Cyber Security Auditor

Job Title: Cyber security Auditors
Experience 5-10 Years.
Location:  New York, NY 10036 

• Conduct technology audits, in addition to focused areas of cybersecurity such as digital forensics, threat intelligence or penetration testing as well as more general IT process reviews within cybersecurity. 
• Provide security requirements during planning sessions, functional and technical requirement sessions, user story creation and grooming, and technical design based on identified risks.
• Determine if any compensating controls are necessary due to inability to comply with the primary control requirements
• Participate in all aspects of audit activities including risk assessments, planning, testing, control evaluation, work paper documentation, report drafting, issue clearance with cybersecurity and access management stakeholders, and follow-up/verification of issue closure
• Performing vulnerability and/or penetration tests on clients’ environment
• Complete, present to Security management, and business sponsors a risk assessment evaluation articulating risk and impact analysis when security controls cannot be met by an initiative to ensure transparency and appropriate level of acceptance.
• Designing and executing risk-based audit programs, in order to assess the design and effectiveness of key technology and/or security controls for critical systems and processes.
• Identifying areas for improvement and control gaps, and evaluating their significance and potential business impact.
• Presenting practical, informed and concise recommendations to senior leaders, developing action plans and preparing written audit reports to document findings.
• Collaborating with and educating process owners of the importance of a strong system of internal controls.

 Skills:

• Solid understanding of enterprise cyber security with experience of designing, operating or managing security solutions and controls within a complex global network. 
• Considerable knowledge and understanding of common cyber security technology tools such as firewalls, IDPS, DLP, Network access control, DDOS Mitigation, Anti-Malware, Anti-Virus, encryption and authentication. 
• A robust understanding of IT and Information Security risk mitigation control processes such as vulnerability and threat management, patch management, penetration testing / red teaming / cyber-attack simulation. 
• Knowledge of industry standards/regulations (ISO, NIST, PCI-DSS, PSD2, GDPR, NIS). 
  Experience of managing cyber, IT or Information Security controls.
• Hands on Experience with technology infrastructure risk and controls, including administration of Network, O/S (Windows or Linux/Unix), Cloud, Database, Mainframe, and/or Middleware security control reviews 
• Knowledge of information security controls, infrastructure technology, technology governance and assessments, ethical hacking / cyber security tools and toolsets e.g. Qualys, Kali, Backtrack, Net hunter, Bloodhound etc.