incident response training

Requirements:
  • CISSP or CISA Certification
  • Experience with managing security providers and vendor programs
  • Experience with managing vulnerability assessments and performing mitigation of findings
  • Knowledge of enterprise risk management, with understanding of cyber threats and vulnerabilities
  • Proven leadership ability with managing a team consisting of internal and external resources
  • Must be collaborative and possess ability to communicate across a multi-disciplined audience
  • Project management experience preferred

The Breakers is a purpose-driven, family-owned organization that embraces the value of each one of its team members. The well-being of our team, our community, and the environment remain central to our culture as a conscientious corporate citizen. As a certified Great Place To Work® and a 100 Best Workplace for Diversity, we offer a culture of caring, competitive compensation, and a robust benefits package. Looking forward to meeting you!

Job Posting-------------------------------------------------------------POSTED 11/4/2021

Overview

JM Family Enterprises, Inc. is one of the largest, most innovative and diversified companies in the automotive industry. JM Family has been on Fortune Magazine's Best Companies to Work For for 23 consecutive years. What started with Jim Moran's passion for selling cars continues today with the dedication and hard work of every JM Family associate. Our principal businesses focus on vehicle distribution and processing, finance and insurance, retail vehicle sales, and dealer technology services. At JM Family, our mission is to be the premier provider of quality products and services. We accomplish this mission by adhering to our core values, the three C’s, the I and the A: Consideration, Cooperation, Communication, Innovation, and Accountability.

Job Description

JM Family is seeking a Lead IT Auditor at our corporate headquarters in Deerfield Beach, FL. This role is a great opportunity for someone who is an experienced IT auditor. In this role you will execute internal audits for IT and other business units as well as integrated IT/process reviews and consultations. A Lead Auditor must have extensive audit experience with specialized depth and / or breadth of expertise in IT auditing. This position conducts internal audits under the general direction of Internal Audit Management and in compliance with audit standards, schedules, and any related statutes. This position creates work programs and may train and assign work to less experienced team members, reviewing work activities and job performance, and counseling subordinates on the conduct of audit work. A Lead Auditor is recognized by business partners as having specialized expertise and recommends standards and long-term goals for the areas audited, as well as methods to improve the operational efficiency of audits. This position may handle sensitive, unusual or complex audits where a broader knowledge of auditing is required. A Lead Auditor is able to work independently and take a broad perspective to identify solutions, requiring guidance only in the most complex situations. This position may conduct preliminary reviews of audit reports completed by less experienced team members and approves or makes recommendations to management. This position requires a professional with a degree, a professional internal audit or related qualification, and at least 5 years of experience.

 

Under direction of Internal Audit Management, and in accordance with the JM Family Enterprises, Inc. (“JMFE”) Internal Audit Group Charter, Audit Leads will be responsible for Third Line of Defense activities, including the execution of the JMFE audit plan.

 

Responsibilities include, but are not limited to:

