Advantmed - IT Security Auditor

Roles & Responsibilities:

- Perform HIPAA, HITRUST ISMS, SOX-IT and SSAE 18 risk based internal audits and monitor gap remediation efforts;

- Audit day-to-day security operations and high-visibility business processes;

- Manage the end-user security awareness training program & Compliance Hotline;

- Maintain a catalog of all internal security controls across the enterprise to include their mapping to the above security frameworks

- Maintain security documentation and diagrams. Ability to complete tasks and deliver professionally written reports.

- Review and coordinate changes to information security policies, procedures, and standards in an continuous improvement model

- Performing Business Impact Analysis, Risk Analysis, Perform targeted fieldwork to test internal controls across the company's application, infrastructure, and databases, as well as key business processes;

- Identify and develop recommendations to provide for productivity savings and/or enhance process efficiencies;

- Supporting and challenging the business to effectively identify, manage and report on IT business risk, including ensuring that committees and governance structures are functioning effectively

- Supporting the Compliance Head in developing and maintaining an effective Global Compliance Programme that ensures that the group's policies are embedded in the business, that good practice is shared, and that any compliance breaches are investigated and resolved promptly.

- Develop and foster strong professional relationships within company;

- Build the department's standing and credibility throughout the organization;"

Skill & Competence (Desired) :

Understanding of the system development lifecycle and the business risks associated with system implementations;

- Knowledge of various technologies, applications, operating systems, and databases including Windows, Ubuntu, MS SQL databases, Active Directory, web services, firewalls, etc.;

- Strong project management, communication, facilitation and presentation skills;

- Develop an understanding of the organization as a whole, and specifically its key business processes;

- Knowledge of information security principles, including risk assessment and risk management;

- Proven ability to work under stress in emergencies, with the flexibility to handle multiple high-pressure situations simultaneously.

Excellent stakeholder management experience. :

Skill & Competence (Required - Must Have) :

- Knowledge of Service Management Standards, Security Management Standards, HIPAA, ARRA, HITRUST.

- Past implementation experience of BCMS, ISMS and/or ITSM;

- Expert knowledge of Information Security Frameworks and IT Governance frameworks &

- Demonstrated ability to apply IT in solving security problems."

Experience :

- CISA qualified with approximately 3 years- post qualification IT audit experience, in a professional services environment. KPO/BPO/ITIS experience would be ideal.

- Experience of working in both an assurance and advisory role would be preferred"