CompuCom Information Systems Security Auditor in San Jose, California

Previous

Information Systems Security Auditor

Next

Ref No.:

18-04225

Location:
San Jose, California

Did you know that Gartner positioned e at http://www.excell.com/ X at http://www.excell.com/ cell at http://www.excell.com/ as a Leader in its Magic Quadrant for End User Outsourcing? Come work for the leader today!

Our client is seeking an Information Systems Security Auditor with experience in auditing systems and providing detailed reports of audited information systems. These reports will outline whether the systems meet compliance requirements based on best practices or regulatory compliance. In addition, the Auditor will conduct accurate evaluation of the level of security required, and perform day-to-day information security auditing operations, including regular security audits to identify gaps and ensure compliance with security policies, analyze gaps, and report and participate in remediation activities.

Requirements:

  • Demonstrated knowledge of audit capabilities conducted and performed

  • Demonstrated strong technical writing skills acquired in a large enterprise IT consulting, administration, or support environment

  • Extensive knowledge of Health Insurance Portability and Accountability Act (HIPAA), Criminal Justice Information

  • Security (CJIS) Policy, or Protected Critical Infrastructure Information (PCII) Program and other related state and federal regulations

  • Knowledgeable of the National Institute of Standards and Technology (NIST) Risk Management Framework (RMF) and Special Publications

  • Thorough understanding of IT infrastructure

  • Familiarity with a variety of IT security field's concepts, best practices, policies, and procedures

  • Extensive experience in network, database, and web application security

  • In-depth knowledge of application, data, and web security

  • Demonstrated knowledge of compliance practices and IT audit operations

  • Demonstrated knowledge of operating systems, application development, change management, operations, networking and telecommunications, databases, business continuity, disaster recovery, and physical and logical security

  • Excellent analytical skills to understand organizational objectives, evaluate risks and controls, accurately document and support work performed and conclusions reached

  • General knowledge of internal control concepts, principles, risk analysis, FISMA, PCI Compliance, HIPAA, Privacy, process improvement and techniques, including frameworks such as NIST, ISO2700, COSO, and COBIT

    Education Requirement:

  • Bachelor’s or Master's degree or higher in Computer Science, Information Systems, or relevant technical, engineering, or scientific field or an equivalent combination of education and relevant IT experience may be considered

  • Industry certification such as CISSP, CISA, or CISM coupled with verifiable expertise in auditing complex systems

  • Background in delivering full-life cycle projects

  • Strong analytical skills to solve ambiguous and complex problems, perform research to identify and derive solution opportunities

  • Strong written and oral communication skills

    Project Specific Tasks / Deliverables:

  • Lead complex IT security and integrated audits by evaluating applications, system operations, and supporting infrastructure including scheduling, processing, input / output systems flow, controls and edits, data storage, and security procedures to ensure that systems integrity exists

  • Lead and conduct review of processes, policies, procedures, security, and configuration controls of existing systems as well as proposed controls of new systems

  • Conduct a thorough analysis as problem areas are discovered

  • Participate in risk assessment and planning discussions to define audit objectives, scope, and develop audit programs based on the defined objectives

  • Work autonomously in an area of specialization to analyze internal security and provide relevant information to internal and external customers, suppliers, and partners

  • Attend meetings with internal staff to conduct interviews with management and staff of the assigned audit area, as necessary, to gain an understanding of the respective processes and the controls governing the assigned audit area

  • Review documentation for all stages of the audit, ensuring complete and accurate audit results as well as compliance with client standards

  • Analyze findings and test results and arrive at sound fact-based conclusions and appropriate recommendations for problem areas noted

  • Identify risks, controls, and gaps within a process or systems

  • Draw conclusions and provide recommendations in a clear, concise ,and constructive manner, both orally and in writing, through detailed reporting

  • Communicate with departmental representatives and staff with regards to status of audits / projects

  • Conduct follow-up work, as necessary, to evaluate corrective action taken by management to resolve previous IT audit observations and ensure compliance with policies, laws, and regulations

  • Present Audit Procedures and Audit Findings as well as recommendations

  • Research and apply industry best practices while challenging an organization or status quo

  • Ensure the effective accomplishment of audits according to the audit plan

We will consider for employment all qualified applicants, including those with criminal histories, arrest, and conviction records in a manner consistent with the requirements of applicable state and local laws. This includes the City of Los Angeles Fair Chance Initiative for Hiring Ordinance as well as the San Francisco Fair Chance Ordinance.

W2 only, no Corp to Corp. We are unable to sponsor H1B visas at this time. * e at http://www.excell.com/ X at http://www.excell.com/ cell at http://www.excell.com/ ™ Supports Equal Employment Opportunity* e at http://www.excell.com/ X at http://www.excell.com/ cell at http://www.excell.com/ ™, a division of CompuCom® Systems, Inc., a global company headquartered in Bellevue, Washington, provides IT staffing services and solutions to Fortune 1000 companies as well as small and medium business. For more information, visit www.excell.com at http://www.excell.com/ .