  • Regular communication / networking with associates at multiple levels throughout the organization for the purpose of ongoing relationship building to facilitate audit work and continuous risk assessment, monitoring, and information gathering.
  • At the direction of Internal Audit Management, assist in the completion of the risk assessment process.  This includes collaboration with associates in the Second Line and First Line of Defense, conducting interviews, assessing risks identified, and helping develop and present the annual audit plan to Senior Management.
  • Planning and conducting audits as assigned by Internal Audit Management and according to internal audit procedures. This includes:
    • Maintaining independence and objectivity as described in the JMFE Internal Audit Group Charter in order to be able to evaluate the effectiveness of governance, risk management and control processes.
    • Leading and coordinating assigned audits and/or projects to ensure timely completion.
    • Executing audit planning based on audit objectives. Gather information to identify high/critical risks. Document walk-through procedures and identify key controls and control gaps in either a flowchart or narrative form as appropriate.  Develop and present the Risk and Controls Matrix (“RCM”) to Internal Audit Management to facilitate testing.
    • Conducting Fieldwork procedures as guided by the RCM. This will include determining the population and sample size for testing and creating test attributes to determine if controls are operating and functioning as designed.
    • Documenting test work, audit findings, and conclusions with associated business risks and making recommendations to enhance internal controls and/or identify opportunities for improved efficiencies.
    • Presenting audit findings and recommendations to all levels of management.
    • Obtaining responses to the audit findings and ensuring the responses address the identified control/process deficiencies.
    • Preparing audit reports and other management communications (e.g., Audit Committee presentation slides) that summarize and rank the audit findings and recommendations as well as associated business risks.
  • Perform periodic follow-up on audit findings with the business to ensure that all management action plans have been completed timely.
  • Build effective working relationships with co-source partners when assigned to co-sourced engagements. This includes acting as the liaison between the co-source partner and business area auditee, assisting in scheduling meetings with the auditee and ensuring that co-source partners receive adequate cooperation and information from the business for them to perform their audit in a timely manner. In addition, meeting periodically with co-source partner to discuss progress, updating Internal Audit Management and assisting in review of the final audit report or other deliverables.  Ensure established vendor management procedures for the department are followed.
  • Ability to prioritize and work on multiple concurrent audits and projects as requested.
  • Complete administrative responsibilities as requested or assigned by Internal Audit Management (e.g., time reporting, system user access reviews, records retention activities).

Competencies of a Lead Auditor:

  • In addition to the tasks listed above, a Lead Auditor is expected to exhibit the competencies of a professional auditor outlined in the IIA’s Global Internal Audit Competency Framework.  These competencies encompass personal skills such as, communication, critical thinking, persuasion and collaboration, as well as technical expertise, including those highlighted by the IIA Professional Practices Framework such as: business acumen, governance, risks and control.   

Job Requirements

About You:

  • Bachelor’s degree in Computer Information Systems, Accounting, or similar major preferred.  Master’s degree a plus.
  • Active CISA required as well as CPA, CIA or related certification preferred.
  • Minimum five years of IT auditing in public accounting, internal audit, or equivalent work experience required.
  • Demonstrated knowledge of the audit field, and a broad expertise in information technology auditing, including the areas of application controls, asset management, change management, data privacy, data protection, disaster recovery and business continuity, logical security, network security, and vulnerability management.
  • Understanding of the COBIT, NIST, COSO, and/or COSO ERM frameworks.
  • Knowledge of key IT risks, controls, and ability to use technology-based audit techniques. Demonstrated knowledge of project management skills.
  • Strong process analysis, risk and control identification and problem-solving skills
  • Excellent computer skills with emphasis on Microsoft Excel, Word, Power Point, Visio and ACL. Experience with TeamMate or other audit management systems a plus.
  • Experience with data analytics, including related software applications, such as ACL or Power BI, is a plus.
  • Self-motivated with strong leadership skills and ability to make decisions independently.
  • Ability to work both independently and as part of a team.
  • Professional demeanor and ability to work effectively with all levels of management and maintain strict confidentiality.
  • Must possess strong analytical abilities as well as strong verbal and written communication skills.
  • Ability to travel when required.


Job Posting-------------------------------------------------------------POSTED 08/17/2021

 

Principal Engineer - Cloud Security Technology Operations - Telecommute

 

Cloud Professionals - don't miss this opportunity to join U.S. Bank and WFH; apply at the link provided below!

Be part of something big, a place where you're challenged to be your best. 

Where integrity matters and success inspires, where great people collaborate, innovate, and give back. 

Where you feel included, valued, and proud. 

Apply now at:
https://lnkd.in/eZb93gm6
 
#cybersecurity #cloudsecurity #Cloud #usbank #usbanklife #careers #security #cloud #opportunity2021 #WFH



Job Posting-------------------------------------------------------------POSTED 07/26/2021

Greenberg Traurig, a global law firm, currently has excellent full-time employment opportunities for IT Risk and Compliance Analyst in our Doral, Phoenix, Austin, Salt Lake City, Miami, Dallas, Tallahassee and Atlanta offices.  We offer competitive compensation and an excellent benefits package.

