IT Security Auditor - job id 33217


Your Way To Work™

IT Security Auditor

Market Rate w2

Downtown Brooklyn, NY



How to Apply

logo

Jessica Ohmer


logo

(646) 876-9549


logo

(212) 616-4800 ext-570




A Contract position at Premier New York Education Institution.


Pay Options: IC - Self Incorporated or w2

Contact Jessica Ohmer call (646)876-9549 / (212)616-4800 ext.570 or email jessica@sans.com with the Job Code JO33217

Location: Downtown Brooklyn, NY

Skills required for the position: Information Security, CISSP, CISA, NIST, ISO


Detailed Info:

Position is based in the Information Security function under the Office of the CIO. The IT Security Risk Assessment/Auditor professional will be primarily responsible for performing IT Security Risk Reviews of application, system and networking projects and environments to identify, evaluate, and recommend security controls that address information security risk to the University and manage proper control of regulatory requirements.


Principal Accountabilities

30% Technical Security Reviews:

Initiates and performs risk assessment activities including vulnerability assessment and management activities, covering all University business units, including Finance, Research, Health Care, and Educational activities.

Performs information security reviews related to security maturity and risk management.

Provides guidance and assistance regarding information security matters such as the interpretation of information security policies and requirements or their applicability to particular situations.

30% IT Compliance Control:

Researches and deploys tools and strategies to leverage audit results into actionable items; proposes operational improvements to reduce risk.

Keeps current on compliance requirements in all areas of University activity, including HIPAA,

FERPA, GLBA, PCI, including national and international data privacy laws.

Ensures alignment with relevant Information Security standards including NIST 800-53, 800-171, ISO 2700x, etc.


Development / Computing Environment:

Ensures alignment with relevant Information Security standards including NIST 800-53, 800-171, ISO 2700x, etc.

30% Reporting & Communication:

Analyzes data from Information Security functions and provides reports and recommended response actions to Information Security management. Represents Information Security to

other organizations on information security related matters, as assigned. Publishes regular status reports and submits to management.

Develops assessment and risk metrics, in coordination with overall security reporting.

Works with Awareness Specialist and Communications to determine and document information

security requirements and controls necessary for the protection of information resources.

Formerly documents all assessment activity and ensure archiving of documentation in a secure

auditable location as part of the IT Governance process.

10% Risk Management and SOC Support

Maintains IT risk register, correlating audit and review results, as well as operational information, to determine likelihood and impact of risks. Recommends policy and functional actions to reduce risk.

Oversees operational tasks supporting information security functions such as intrusion detection and prevention, security event log analysis, management reporting, malware prevention and remediation, encryption, network segmentation, remote access, cloud security, and authentication.

Supports, maintains, monitors, troubleshoots and enhances security.


The position offers competitive rate.


Job Id: 33217