Cyber Security Audit Manager
555 North Point Center East Suite 300 Alpharetta, GA 30022
The Cyber Security Audit Manager will manage a variety of technical security assessments, including assessments of applications, databases, servers, networking devices, and security tools and software. Responsible for demonstrating skills in assessing IT process and technology risks, identifying and evaluating the design of IT controls, designing, executing and documenting IT audit tests, and making initial determination of reportable issues. They also assist with PCI DSS assessments, and data breach preparedness. Will work in close coordination with Managers, Directors, and Partners to carry our client engagements. Must have the ability to clearly articulate complex testing results is paramount. Will complete work in a thorough and timely manner in accordance with applicable standards, and defined plans, budgets, and schedules.
ESSENTIAL DUTIES/ RESPONSIBILITIES:
- Excellent technical and interpersonal skills required.
- Excellent verbal and written communication skills required.
- Interacts with client management to answer questions, problems and requests regarding complex system issues Manages SCCM Operating System Deployment (OSD) implementation and SCCM Software Update Point (SUP)
- Oversees the packaging, testing and deployment of automated desktop application installations within a SMS and SCCM framework
- Consults with third party vendors to obtain support with resolving issues and developing/maintaining platform strategy
- Perform other duties as assigned
- Develop understanding of appropriate business aspects, IT risks, IT control requirements, processes and systems under review.
- Perform process and technology risk analysis with a cybersecurity mindset and focus, prepare process maps and flowcharts, prepare effective and efficient compliance and substantive technical test plans; and execute in depth IT audit tests.
- Perform assessment of IT process and security controls within information systems environment.
- Evaluate test results: accurately identify symptoms, root cause, problems, identify alternative controls and develop recommendations.
- Prepare work papers, draft grammatically correct interim letters and other documents; assist in preparation of the draft audit report.
- Performing assessments of technology such as applications, databases, servers, networking devices (i.e., firewalls and routers), and security tools such as IDS/IPS, anti-malware, and authentication systems (e.g., Active Directory).
- Performing technology assessments in a wide variety of business environments, including:
- Payment Card Industry (PCI) Data Security Standard (DSS) Compliance;
- Information Technology Operational and Cyber Security Assessments in accordance with industry frameworks, such as COBIT 5, ISO 27001, ISO 27005, and NIST SP 800-30 and Cybersecurity Framework
- HIPAA Security Rule and HITECH Act Compliance
- Cloud Security Compliance
- Assisting clients with the performance of Business Impact Analyses (BIAs) along with the development of business continuity and disaster recovery plans (BCPs and DRPs);
- Assisting organizations with all aspects of data breach and information security Incident Response preparation and management
- Performing Service Organization Control Examinations in accordance with AICPA requirements (SOC 1 SSAE 16, SOC 2 AT 101, SOC 3 AT 101)
- Providing data classification services
- Developing information technology and security policies and procedures
- Providing trusted advisory services and guidance to clients that will reduce organizational risk and improve their overall cyber security posture
- Preparing reports and other deliverables that contain strategy, technical analysis, and findings in connection with our advisory and assessment engagements and communicating those results to client management
- Experience with Qualys / Nessus Vulnerability scanning tools.
- Must be familiar with DNS, HTTP, 802.1x, EAP, TKIP, AES, Radius, IPsec, TLS/SSL, routing protocols (BGP, OSPF, HSRP, VRRP) and VLANs, and layer 2
- Cloud Experience a plus
SPECIFIC KNOWLEDGE & SKILLS REQUIRED:
- Three years or more of professional experience or job related experience in Information Security, or Information Technology
- Extensive knowledge and skill of IT analysis which includes expertise in analyzing confidentiality, integrity, availability of complex IT systems.
- Familiarity with Secure Software Development practices
- Hands On experience with various programming languages or scripting languages and tools.
- Effective oral and written communication skills.
- Strong interpersonal skills and demonstrable leadership ability.
- Minimum of 5 of experience with Enterprise Network, DMZ, and Security infrastructure, including design, implementation, and ongoing management and troubleshooting required.
- Minimum of 5 years experience in designing, developing, implementing, and managing solutions across cybersecurity domains (Cyber Defense, Threat and Vulnerability Management. Advanced Security Analytics, Data Security, Identity Management, Security Operations and Managed Security Services etc.)
- Minimum of 3 years of experience supporting an enterprise network.
- Certifications in one or more of the following: CISSP, CWSP, CCNP, ACE, CCNP Security, Security+, or related.
- Certified Information Systems Security Professional (CISSP), Cisco Certified Network Professional Security (CCNP Security), or GIAC preferred
- Strong understanding of networking concepts such as routing, switching, access control lists, IDS/IPS, and firewalls.
- Familiarity with various operating system platforms (UNIX/Linux, Windows) and security best practices for each.
- Strong analytical and problem solving ability.
- Ability to work independently.