Join the Security team at Appspace as a Security and Compliance Analyst and gain valuable insight and experience with protecting high scale cloud services. In this newly created role, you will be an integral part of a team that designs, builds and deploys solutions to protect Appspace and its customers against advanced adversaries.
- Participate in planning, scheduling, and preliminary analysis for internal and external audit projects.
- Coordinate audit activities including notification and scheduling for all affected parties of audit timing, scope, objectives, approach, and deliverables.
- Work closely with external auditors and internal audit teams on managing and supporting the audits.
- Identify, document, and map technology processes and internal controls of applicable technology infrastructure and operational areas per the scope of the audit project.
- Perform risk assessments of technology infrastructure and operational processes and controls for assigned areas.
- Complete audit testing, inquiry, observation and other analysis required to meet objectives of audit projects.
- Assist in the development of the company’s security program, policies, and standards.
- Keep existing policies and procedures aligned with audit and security requirements.
- Request and review vendors’ auditing documentation to ensure alignment with Cloud Ops internal controls and provide assessments and recommendations.
- Respond to internal and external compliance inquiries.
Experience, Skills, and Education
- Bachelor’s degree in Information Systems preferred (otherwise Engineering and/or Business) and at least 2 years of professional working experience post-undergrad.
- Experience in internal or external audit in the IT risk and compliance space.
- Understanding or interest in Cloud industry technologies and IaaS, PaaS, SaaS platforms.
- Ability to quickly acquire and apply knowledge of changing technologies.
- Good understanding of audit process/methodology, and risk management/advisory.
- Ability to adapt to a changing environment, meet deadlines and handle multiple projects.
- Experience and/or familiarity with using a risk-based audit approach in evaluations of and recommendations for management processes.
- Ability to present audit findings and recommendations in a manner that will be understood and accepted by all responsible parties.
- Experience or interest in evaluating compliance with regulatory and key IT Standards such as SOC2, ISO 27001, PCI DSS, GDPR, HIPAA/HITECH, NIST, CSA/CCM and similar.
- Possess the tenacity to pursue difficult and sensitive issues to an acceptable conclusion.
- Excellent communication, interpersonal, time management and issue resolution skills.
- Excellent analytical and organizational skills, ingenuity, and be a team player.