Position Summary:

The IT Risk and Compliance Analyst will provide administrative and technical assistance in the ongoing design, development, and management of the firms’ Information Security Program. This position will primarily assist in developing, monitoring, and enforcing information security practices and controls to ensure information and computing assets are kept secure from unauthorized access and inappropriate alteration.

Duties & Responsibilities:

  • Complete vendor risk assessments submitted to GT by clients and prospective clients.
  • Respond to client Requests for Proposals (RFPs) and questionnaires related to security.
  • Perform information security due diligence on third party vendors to determine the effectiveness of their controls to protect the firm’s data, identify any discrepancies and escalate all issues to management.
  • Develop, implement, assign, and monitor third party vendor assessments
  • Execute and document assessment activities following established processes and procedures.
  • Perform third party online reviews to assess their current information security posture and practices.
  • Improve existing questionnaire response process
  • Keep abreast of regulatory and compliance related information to enhance the third-party due diligence program.
  • Collaborate with team members to create and update documents and presentations that can be used to inform internal employees, external auditors or internal auditors about the Firm’s Information Security third party program.
  • Contribute to the continuous improvement, including automation where possible, of all aspects of the Information Security Program based on expert knowledge, industry best practices, business objectives and risk tolerance, keeping the program relevant and in alignment with the business objectives.
  • Provide threat notification to third party vendors
  • Track vendor mitigation progress of identified threats
  • Assist in development, implementation, monitoring and support of access control, data confidentiality, system integrity, system reliability, system audit and recovery controls.
  • Coordinate, execute, and provide support with Information Security & Business projects.
  • Develop and update security policies, procedures, and best practices.
  • Assist in the management & monitoring of the firm’s Information Security Program.
  • Collaborate with other departments to resolve security related issues and incidents.
  • Collaborate with other business units to ensure compliance to standards and policies.
  • Perform penetration tests, application & vulnerability assessment scans.
  • Actively participate in outside Information Security communities.
  • Conduct security research and knowledge of current security events in order to keep abreast of latest issues.
  • Assist in the development, management & maintenance of the Information Security Awareness Program.
  • Identify Information Security & Business Continuity risks to senior management & make recommendations for corrective actions/mitigation of risks.
  • Perform other related duties as required / assigned.

Skills & Competencies:

  • Understanding of information security (IS) concepts, IT, information security awareness and third-party risk management processes, methodologies, and practices.
  • Proficient knowledge of third-party related regulatory policies.
  • Experience working with compliance issues dealing with sensitive data preferred.
  • Working knowledge of operating systems, web applications, penetration testing, anti-spam solutions, web content filtering solutions, threat analysis, risk, and vulnerabilities.
  • Ability to use the following security systems: vulnerability scanners, data loss prevention (DLP), and log management tools.
  • Working knowledge of core security concepts such as encryption, DLP, patch management, configuration management, vendor risk management, and vulnerability assessments.
  • Ability to investigate security incidents using all available tools, logs, and coordination with various IT groups.
  • Demonstrate strong customer service skills to ensure a smooth data collection experience for both our customers and our internal business unit partners
  • Excellent written & verbal communication skills.
  • Must be available in an on-call status 365/24/7.
  • Must be able to work independently without direct supervision at times.
  • Must be able to take own initiative.

Qualifications & Prior Experience:

  • Bachelor’s degree in information security related field required; or 3+ years of work experience in relevant information security position in lieu of degree.
  • 1-3 years of experience in implementing and/or supporting IT risk management processes.
  • 1-3 years of experience in responding to vendor risk assessments submitted
  • 1-2 years of experience with DLP and SIEM systems
  • Knowledge of risk assessment/management tools
  • Multi-year experience in Information Security
  • IT security related certificates (e.g. Security+, CRISC, CISA, CRCP, SSCP/CISSP) preferred



Job Posting-------------------------------------------------------------POSTED 06/21/2021


IT Security Architect

As a senior member of Information Security team this enterprise-wide role is integral in defining and assessing the organization's security strategy, architecture and practices. The enterprise security architect will be required to effectively translate business objectives and risk management strategies into specific security processes enabled by security technologies and services, evaluate and incorporate emerging technologies and evaluate changes to the threat landscapes. Interacts with senior leaders across the enterprise and acts as a trusted senior advisor. 

