Job responsibilities:
- Contribute to the governance of Aumni’s Information Security Management System (ISMS) to comply with SOC 2, ISO 27001 and legal requirements
- Facilitate external audit walkthroughs and evidence gathering
- Support risk management (identification, treatment & monitoring)
- Help manage our internally-developed, semi-automated scheduled security controls system
- Support and educate Aumni control owners in the completion and proper execution of controls
- Respond to Customer Security Questionnaires based on an acquired, thorough understanding of Aumni’s ISMS
- Propose ways to improve our information security and compliance programs
- Ensure recognition is given for security-conscious employees for our Security Ambassadors program
- Review third-parties for vendor security due diligence
Required qualification, capabilities and skills:
- 2+ years in a Technology GRC or IT Auditor role
- Familiarity with at least 1 information security framework (SOC 2, ISO 27001, NIST, etc.)
- A desire to continuously learn and thoroughly understand information security and technology concepts
- An understanding of the software development lifecycle
Preferred qualifications, capabilities and skills:
- Experience with the Big 4 (or similar)
- Intermediate to advanced Excel skills
- Security or IT Audit related certification (e.g., CISA, CISSP, CITP, CCSA)
- Basic coding/dev skills
- Basic understanding of Venture Capital