WHAT YOU’LL DO
- Audit Planning and Execution:
- Plan and execute comprehensive internal audits of our cloud infrastructure, systems, and processes to assess security controls and compliance with relevant standards and regulations (e.g., ISO 27001, SOC 2, GDPR).
- Evaluate the effectiveness of existing controls and identify areas for improvement to enhance the security posture of our cloud environment.
- Document audit findings, including identified risks, vulnerabilities, and control deficiencies, and communicate them effectively to key stakeholders.
- Technical Cloud Security Expertise:
- Demonstrate advanced knowledge of cloud security principles and best practices, with a focus on AWS.
- Evaluate security configurations, access controls, encryption mechanisms, and network architecture in cloud environments.
- Utilize cloud security tooling and GRC platforms to automate common audit, evidence gathering, and compliance tasks.
- Stay abreast of emerging threats and vulnerabilities in cloud technologies.
- Collaboration and Communication:
- Work closely with cross-functional teams, including IT, DevOps, Engineering, Product Security and etc., to understand and assess cloud security controls.
- Communicate audit findings, risks, and recommendations to key stakeholders in a clear and concise manner.
- Collaborate with internal teams to implement corrective actions and improve security posture based on audit results.
- Drive continuous improvement initiatives to enhance the effectiveness and efficiency of our cloud security controls and processes.
- Documentation and Reporting:
- Prepare detailed audit reports outlining findings, risk assessments, and recommendations for remediation.
- Maintain accurate and up-to-date documentation of audit procedures, methodologies, and results.
- Provide regular status updates to management regarding audit progress and key security metrics.
WHAT YOU’LL BRING
- 8+ years of experience with a minimum of 5 years of experience in IT auditing, with a focus on cloud security.
- Bachelor's degree in fields such as, Information Technology, Computer Science, or equivalent experience.
- Certified Information Systems Auditor (CISA), Certificate in Cloud Auditing Knowledge (CCAK), AWS Foundational Cloud Practitioner or equivalent certification is highly desirable.
- CSSP, AWS foundational or equivalent (program to confirm).
- In-depth knowledge of cloud platforms such as AWS, Azure, or Google Cloud Platform.
- Strong understanding of industry standards and frameworks, including ISO 27001, NIST, and CIS benchmarks.
- Excellent analytical and problem-solving skills, with attention to detail.
- Effective communication skills, both written and verbal.
- Ability to work independently and collaboratively in a fast-paced, dynamic environment.
Pay Range: USD $164,500 - $226,000