Principal Information Security Auditor (IT Auditor)
Remote CA - R1
Full Time Senior-level / Expert USD 80K - 135K
VSP Vision
Develops IT, cybersecurity, and privacy audit programs and special consulting projects, leads audit testing and CAP reviews, and delivers audit reports to audit management
Lead and/or participate in complex information technology audits of IT areas to assess the adequacy of internal controls and compliance with Company and departmental goals, objectives, and standards
Perform and document audit activities utilizing a comprehensive audit approach (policies, procedures, processes, controls, and measures) to address financial, compliance, IT, and operational risks in accordance with professional standards
Researches and interprets governmental laws, regulations, and compliance requirements for review
Job Specifications
Typically has the following skills or abilities:
Bachelor's degree in management information system or computer science or engineering, or related field or equivalent experience
6 years of hands-on technical information security/privacy experience
One existing certification (or equivalent) from each of the following categories, which must be currently maintained and valid
General Audit Certification: Certified Information Systems Auditor (CISA), Certified Internal Auditor (CIA), Certified Fraud Examiner (CFE)
IT Audit Certification: Information Technology Infrastructure Library (ITIL), Certified Information Systems Auditor (CISA), Certified in Risk and Information System Control (CRISC), Certified in Risk Management Assurance (CRMA), Certified in Governance of Enterprise IT (CGEIT), Cisco Certified Network Associate/Professional (CCNA, CCNP)
IT Security/Privacy Certification: Certified Information Systems Security Professional (CISSP), Certified Information Security Manager (CISM), Quality Security Assessor (QSA), Payment Card Industry Professional (PCIP), Certified Ethical Hacker (CEH), Microsoft Certified Professional/Security Engineer (MCP, MCSE)
Expert-level knowledge of security principles and technologies with 5+ years hands-on experience in information technology systems and security assessments or security by design testing
Big 4 or equivalent regulatory compliance consulting experience applying broad risk and threat assessment methodology experience across information technology, security, privacy, and business
Demonstrated leadership skills in identifying and analyzing regulatory, security, and privacy vulnerabilities in the following:
- Finance regulatory compliance testing such as NAIC/MAR, SOX, EHNCA, ICFR, or equivalent
- Information technology compliance testing such as ISO27001/2013, COSO, AICPA/SOC(I,II,III) or equivalent
- Information security compliance testing such as CMS ARS, CIS, CSA, or equivalent
- Information privacy compliance testing such as HIPAA (45 CFR), GDPR, CCPA, NYCRR, or equivalent
- GRC frameworks such as NIST (800-36), ISO (27k series), COBIT, ITIL, GAAS or equivalent
- Compliance crosswalk methodologies and models such as SCF, CCF, UCF, RMF, HITRUST, or equivalent
Proven leadership with multiple cross-functional teams in a deadline-driven environment
Excellent written reporting and presentation skills
Ability to travel approximately 25% of the time
Clean credit history as reported by credit report
Preferred Skills
IT Auditor experience within internal/external audit team
#LI-VISIONCARE
#LI-REMOTE
Compensation range for the role is listed below. Applicable salary ranges may differ across markets. Actual pay will be determined based on experience and other job-related factors permitted by law. As a part of the compensation package, this role may include eligible bonuses and commissions. For more information regarding VSP Vision benefits, please click here.
Salary Ranges: $80,000.00 - $135,000.00VSP Vision is an equal opportunity employer and gives consideration for employment to qualified applicants without regard to age, gender, race, color, religion, sex, national origin, gender identity, sexual orientation, disability or protected veteran status. We maintain a drug-free workplace and perform pre-employment substance abuse testing.
Notice to Candidates: Fraud Alert - Fake Job Opportunity Solicitations Used to Collect Fees/Personal Information.
We have been made aware that fake job opportunities are being offered by individuals posing as VSP Vision and affiliate recruiters. Click here to learn about our application process and what to watch for regarding false job opportunities.
As a regular part of doing business, VSP Vision (“VSP”) collects many different types of personal information, including protected health information, about our audiences, including members, doctors, clients, brokers, business partners, and employees. VSP Vision employees will have access to this sensitive personal information and are subject to follow Information Security and Privacy Policies.
Tags: Audits CCNP CCPA CEH CIA CISA CISM CISSP COBIT Compliance Computer Science CRISC Finance GDPR Governance HIPAA HITRUST ISO 27001 ITIL NIST Privacy Risk management RMF Security assessment SOC SOX Travel Vulnerabilities Vulnerability management
Perks/benefits: Health care
More jobs like this
Explore more InfoSec / Cybersecurity career opportunities
Find even more open roles in Ethical Hacking, Pen Testing, Security Engineering, Threat Research, Vulnerability Management, Cryptography, Digital Forensics and Cyber Security in general - ordered by popularity of job title or skills, toolset and products used - below.
- Open Information Security Specialist jobs
- Open Senior Cyber Security Engineer jobs
- Open Ethical hacker / Pentester H/F jobs
- Open Information Systems Security Officer (ISSO) jobs
- Open Principal Security Engineer jobs
- Open Cyber Security Architect jobs
- Open Manager Pentest H/F jobs
- Open Product Security Engineer jobs
- Open Staff Security Engineer jobs
- Open Cyber Security Specialist jobs
- Open Cybersecurity Analyst jobs
- Open Senior Information Security Analyst jobs
- Open Chief Information Security Officer jobs
- Open Consultant infrastructure sécurité H/F jobs
- Open IT Security Analyst jobs
- Open Cybersecurity Consultant jobs
- Open Security Specialist jobs
- Open Consultant SOC / CERT H/F jobs
- Open Senior Information Security Engineer jobs
- Open Senior Penetration Tester jobs
- Open Senior Security Architect jobs
- Open Cybersecurity Specialist jobs
- Open Security Researcher jobs
- Open IT Security Engineer jobs
- Open Security Operations Analyst jobs
- Open CISM-related jobs
- Open Windows-related jobs
- Open Network security-related jobs
- Open ISO 27001-related jobs
- Open Pentesting-related jobs
- Open Agile-related jobs
- Open Application security-related jobs
- Open GCP-related jobs
- Open Vulnerability management-related jobs
- Open SaaS-related jobs
- Open CISA-related jobs
- Open Analytics-related jobs
- Open IAM-related jobs
- Open Threat intelligence-related jobs
- Open APIs-related jobs
- Open Security assessment-related jobs
- Open Java-related jobs
- Open Malware-related jobs
- Open DevOps-related jobs
- Open Security Clearance-related jobs
- Open IDS-related jobs
- Open CEH-related jobs
- Open Forensics-related jobs
- Open EDR-related jobs
- Open Kubernetes-related jobs