Austin, TX
3 to 6 years of Information Systems Security experience required. IT Audit experience and Cybersecurity Certification a big plus. This is not a remote position. Some international travel required. Relocation paid.
The primary function of the ISA is to analyze and report on the effectiveness and adherence to the practices, policies, procedures of the company’s information security risk and audit compliance programs. This role will work closely with IT leadership and representatives across the organization in implementing ongoing improvements to the company’s security and audit posture across a large suite of enterprise systems
Key Responsibilities and Accountabilities
- Work with various members of the organization to document, maintain and analyze compliance with IT controls, standard procedures and policies
- Assist in periodic information risk assessments and audits to ensure that information systems are adequately protected to meet security objectives
- Assist in collecting security-related evidence for external audits
- Provide subject matter expertise during IT security incident response
- Support IT security inquiries from client and customers
- Assist in the review of vendor IT security programs and controls
- Assist in tracking and maintenance of action plans for the resolution of issues identified during assessments and audits. Provide needed assistance with the execution of those remediation plans.
- Respond to incoming requests from external and internal parties for information concerning company’s information security practices
- Ensure authorized access by investigating improper access; revoking access; reporting violations; monitoring information requests by new programming; recommending improvements
- Work closely with IT Leadership to establish computer and physical security by developing standards, policies, and procedures; coordinating with facilities security; recommending improvements
- Promote security awareness by providing orientation, educational programs, and on-going communication
- Advise on risk levels and security posture through risk management framework
- Identify business processes requiring information security Integration
- Support the design and execution of security exercises
- Ensure security policies are aligned with other governing policies
- Particpate on company’s Cyber Security Risk Committee
Key Characteristics, Competences and Skills
- Analytical mindset to be able to make sound recommendations on Operational Risk issues
- Technical knowledge of IT security theory, technologies, policies, and practices.
- Excellent communication, networking, and presentation skills
- Demonstrated ability to effectively negotiate or mediate issues
- Strong written communication and documentation, and analytical reporting skills.
- Moderate to expert use of Microsoft Visio and other Microsoft Office applications
- Experience with information protection, security, risk and compliance related matters
- Has some IT audit experience in gathering artifacts
- Minimal travel; both national & international
- Problem solving and conflict resolution capabilities
- Ability to develop effective working relationships across all levels of business discipline throughout the organization.
Knowledge and Experience
- Strong knowledge of NIST (800-53, CSF) and other information security frameworks helpful
- Strong knowledge of information security processes and tools
- Able to manage multiple priorities and work well under pressure.
- Knowledge of data privacy regulations is a plus.
- Bachelor’s degree in Information Systems, related field or working experience.
- Minimum of 3 years’ experience within Information Security Systems and Administration.
- Preferred (not mandatory) cybersecurity certification (CISSP, CISM, CISA, CompTIA Security+, etc.)