  • Develop and maintain a security architecture process that enables the enterprise to develop and implement security solutions and capabilities that are clearly aligned with business, technology and threat drivers
  • Validate IT infrastructure and other reference architectures for security best practices and recommend changes to enhance security and reduce risks, where applicable
  • • Develop security strategy plans and roadmaps based on sound enterprise architecture practices
  • Develop and maintain security architecture artifacts (e.g., models, templates, standards and procedures) that can be used to leverage security capabilities in projects and operations
  • Track developments and changes in the digital business and threat environments to ensure that they're adequately addressed in security strategy plans and architecture artifacts
  • Participate in application and infrastructure projects to provide security-planning advice
  • Assist in the development of security technology standards and patterns that will be utilized within the environment
  • Validate security configurations and access to security infrastructure tools, including firewalls, IPSs, WAFs and anti-malware/endpoint protection
  • Review network segmentation to ensure least privilege for network access
  • Liaise with the Third Party Risk Management (TPRM) team to conduct security assessments of existing and prospective vendors
  • Liaise with the IT Security GRC team to review and evaluate the design and operational effectiveness of security-related controls
  • Support the testing and validation of internal security controls
  • Review security technologies, tools and services, and make recommendations to the broader security team for their use, based on security, financial and operational metrics

Education:


  • A minimum of 7-10 years of experience in a related field or equivalent experience in the
  • Strong oral and presentation skills
  • In-depth knowledge of cybersecurity frameworks  including  but  not  limited to NIST CF, HITRUST CSF, ISO 27001
  • Strong knowledge of laws and regulations including but not limited to PCI­ DSS, HIPAA-HITECH
  • Experience in using architecture methodologies such as SABSA, Zachman, or TOGAF
  • Direct, hands-on experience or strong working knowledge of managing security infrastructure g., firewalls, intrusion prevention systems (IPSs), web application firewalls (>NAFs), endpoint protection, SIEM and log management technology
  • Strong working knowledge of vulnerability management practices and tool
  • Direct experience designing 1AM technologies and services such as AD, LDAP, and/or AWS 1AM
  • Strong working knowledge of IT service management- lTIL related services

- Change management, Configuration management, Asset management, · Incident management, Problem management, etc.

  • Experience designing and securing applications and infrastructures in cloud environments such as AWS and/or Azure
  • Bachelor's degree in Computer Science or related field or equivalent experience required
  • Multiple certifications preferred

Marlene Eskenazie
Founder - Executive Recruiter

ETC Search, Inc.
1160 Third Avenue
Suite 10H
New York, NY 10065
Tel: 212-371-3880
marlene@etcsearch.com



Job Posting-------------------------------------------------------------POSTED 05/12/2021

Royal Caribbean Group is in search of a Lead, IS Risk Assessments within the GIS department to supervise the evaluation and management of risk involving systems and applications.

The goal of the IS Risk Assessment program is to create and manage an automated, auditable, repeatable, and demonstrable program to manage information security risk to Royal Caribbean Group information assets.

This position assesses the risk of the group's applications and systems using structured interview processes, questionnaires, and review of security, compliance, and data protection documentation.

Essential Duties and Responsibilities:

