Share this Job
Apply now »

Senior Information Security Auditor

Date:  Sep 30, 2021
Req ID:  46546
Remote Position:  Yes
Country:  US
Line of Business:  VSP Vision Care
Division:  Internal Audit

VSP Global is comprised of five complementary businesses that combine high-quality eye care insurance, high-fashion eyewear, customized lenses, ophthalmic technology and retail solutions, with employees in over 23 countries. No matter the role, we’re all focused on a singular mission: to help people see. Learn more by visiting https://vspglobal.com/cms/careers/

General Summary

The Senior Information Security Auditor will perform integrated internal audit and consulting work on information systems and report on the results. Acts as a senior technical advisor for auditing complex information security technologies, assessing security frameworks, security and privacy architecture designs, regulatory and business risk management, security and privacy incident management, application and system change control vulnerability management.

Essential Functions

Perform and ensure all phases of audits including planning, fieldwork, analysis reporting results and subsequent follow-up procedures are completed and communicated. Participate in special consulting projects as assigned.

 

Perform comprehensive audit testing related to IT, cybersecurity and privacy compliance; participate in special consulting projects as assigned.

 

Coordinate and communicate audit results with prepared written documentation and reports.

 

Review corrective action plans and assist in monitoring company’s internal control activities and compliance status.

 

Assist in aligning internal controls and compliance requirements with the company’s goals and objectives.

Job Specifications

Bachelor's degree in management information system or computer science or engineering, or related field or equivalent experience.

One existing certification (or equivalent) from each of the following categories, which must be currently maintained and valid. 

General Audit Certification:
•    Certified Information Systems Auditor (CISA) 
•    Certified Internal Auditor (CIA)
•    Certified Fraud Examiner (CFE)

IT Audit Certification:
•    Information Technology Infrastructure Library (ITIL)
•    Certified Information Systems Auditor (CISA)
•    Certified in Risk and Information System Control (CRISC)
•    Certified in Risk Management Assurance (CRMA)
•    Certified in Governance of Enterprise IT (CGEIT)
•    Cisco Certified Network Associate/Professional (CCNA, CCNP) 

IT Security/Privacy Certification:
•    Certified Information Systems Security Professional (CISSP) 
•    Certified Information Security Manager (CISM)
•    Quality Security Assessor (QSA)
•    Payment Card Industry Professional (PCIP)
•    Certified Ethical Hacker (CEH) 
•    Microsoft Certified Professional/Security Engineer (MCP, MCSE)

5+ years of hands-on technical information security/privacy experience.

Advanced knowledge of security principles and technologies with hands-on experience in information technology systems and security assessments, or security by design testing, or a variety of security and privacy technology solution implementations.

Big 4 or equivalent regulatory compliance consulting experience applying risk and threat assessment methodologies with experience across IT, security, privacy and business

Progressive competency in general information technology auditing practices in the following disciplines:
•    General auditing standards such as IIA, PCAOB, GAAP, GAAS, IPPF or equivalent.
•    General information technology processes of Contract Management, Change Management, Recovery Management, Operations Management, Configuration Management, and Risk Management and testing of ITAC/ITGC controls.
•    Automated audit control testing environments such as SAP/ERP, ServiceNow, PeopleSoft or equivalent.

Progressive competency in identifying and analyzing regulatory, security and privacy vulnerabilities in the following:
•    Finance regulatory compliance testing such as NAIC/MAR, SOX, EHNCA, ICFR or equivalent.
•    Information technology compliance testing such as ISO27001/2013, COSO, AICPA/SOC(I,II,III) or equivalent.
•    Information security compliance testing such as CMS ARS, CIS, CSA or equivalent.
•    Information privacy compliance testing such as HIPAA (45 CFR), GDPR, CCPA, NYCRR or equivalent.
•    GRC frameworks such as NIST (800-36), ISO (27k series), COBIT, ITIL, GAAS or equivalent.
•    Compliance crosswalk methodologies and models such as SCF, CCF, UCF, RMF, HITRUST or equivalent.

Proven ability to effectively communicate complex technical information to both technical and non-technical audiences at all levels of the organization.

Proven ability to multitask various audits and projects throughout all audit phases.

Proven ability to effectively prioritize tasks in a deadline-driven environment.

Ability to travel approximately 25% of the time.

Clean credit history as reported by credit report.
 

Preferred Skills

Advanced knowledge of information security principles and technologies, with 2 years hands-on experience in VSP's information technology systems and security control testing.


Advanced knowledge of finance regulatory compliance testing, with 2 years of hands-on experience in VSP's NAIC/MAR and NACHA control testing.


Advanced knowledge of information technology compliance testing, with 2 years hands-on experience in VSP's ISO27001 and AICPA/SOCII control testing.


Working knowledge of the following information security compliance control frameworks: PCI, CIS, and CSA.


Working knowledge of the following information privacy compliance control frameworks: HIPAA, GDPR, CCPA, and NYCRR.


Working knowledge of the HiTRUST common control framework, with demonstrable hand-on experience in CCF crosswalk development for control testing design.

Working Conditions / Physical Demands

The working environment is generally favorable. Lighting and temperature are adequate, and there are no hazardous or unpleasant conditions caused by noise, dust etc.

The above information in this description has been designed to indicate the general nature and level of work performed by employees within this classification. It is not designed to contain or be interpreted as a comprehensive inventory of all duties, responsibilities and qualifications required of employees assigned to this job.

VSP Global is an equal opportunity employer and gives consideration for employment to qualified applicants without regard to age, gender, race, color, religion, sex, national origin, gender identity, sexual orientation, disability or protected veteran status.  We maintain a drug-free workplace and perform pre-employment substance abuse testing.


Nearest Major Market: Sacramento

Job Segment: Information Security, Audit, Ophthalmic, ERP, Consulting, Technology, Finance, Healthcare

Apply now »