IT Audit & Risk Assessor ›
Filevine
IT
Salt Lake City, UT, USA · Las Vegas, NV, USA
Posted on Thursday, May 12, 2022
Responsibilities:
- Manage CJIS obligations, including monthly and yearly audits, clearances for employees, and associated CJIS efforts
- Assist with Federal and international government security audits (e.g. FedRAMP, StateRAMP, Canadian government compliance obligations Strategize and outline goals and objectives of the GRC (IT Audit and Risk management) programs.
- Assist with security efforts to meet HIPAA, SOC 2 Type I & II, and other compliance requirements.
- Work directly with Information Security, Legal, HR, Compliance and Development teams to ensure secure IT and IS best practices are fully adopted at Filevine.
- Help train employees on auditing secure coding techniques to mitigate the need for break-fix/out-of-band patching.
- Review audit, compliance and risk assessment issues that arise and manage them to resolution.
- Provide audit frameworks and risk assessment methodologies contemplating new software solutions to help mitigate security vulnerabilities and other business risks.
- Maintain documented Policy and Procedure libraries for compliance purposes.
- Complete Third-party vendor risk management and security questionnaires for Filevine.
- Provided annual Internal audit and risk assessment functions.
- Facilitate and lead annual penetration testing and auditing efforts.
- Develop a familiarity with new auditing and risk assessment tools and techniques.
Qualifications:
- Bachelor's Degree or equivalent in Computer Science, Computer Engineering, Information Technology, or related field
- 4+ years of experience in IT Audit and direct experience related to risk assessment methodologies.
- Proven work experience as IT Audit & Risk Assessor with a passion for details and security.
- Familiarity with auditing and assessing the OWASP Top 10.
- Experience with managing risks, fraud, and security threats.
- Knowledge of web related technologies (Web applications, Web Services and Service Oriented Architectures, Web Databases) and of network/web related protocols.
- Experience assessing, testing, or auditing technical IT and security controls.
- Working knowledge of and demonstrated experience with SOC II Type I & II, HIPAA Security Rule, FedRAMP Moderate, CJIS, GDPR, CCPA/CPRA and other compliance frameworks.
- Demonstrated knowledge of assessing development methodologies (Agile, Waterfall).
- Ability to work in a fast-paced environment.
- Must exhibit excellence in partnering, teamwork, and quality performance.
- Able to effectively give, receive, and respond to feedback.
- Excellent oral and written communication skills with the ability to communicate security concepts to a technical and non-technical audience including senior management.
- Demonstrated ability to establish relationships and build rapport to influence colleagues at all levels, uncover issues, and identify needs.
Preferred Qualifications:
- Significant experience with auditing frameworks, formal audits, and risk assessment experience.
- Significant experience with automated auditing and compliance tools.
- GRC tool Certification or equivalent experience.
- CISSP Certification or equivalent experience.
- CISM Certification or equivalent experience.
- CISA Certification or equivalent experience.
- CIPP/US Certification or equivalent experience.
- CRISC Certification or equivalent experience.