  • Supervise the IS risk assessment program intake, assessment, remediation, and risk treatment processes
  • Create and introduce advanced processes and methodologies of IS risk assessments
  • Improve IS risk management processes based on changing requirements.
  • Lead discussions on the history and future perspective of IS risk assessment programs
  • Lead the establishment of organizational IS risk management policies.
  • Analyze application and system controls, documentation, and settings to identify information security risks to RCG
  • Predict security issues and their potential impact on customer operations.
  • Ensure potential information security and regulatory compliance risks (such as Sarbanes-Oxley (SOX), Payment Card Industry Data Security Standard (PCI-DSS), etc.) associated with systems and applications are examined thoroughly, documented, communicated, treated, and monitored
  • Create enterprise-wide systems and practices for securing information
  • Collaborate with RCG business sponsors, technology departments, and third parties (where applicable) to communicate requirements, initiate, conduct, and complete risk assessments in a timely manner
  • Interact and collaborate with key personnel in various departments including, but not limited to, Procurement, technology departments, Legal, Crisis Management, Compliance and Ethics, Human Resources, Internal Audit, etc
  • Manage and assist in developing and onboarding IS risk assessment tools, templates, and associated processes to provide transparent reporting on activities and portfolio management.
  • Participate in established project management office (PMO) protocols to integrate IS risk assessment requirements (initiation, planning, analysis, design, build, test, deploy, closeout, etc.)
  • Performance of other duties and responsibilities as assigned

Qualifications, Knowledge, and Skills:

  • Bachelor's in IT / IS, Computer Science, or related discipline is preferred. Non-technical degrees with Computer Science fundamentals will be considered combined with technology experience
  • At least one Information Security certification such as Certified in Risk and Information Systems Control (CRISC), Certified Information Systems Auditor (CISA), Certified Information Systems Security Professional (CISSP), etc. required
  • 5 years of IT / IS Risk experience
  • Demonstrated experience in performing audit / compliance assessments.
  • Experience with internal project consulting to provide compliance and security requirements and guidance
  • Significant experience in SOX, PCI-DSS, Global Data Protection Regulation (GDPR), Health Insurance Portability and Accountability Act (HIPAA) and other regulatory compliance requirements and controls
  • Superior written and verbal communication skills required
  • Display sound judgement with a high level of integrity, ethics, and ability to calmly, diplomatically, and effectively handle stressful situations.
  • Ability to formulate and communicate exceptions / findings and technical solutions
  • Proven ability to collaborate with technical and business peers.
  • Demonstrate a degree of creativity with strong, analytical problem-solving skills
  • Self-starter able to perform assessments with minimal guidance.
  • Strong with methodologies, tools, best practices and processes related to IS risk assessments
  • Ability to work in a fast-paced environment with multiple active projects at one time
  • Exceptional work ethic and organization skills with a detail oriented approach
  • Excellent verbal, presentation, and written communication skills for both technical and non-technical audiences
  • High familiarity with ISO27001/2, NIST, FISMA, PCI-DSS, and other industry standards and frameworks
  • Fast-paced, fluid, open, and innovative work environment.
  • Requires flexibility and exceptional interpersonal relationship skills.
  • Requires up to 20% local travel to meet with internal and/or external RCG business partners.
  • Requires up to 10% international travel to RCG internal offices and/or RCG ships.

Apply today:  https://www.linkedin.com/jobs/view/2494258844/?refId=0H1O4LNvRJy7kTG5kvi1NA%3D%3D


Job Posting-------------------------------------------------------------POSTED 05/12/2021


The Florida Department of Transportation’s Office of Inspector General is looking for a talented professional to join our team in Tallahassee.  This position will be reporting to the Performance and Information Technology Audit unit. 

 

 

As the Sr IT Auditor, your responsibilities will include: 

 

  • Coordinates and conducts audits (primarily information technology related), special projects, and reviews of department operations, programs and controls, in compliance with professional and office standards, to promote accountability, integrity and process improvement in the department.  Conducts reviews regarding the management of information technology as well as the technical and functional adequacy of information systems specifications, operations, controls and security in compliance with professional and office standards.  Develops assignment scopes, methodologies, and audit programs.  Prepares, researches and designs evaluations of programs, systems, controls, policies, procedures and other functions using audit and analytical techniques.  Analyzes supporting evidence, draws logical conclusions and develops appropriate findings and recommendations.  When assigned as team leader by the supervisor, organizes and facilitates the work of other team members to ensure the successful completion of the assignment. Also, mentor and help train new audit staff.

 

  • Prepares thorough, complete and accurate documentation of work performed.   Prepares oral and written briefings.  Prepares draft and final reports. 

