Security Risk Auditor

location: Charlotte, NC (3 days each week)

Interview: Teams

Linked is must.

This will be onsite 3 days each week with a compensation of up to $55/Hour C2C .

Please note that all candidates submitted will need a valid LinkedIn profile . Candidates must be local as relocation is not permitted .

The team is seeking candidates with robust IT audit experience , specifically those who have evaluated both the effectiveness and design of controls. Ideal candidates should be able to distinguish between tested effectiveness and tested design, particularly within the context of operational effectiveness in risk and audit.

Many applicants have primarily conducted non-IT audits or worked alongside information security professionals in a liaison role, without direct testing experience. Some claim to have testing experience, but it's evident that there is a gap in knowledge and skills. Basic SOX testing experience, which focuses on access management and general controls, is not sufficient for the broader scope of IT auditing they require.

Key Qualifications:

1. IT Audit Experience: Must have a traditional IT audit background, preferably with experience in technology auditing within banks. The team functions as the first line of defense, necessitating someone with a strong foundation in IT auditing.
2. • 2-4 years of experience in performing audits for Technology or Cybersecurity, Audit, Compliance, and/or Risk Management
3. Knowledge Across Multiple Principles: Candidates should possess a broad knowledge base, including:
   • Vulnerability management
   • Identity and access management
   • Capacity management
   • SDLC (Software Development Life Cycle)
   • Data classification
4. Industry Knowledge: Ability to understand and identify controls and risks within processes, evaluate their design and effectiveness, and document findings.
5. Analytical Skills: Capability to conduct walkthroughs with process owners or subject matter experts, assess alignment with industry practices and standards, identify red flags, and ensure proper risk management.

Soft Skills:

• Ability to work semi-independently within a team environment, avoiding power struggles and collaborating on larger projects.
• Strong written and verbal communication skills.

Additional Considerations:

• Financial industry experience is beneficial but not required.
• Familiarity with industry frameworks will be necessary for the job.
• Open to candidates from Charlotte
• Relevant certifications such as CISM, CISSP, CRISC, or CISA are highly desirable.