Information Security Auditor - #1276 - MeridianLink United States Bookmark Share Print 55 0 0

Listing Description

Information Security Auditor
Job Summary
MeridianLink is currently seeking an Information Security Auditor to help facilitate various security and compliance audits. The candidate must have the experience in documenting controls, gathering evidence, performing gap analysis, and driving remediation. The ideal candidate should be able to project manage multiple ongoing audits. Responsibilities will include performing audit facilitation with external auditors, remediating any issues found during audits, and supporting MeridianLink’s information security program. The position will develop, implement, and monitor controls to support security, compliance, and audit program requirements. Security and trust are the foundation of MeridianLink’s commitment to our customers, this individual will act as a trusted adviser to improve the overall security posture of MeridianLink.
RESPONSIBILITIES
· Participate in and facilitate audit testing for SOC 2, PCI DSS, and SOX compliance.
Develop, implement, and monitor controls and assist with remediation guidance.
Assist and lead audits of cloud environments, information systems, and security tools to ensure adherence to applicable frameworks, laws, and regulations.
· Support comprehensive assessments of the management, operational, and technical security controls deployed within MeridianLink’s environments to determine the overall effectiveness of the controls (i.e., the extent to which the controls are implemented correctly, operating as intended, and producing the desired outcome with respect to meeting the security requirements).
· Guide stakeholders on securing systems and liaise with auditors and compliance teams to ensure compensating controls are appropriately considered and implemented
· Research best practices, developments, techniques, and trends in information security relating to audits and compliance.
· Ensure execution of required testing and remediation activities leading to successful security audits/certification(s)
· Provide guidance on improving security compliance related processes and/or procedures and partner with stakeholders to implement solutions
· Ensures alignment with internal policies and external regulatory requirements, and continuously identifies process enhancements in program execution
· Identifies weaknesses in internal controls and opportunities to enhance operational efficiencies.
· Stay current on changing regulatory requirements and industry frameworks such as ISO, NIST, SOX and recommend changes as necessary.
QUALIFICATIONS
· Bachelor's degree and 4+ years of experience or experience equivalent
· 3+ years of experience working in an external/internal audit role managing and leading AICPA SOC 2, PCI DSS, and SOX audits
· A minimum of 1-3 years of experience in any of the following areas: Information Technology General Controls (ITGC) experience, internal/external IT audit function, information security compliance and assurance, or IT risk management preferred.
· Possess or working towards professional security certifications such as CISA, CISSP, CRISC, CCSP, CISM, GIAC, QSA or similar strongly preferred
· Knowledge of industry frameworks and standards such as ISO/IEC 27001:2013, PCI DSS, NIST CSF, and NIST 800-53
· Experience implementing and/or assessing IT security controls required to meet security, compliance, and audit requirements
Demonstrated expertise of building a consensus across business partners and technology leaders, and influencing successful outcomes
Strong project management and communication skills, including the ability to gather relevant data and information, work in a team environment, dialogue freely, verbalize ideas effectively, negotiate tense situations successfully, and manage and resolve conflict
Assist with assessing controls within multi-cloud environments and the ability to effectively communicate results to key stakeholders.
Assist with assessment engagements that focus on review, design and/or implementation of infrastructure/platform/software security controls.
Assist with identifying and communicating control gaps and process inefficiencies to key stakeholders.
Assist with documenting control objectives and procedures in areas such as cyber security, cloud security, governance and compliance, DevSecOps, data security and protection, incident response, enterprise security architecture, and technology risk management
· Strong business and technical aptitude and problem-solving skills
· Enthusiasm to learn through a combination of structured, on-the-job and self-directed training
Ability to communicate security-related concepts to a broad range of technical and non-technical staff.

OUR CULTURE
Our low turnover is a testament to our wonderful culture where people value the work they do and appreciate each other for their contributions. MeridianLink develops our employees so they can grow professionally by preferring to promote from within. We have an open door policy with direct access to executives; we want to hear your ideas and what you think. Our company believes that to be productive in the long term, we must have a genuine work-life balance. We understand that employees have families and full lives outside of the office. To that end, we honor their personal commitments.
MeridianLink is an Equal Opportunity Employer. We do not discriminate on the basis of race, religion, color, sex, age, national origin, disability, or any other characteristic protected by applicable law.
MeridianLink runs a comprehensive background check, credit check and drug test as part of our offer process.
BENEFITS & PERKS
Competitive compensation
Remote first organization with flexible schedule
401(k) w/ matching
Excellent Benefits: Health, vision, and dental insurance
Health savings account and flexible spending account
Parental leave
Paid time off

MeridianLink has a wonderful culture where people value the work they do and appreciate each other for their contributions. We develop our employees so they can grow professionally by preferring to promote from within. We have an open door policy with direct access to executives; we want to hear your ideas and what you think. Our company believes that to be productive in the long term, we must have a genuine work-life balance. We understand that employees have families and full lives outside of the office. To that end, we honor their personal commitments.

MeridianLink is an Equal Opportunity Employer. We do not discriminate on the basis of race, religion, color, sex, age, national origin, disability or any other characteristic protected by applicable law.  
 
MeridianLink runs a comprehensive background check, credit check and drug test as part of our offer process.
#LI-REMOTE


Listing Details

  • Citizenship: Not Provided
  • Incentives: Not Provided

 

  • Education: Not Provided
  • Travel: Not Provided
  • Telework: Not Provided



About Us

NinjaJobs is a community-run job platform developed by information security professionals. Our unique approach of focusing strictly on cybersecurity positions allows us to personalize the user experience.

Our Contacts

1765 Greensboro Station Pl.
Suite 900
Tysons Corner Va 22102

(703) 594-7765