Product Security Compliance Assessor (IT Auditor)

Remote

Screening Questions

• How do they assess IT evidence when given a piece of IT evidence from a stakeholder?
• Do you have IT audit experience as internal or external auditor?
• Can you explain how you test typical IT general controls?
  
  

Job Description

Help to interpret the relevant, applicable government regulations.

Work with different teams including Legal, Cybersecurity, Finance, IT Operations, R&D, Products, and other stakeholder teams to coordinate control requirements, reporting and mapping to policy, regulation, and best practice.

Work with stakeholders to build plan of actions and milestones, track progress against gaps, and communicate changes or risks to plans in a timely manner.

Identify, document, and report control deficiencies and associated recommendations for improvements.

Develop and communicate reports to describe regulatory risks and associated remediation actions.

Understand current information security regulatory applicability and monitor for upcoming regulatory changes and revisions.

Support the alignment of the policies and standards to both regulations and best practices.

Review and challenge to support compliance with policies, standards, and regulations.

Evaluate, operate, and maintain tools or artifacts to capture and publish regulatory assessment results.

PM, Design, and implement compliance solutions to stabilize and operationalize responsible program(s).

Requirements

Bachelors degree in computer science, Information Security, or a related field.

Strong communicator to present to all levels.

Experience In Interpreting Regulatory Requirements And Policies.

Experience in conducting compliance and gap assessments and designing metrics.

IT Audit Experience Required

Knowledge of NIST 800-218/Secure Software Development Framework, EU NIS 2 Directives, and Cybersecurity Resilient Act. Understand what the regulation is.

Experience in applying security best practices within an SDLC framework.

Familiarity with various SDLC methodologies (e.g., Agile, Waterfall).

Experience with security automation tools for SDLC.

Ability to prioritize tasks, manage deadlines, and work independently.

Ability to independently run in a fast-paced environment and proactively identify and bridge knowledge gaps.

Candidates with 5+ years of relevant experience preferred with the above requirements.

CIA/CISA/CRISC, or CISM preferred.