 

  • Coordinates and conducts defensible data acquisition and analysis using appropriate evidence and computer forensic techniques. Analyzes supporting evidence, draws logical conclusions and develops appropriate findings and recommendations.

 

  • Maintains knowledge and proficiency in information system technology and techniques.

 

  • Performs procedure reviews.

 

(The link below outlines additional duties and responsibilities)

 

Position Summary

Position: Sr IT Auditor (Computer Audit Analyst- SES)

Anticipated Annual Hiring Salary: $60,770.06

Closing Date: 05/19/2021

Location: Tallahassee, FL

 

 

Select the link below to see the complete job posting and to apply:

Position 55000743  Sr IT Auditor – Performance and Information Technology Section

 

To learn more about the FDOT OIG:

http://www.fdot.gov/ig/



Job Posting-------------------------------------------------------------POSTED 05/12/2021


Varonis, a global leader in data security software is looking to hire a Sales Engineer in South Florida. Applicants should visit https://info.varonis.com/careers?p=job/omYdffww to apply.

 

Summary

The Sales Engineer is responsible for assisting a Sales Representative and Partners with the technical sales activities in net-new and pre-existing opportunities.

 

The Varonis Sales Engineer will be aligned with a local Sales Representative. The goal will be to deliver the technical value of the Varonis product to the end-user. As a team, the goal will be to build a strong business justification to the end-user, while ensuring that the given annual quota is met/exceeded.

 

Responsibilities

  • Understand customer requirements and integrate Varonis solutions into the customers’ environment.
  • Deliver sales presentations, present technical information about Varonis’ products and services, and conduct product demonstrations.
  • Manage all phases of product evaluations including installations, presenting at seminars, responding to RFP’s and RFI’s and the technical development of Varonis Partners.
  • Ability to work independently and team collaboratively in a fast-paced environment.
  • Ability to articulate the importance of Data Governance and evangelize Varonis as the leader in the Data Governance market to end-users of all levels.
  • Percent of travel varies by territory.

 

Requirements

  • Bachelor’s Degree or equivalent from a four-year College or Technical School AND 3-5 years of experience in a customer facing role OR equivalent combination or education and experience.
  • Strong written, oral, and presentation skills.
  • Ability to discuss highly technical concepts to all audiences, ranging from non-technical to executive level technical decision makers.
  • Extensive knowledge of Active Directory and related Directory services.
  • Extensive knowledge of Windows and Unix File systems.
  • Exposure to security hardware and software.
  • Exposure to Microsoft O365/Exchange and cloud platforms preferably in a systems administration role.
  • MCSE, MCP Microsoft Certifications are preferred.

 

Competencies

To perform this job successfully, an individual should demonstrate the following competencies:

  • Analytical: Collects and researches data; designs workflows and procedures; identifies data relationships and dependencies; synthesizes complex or diverse information; uses intuition and experience to complement data.
  • Technical Skills: Assesses own strengths and weaknesses; strives to continuously build knowledge and skills; shares expertise with others.
  • Sense of Urgency: Displays a matter of utmost urgency; understands the importance of making critical business decision in a timely manner with strong attention to detail; realization that efficiency and prioritization is critical to success.
  • Customer Service: Manages difficult or emotional customer situations; meets commitments; responds promptly to customer needs; solicits customer feedback to improve service.
  • Problem Solving: Identifies and resolves problems in a timely manner; gathers and analyzes information skillfully; develops alternative solutions.
  • Written Communications: Edits work for spelling and grammar; presents numerical data effectively; varies writing style to meet needs; writes clearly and informatively.
  • Oral Communication: Demonstrates group presentation skills; listens and gets clarification; responds well to questions; speaks clearly and persuasively.
  • Adaptability: Adapts to changes in the work environment; manages competing demands; changes approach or method to best fit the situation; able to deal with frequent change, delays, or unexpected events.
  • Planning/Organizing: Prioritizes and plans work activities; uses time efficiently; plans for additional resources; sets goals and objectives; develops realistic action plans.