What are the responsibilities and job description for the Information Security & Cybersecurity Audit position at Virtual Networx?
Job Details
Title: Information Security & Cybersecurity Audit
Location: REMOTE
The audit will evaluate the following key areas:
Endpoint Security: Assessment of endpoint protection controls, including anti-malware solutions and patch management.
Application Security: Vulnerabilities related to web applications such as certificate validating, user of HTTPS, lack of bot detection, and web application best practices.
Communications Encryption: Evaluation of data encryption practices for data in transit.
Security Monitoring & Incident Response: Review of logging mechanisms, security event monitoring, and incident response capabilities.
Third-Party Risk Management: Assessment of vendor cybersecurity practices and compliance with security requirements.
Employee Training & Awareness: Evaluation of cybersecurity training programs to ensure awareness of security best practices.
Framework Adherence: Assessment of compliance with NIST Cybersecurity Framework 2.0, NIST 800-53, and ISO standards.
Attack Surface Assessment: Evaluation of critical open ports, out of date services, applications weaknesses, encryption strength, and misconfigurations.
Email Security: Evaluation of email security measures, detections for email spoofing, phishing, spam, and other mitigations.
Network Security: Review of firewalls, intrusion detection systems (IDS), and incident response mechanisms.
Audit Methodology:
1. Review of cybersecurity policies, procedures, and regulatory frameworks.
2. Interviews with key personnel responsible for cybersecurity operations.
3. Vulnerability assessments and penetration testing.
4. Examination of security logs and incident reports.
5. Sampling of cybersecurity control implementations and their effectiveness.
6. Review of third-party vendor security assessments and compliance documentation
