Information Security Auditor
GBR - Remote - Bristol
ForgeRock
Solve any identity use case without breaking legacy systems. Get the ForgeRock identity Platform as-a-Service or push-button deployment to any cloud.About Ping Identity:
At Ping Identity, we believe in making digital experiences both secure and seamless for all users, without compromise. We call this digital freedom. And it's not just something we provide our customers. It's something that inspires our company. People don't come here to join a culture that's built on digital freedom. They come to cultivate it.
Our intelligent, cloud identity platform lets people shop, work, bank, and interact wherever and however they want. Without friction. Without fear.
While protecting digital identities is at the core of our technology, protecting individual identities is at the core of our culture. We champion every identity. One of our core values, Respect Diversity, reminds us to celebrate differences so you are empowered to bring your authentic self to work.
We're headquartered in Denver, Colorado and we have offices and employees around the globe. We serve the largest, most demanding enterprises worldwide, including more than half of the Fortune 100. At Ping Identity, we're changing the way people and businesses think about cybersecurity, digital experiences, and identity and access management.
As an Information Security Auditor, you will manage the internal audit program, including conducting audits, validating controls, working with control owners to understand the controls, tracking remediation, and taking a continuous improvement approach to automating evidence collection and controls testing. You will be focused on improving audit efficiency, including opportunities to automate evidence collection and/or validation. You will create audit reports and work with the data analytics team to track KPIs. In this role, you will also support external audits, including customer audits.
You will:
- Manage the internal audit program that encompasses ISO 270001, ISO 27017, ISO 27018, SOC 2, HIPAA, and ITGC.
- Manage the comprehensive control plan with regular updates and reviews.
- Support external audits, including for ISO 27001, SOC 2, and customer audits.
- Manage the compliance and audit platform, working with system owners to implement automated evidence collection and validation to ease the internal audit lifecycle.
- Collaborate with the Information Security team for continuous improvements for controls and the security program.
- Educate control owners, so they understand what they are being audited against and why.
- Maintain relationships with control and evidence owners to identify evidence pain points and improvement opportunities to make evidence collection more effective.
- Identify and implement improvements for the Information Security team to self-service evidence and testing to alleviate impact on system and control owners.
- Drive automation of evidence collection and validation.
- Define internal testing and sampling based on industry standard methods of testing, population requirements, and sample selection guidelines.
- Evaluate compliance with regulatory and compliance requirements.
- Provide subject matter technical expertise on areas of technical controls testing.
- Develop audit runbooks to ease cross-training and audit preparation.
You have:
- 3+ years of experience with external and/or internal audits against industry standard frameworks, such s ISO 27001 and SOC 2
- Understanding of effective security controls at the systems, network, and application level and how to apply with cloud-based services.
- Experience auditing AWS, GCP, or Azure.
- Experience auditing both cloud services and on prem software solutions.
- Understanding of common security domains and methods of auditing them, including security operations, network security, systems administration, sSDLC, encryption, resilience, response and recovery, asset management, identity and access management, and vulnerability management.
- Experience streamlining evidence requirements to reduce audit impact.
- Knowledge of industry standard control frameworks and guidelines.
- Experience applying risk management principles to security organizations.
You have an advantage if you have:
- Experience with audit and compliance platforms
- Experience managing audits and auditors
Education Requirements:
- Bachelor's Degree in business or computer related field or equivalent experience
- Applicable certifications: CISA, ISO 27001 Lead Auditor, CISM
Life at Ping:
We believe in and facilitate a flexible, collaborative work environment. We’re growing quickly, but remain true to the innovative, can-do startup values that got us here. Most importantly, we keep hiring talented, smart, fun, and genuinely nice people because that’s who we want to succeed with every day.
Here are just a few of the things that make Ping special:
- A company culture that empowers you to do your best work.
- Employee Resource Groups that create a sense of belonging for everyone.
- Regular company and team bonding events.
- Competitive benefits and perks.
- Global volunteering and community initiatives
Our Benefits:
- Generous PTO & Holiday Schedule
- Parental Leave
- Progressive Healthcare Options
- Retirement Programs
- Opportunity for Education Reimbursement
- Commuter Offset (Specific locations)
Ping is the collective sum of all our individual experiences, backgrounds and influences and we pride ourselves in growing and learning together. We are committed to building an inclusive and diverse environment where everyone’s individuality is respected and everyone has an Identity. In recruiting for new colleagues, we welcome the unique contributions you can bring and encourage you to be your best self.
We are an Equal Opportunity/Affirmative Action employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex including sexual orientation and gender identity, national origin, disability, protected Veteran Status, or any other characteristic protected by applicable federal, state, or local law.
* Salary range is an estimate based on our InfoSec / Cybersecurity Salary Index 💰
Tags: Analytics Audits Automation AWS Azure CISA CISM Cloud Compliance Data Analytics Encryption GCP HIPAA IAM ISO 27001 KPIs Network security Risk management SOC SOC 2 Vulnerability management
Perks/benefits: Career development Flex hours Flex vacation Parental leave Startup environment Team events
More jobs like this
Explore more InfoSec / Cybersecurity career opportunities
Find even more open roles in Ethical Hacking, Pen Testing, Security Engineering, Threat Research, Vulnerability Management, Cryptography, Digital Forensics and Cyber Security in general - ordered by popularity of job title or skills, toolset and products used - below.
- Open Information Security Specialist jobs
- Open Ethical hacker / Pentester H/F jobs
- Open Information Systems Security Officer (ISSO) jobs
- Open Principal Security Engineer jobs
- Open Senior Cyber Security Engineer jobs
- Open Cyber Security Architect jobs
- Open Manager Pentest H/F jobs
- Open Cyber Security Specialist jobs
- Open Product Security Engineer jobs
- Open Staff Security Engineer jobs
- Open Cybersecurity Analyst jobs
- Open Chief Information Security Officer jobs
- Open Senior Information Security Analyst jobs
- Open Consultant infrastructure sécurité H/F jobs
- Open Cybersecurity Consultant jobs
- Open Senior Penetration Tester jobs
- Open IT Security Analyst jobs
- Open Consultant SOC / CERT H/F jobs
- Open Security Specialist jobs
- Open Senior Information Security Engineer jobs
- Open Security Researcher jobs
- Open IT Security Engineer jobs
- Open Sr. Security Engineer jobs
- Open Senior Security Architect jobs
- Open Cybersecurity Specialist jobs
- Open Windows-related jobs
- Open CISM-related jobs
- Open Network security-related jobs
- Open Pentesting-related jobs
- Open ISO 27001-related jobs
- Open Agile-related jobs
- Open Application security-related jobs
- Open GCP-related jobs
- Open Vulnerability management-related jobs
- Open Analytics-related jobs
- Open CISA-related jobs
- Open IAM-related jobs
- Open Threat intelligence-related jobs
- Open SaaS-related jobs
- Open APIs-related jobs
- Open Security assessment-related jobs
- Open Java-related jobs
- Open Malware-related jobs
- Open Forensics-related jobs
- Open DevOps-related jobs
- Open Security Clearance-related jobs
- Open IDS-related jobs
- Open CEH-related jobs
- Open EDR-related jobs
- Open Kubernetes-related jobs