Work collaboratively with internal Idera technology stakeholders regarding technology controls reviews and assessments. The scope of these activities will include participating with any related teams on a consultative
basis.
● Design, test, and document controls related to compliance with AICPA Trust Principles (SOC2) and ISO 27001 and 27701 requirements;
● Gather audit evidence from company stakeholders to provide to assessors, coordinate scheduling of meetings between assessors and company stakeholders for audits;
● Plan and execute internal and external audits to assess and evaluate potential technology risks and controls issues;
● Curate audit findings into management reports and provide recommendations to stakeholders regarding remediation or mitigation of identified risks;
● Work collaboratively to drive Idera’s risk management program which includes the identification, assessment, tracking and reporting of technology risks and status;
● Execute continuous audit testing program and refine controls to support Testing automation;
● Coordinate pentest scheduling with DevOps team and third-party or internal penetration testing team, vulnerability scans with Product Management and DevOps, and remediation of any findings with applicable
teams;
● Assist with risk assessments of third-party vendors;
● Any other infosec-related compliance tasks identified.
Experience Required:
Experience with SOC 2 Type 2 and ISO 27001 and 27701 audits (must
Have or obtain at the time of hire - ISO 27001 internal auditor certification), performing internal audits (user access reviews, risk assessments; evaluating findings of penetration tests and vulnerability scans).
Apply Now
Apply Now