The Security Engineer I – IT Auditor will report to the Audits and Assessments Security Engineering Manager in the Technology Department. This role is responsible for assessing the design and testing operating effectiveness of general computer controls and application controls and will also be responsible for conducting third-party (vendor) risk assessments for vendors and other external partners. Work collaboratively with control operators. Assess the risk posed by potential findings and present the findings to the 3rd Party Auditors and senior management. The IT Auditor will also need to stay aware of emerging technologies and risks.
Duties & Responsibilities:
- Perform third-party (vendor) risk assessments, including reviewing security and compliance documentation, identifying control gaps, tracking remediation items, and communicating results to stakeholders.
- Assist in planning audits, executing audit work, and preparing audit reports.
- Developing a keen understanding of IT risks and control activities for information systems, technical infrastructure, data centers, computer operations, and key applications.
- Performing general and application control reviews for simple to complex computer information systems, like Linux, Windows, and databases such as SQL Server, Oracle, and cloud platforms such as Azure.
- Providing recommendations to improve control posture and strengthen IT processes identified through the course of audits and control testing.
- Preparing and presenting written and oral issues/reports and other technical information in a pertinent, concise, and accurate manner for distribution to management.
- Keeping abreast with new technologies and IT control frameworks such as NIST Cyber Security Framework, NIST 800-171 publications, and Cloud Security Frameworks.
- Other duties as assigned.