Information Security Auditor
Are you passionate about driving data privacy and confidentiality through an organization? Do you want to work and learn about the Information Security requirements within a global organization with a multi-vertical focus including finance and healthcare? If so, Clarabridge is the place for you. We are seeking an Information Security Auditor to join a highly successful team within a fast paced growth company.
The Information Security Auditor is a multi-faceted person responsible for audit, compliance and privacy activities and may augment and/or perform penetration testing, ensuring administrative, physical and technical safeguards for data protection. Incumbent must possess an excitement for ensuring organizational processes map to policy, regulatory, and industry best practices for data protection and privacy, while showing value to others about this important but often feared organizational imperative. The auditor shall perform internal audits and oversee or assist with handling inquiries from external auditors and assessment, as well as analyzing results and developing remediation reports. Additional duties include reviewing and contributing to defining, authoring, implementing, and modifying security policies and procedures to address regulatory, compliance, security, and privacy requirements, standards (ISO, HIPAA, SOC, etc.) and changes.
What you'll do:
The Information Security Auditor reports to the Director, Information Security and has the following responsibilities:
- Developing and executing audits to find gaps in software, configurations, policies, procedures, and processes.
- Cataloging internal and external audit results and communicating findings, including recommendations, to key stakeholders.
- Applying expertise and contributing to multiple complex activities in support of audits, penetration testing, security operations, applications, platforms, operating systems, corporate policies, and procedures and compliance.
- Developing metrics and reporting key risk indicators.
- Designing and performing IT and infrastructure audits related to information security policy, regulations, governance, and other security-related provisions and best practices.
- Managing and coordinating audit-related activities with internal stakeholders and external auditors, and validating contractual obligations to ensure compliance.
- Actively track and communicate constraints, conflicts, or gaps to existing processes, as well as tracking cross-functional team remediation.
- Monitoring and tracking best practices and emerging compliance changes/impacts for continuous improvement opportunities.
This position requires or prefers the following competencies for this position:
- Bachelor’s degree with at least three years or associate’s with five years of experience preferred. Prefer degree in Information Assurance, Computer Science, Information Security, or other IT/security-related discipline.
- Experience working in Big 4 auditing firm, major financial or healthcare organization and/or Federal Government, conducting internal audits, penetration testing, code review, and engaging with internal and external customers is strongly desirable.
- Experience with ISO, NIST, HITRUST, SOC auditing desired, and PCI helpful.
- Hands-on experience mapping various audit standards (NIST, COBIT, CSA, Federal, etc.) and hands-on auditing of data center operations is required.
- Experience with EU-U.S. Privacy Shield (formerly U.S.-EU Safe Harbor) and other international data protection laws strongly desired.
- CISA required (or must be attainable within one year) and CISSP, CISM, CCSP or other security/audit-related and PMP certifications desired.
- Must have familiarity with systems, networks, and a variety of the security concepts, practices, and procedures.
- Excellent analytical, strong communications, and soft and hard skills, with the ability to speak to a variety of audiences about complex security and business matters.
- Penetration testing and code review experience is also desirable.
- Experience with contracts is required.
- Able to perform and prioritize a variety of tasks and be self-directed.
Meet Some of Clarabridge's Employees
Associate Software Engineer
Eric designs and implements full-stack solutions for Clarabridge’s web application. Each day, his code adds features and functionality to new and existing products and fixes bugs reported by clients.
Back to top