Bachelor’s or Master’s degree in information system management, Computer Science, Cybersecurity, Risk Management or equivalent.
Certifications required (two), preferred certifications: Certified Information Systems Auditor (CISA), Certified in Risk and Information Systems Control (CRISC), Certified Cloud Security Professional (CCSP), or equivalents.
10+ years of combined experience with consulting, external audit, company in house and outsourced internal audit, assurance services, contracts; experience with a Big 4 is required.
8+ years of hands-on combined experience with financial and information technology internal controls design, test, audit, risk assessments, investigations, findings, and remediation.
5+ years in-depth knowledge and experience of compliance and audit with SOC1, SOC2, SOX, HIPAA, ISO 27001, PCI DSS, FedRamp/StateRamp, etc.
5+ years as a Subject Matter Expert (SME); working with industry frameworks including ISO, NIST 800-53, NIST/CSF, PCI, HITRUST, FISMA, GDPR etc.
Strong leadership skills and experience leading engagements, establishing budgets, developing work programs/plans, building relationships, mentoring staff, providing performance feedback, and monitoring workloads of team(s) while meeting stakeholder and client expectations.
Excellent analytical and problem-solving skills with advanced written, verbal and presentation skills; including interactions with peers and senior technical teams and their management.
Strong experience in managing highly complex technical audits and assessments and driving them to successful outcomes.
Experienced working in remote environments. Independent, motivated self-starter with the ability to analyze complex problems, think critically, problem solve, influence change, provide thought leadership.
Excellent communication and interpersonal skills, including the ability to work across a highly matrixed organization, interacting, influencing, negotiating effectively with all levels of leadership and peers.
Experienced with vendor and managed security services with ability to identify continuous improvement opportunities to drive risk assessment effectiveness and efficiency.
Strong influencing skills and the ability to champion security and educate staff on the latest security risk, software protection, assurance methods and technologies.
Strong work ethic, excellent use of discretion and judgment, and the mature ability to establish credibility and rapport with senior executives and technical and non-technical team members.