IT Audit Analyst
Our client is a legal firm currently looking for an IT Audit Analyst that will be responsible for leading the day–to–day information security governance, compliance, and risk management functions. The role will include primary responsibility for managing IT and organizational policies and standards in support of legal and regulatory compliance. This is a contract position located in New York City.
- Manages the Firm's ISO 27001 certification preparation, certification audit, and surveillance audit.
- Prepares timely initial response to Firm client's due diligence questionnaires and audit requests; tracks the deadlines and potential client findings.
- Collaborates with IT teams to ensure timely remediation of audit findings from external and internal audit/assessments.
- Manages the Firm's information security awareness training program, including but not limited to conducting in–person training and phishing simulation tests.
- Manages and reports on the firm's IT risk assessment findings and remediation progress.
- Performs regular security review activities, including but not limited to user account recertification, vendor security recertification, etc.
- Assists in the development, implementation, and day–to–day maintenance of information security controls.
- Performs periodic vulnerability identification scans and runs related tools to highlight errors in systems configuration, the need for the update of software with fixes and patches, and other security–related issues.
- Interprets information security policies, standards, and other requirements and assists with the implementation of these policies, standards, and requirements.
- Serves as an active member of the Information Security Team and participates in security operational tasks, including but not limited to: security monitoring, threat response, helpdesk ticket response, and incident response.
- Bachelor's degree in Information Technology or related field and/or training; or equivalent combination of education and experience. ?? Professional certification project management certification a plus (PMP, PMI)
- Obtain or work progressively to obtain one information security certification (CISM, CompTIA Security+, CISA, CRISC), at minimum.
- 5 years of experience in systems, network, and/or systems security administration with a track record of success.
- Familiarity with information security tools such as access control systems, patching systems, antivirus systems, firewalls, and vulnerability management tools.
- Familiarity and exposure to other compliance and regulatory standards (e.g. FedRAMP/ITAR, GDPR, HIPAA, ISO 27001, PCI DSS, SOX) a plus.