IT GRC Auditor Consultant

Education & Experience:

• Bachelor's degree (in Management Information Systems, Information Technology, Computer Science, Accounting, Business Administration). Preferred:
• Certification as CISSP, CCSK, CISA, and/or CISM preferred.

Familiarity with the following technologies (and demonstrated ability to learn):

• All Microsoft O365 products including Teams & Sharepoint.
• Use of AI search engines to expedite tasks.
• Project Management tools like Monday, Base Camp, etc.
• Experience working with or demonstrated willingness to learn how to use compliance management tools (Control Map, Drata, Vanta, etc.)

Desired Skills Required:

• 2-4 years of experience working with IT internal audit, risk and/or IT departments and performing readiness assessments or audits of business and IT functions. • Experience performing IT frameworks audits and IT risk assessments (e.g. ISO 27001, SOX, SOC, HIPAA, NIST, etc.)
• Demonstrated ability to manage multiple projects simultaneously and experience scoping, planning, and executing projects autonomously.
• Strong experience with regulatory and compliance standards (e.g., NIST, ISO 27001/2/17/18/ 27701, SOC 1, SOC 2, SOX, HIPAA, PCI etc.)
• Awareness of or demonstrated willingness to learn about AI Governance frameworks, specifically ISO 42001, is a plus.
• Ability to work during U.S. business, time zones (9-6PM)
• Experience working for a U.S. based IT consulting firm (preferred)
• Support our US-based Service Delivery team by conducting information security assessments, IT GRC audits and IT compliance assessments and advisory projects
• Engage and communicate with our US-based team via video conference calls, emails and written reports and team deliverables.
• A strong command of the English language (both written and spoken) is a must.
• Reporting action items, roadblocks, and other tasks during projects to managers and teams must possess the ability to articulate complex issues in a simple and easy to understand manner.
• Effective time management skills, proactively communicate tasks you are working on by updating your task list.

Responsibilities:

• Proactively communication with your manager when tasks are taking longer than budgeted, ask clarifying questions and be proactive to ensure you understand the tasks assigned to you and you feel confident you can get things done in the assigned budget.
• Assist in developing team deliverables, including information security policies, team request lists, designing audit test plan, documenting audit test results, identifying, articulating and tracking findings and preparing final audit reports.
• Use problem solving and critical thinking skills to quickly identify internal control deficiencies, evaluate their risk implications, and draw the appropriate conclusions.
• Conduct specialized IT GRC frameworks audits and assessments (e.g. ISO 27001, SOX, SOC, HIPAA, NIST etc.)
• Identify and communicate findings, recommendations and apply critical thinking to provide creative and pragmatic solutions that drive project progress effectively.
• Conduct comprehensive IT audits and GRC assessments by evaluating information security policies, procedures, and controls.
• Utilize industry and security knowledge to help team identify vulnerabilities, weaknesses, gaps in controls and potential threats in order to translate into language understandable to the team and actionable for remediation.
• Participate in project planning by collaborating with our teams to refine IT solutions and implement governance and compliance frameworks.
• Demonstrate professional team management skills by building and maintaining relationships with US based team.
• Build and nurture positive working relationships with team and coworkers, by providing high quality deliverables and communications.
• Exercise professional skepticism, judgment and adhere to the code of ethics while on engagement.