Listing Description

The Information Security Audit Analyst is responsible for supporting the completion of information security audits by external and internal auditors. The Analyst will gather evidence and artifacts to accompany them using existing documentation or acquiring samples from internal departments. This position will ensure successful delivery of audits to support all Blend lines of businesses. It requires a strong understanding of the following facets: vendor management, information security, IT infrastructure, human resources, and compliance, as well as industry and audit frameworks and benchmarks.

How you'll contribute: 

• Assist with the coordination of audit and request for proposal questionnaires.


• Identify risks and escalate to management.


• Provide support for client RFPs and annual due diligence audits.


• Identify, research, and report process improvement strategies.


• Ensure the confidentiality, integrity, and availability of Blend documentation and artifacts.


• Report on metrics to gauge audit response effectiveness.


• Participate in the measurement and reporting of compliance activities with approved policies and standards to management.


• Support gap remediation efforts as directed by leadership.


• Participate in the gathering of audit metrics on a monthly, quarterly, and yearly basis.


• Support audit platform implementations & promote policy enforcement throughout Blend.


• Participate in the testing of solutions and reporting observations to management.


• Maintain a balanced knowledge base of industry practices and regulatory requirements as well as technology-based solutions.

Who you are: 

• 2 years of experience working effectively with and independently across functional areas within Information Security, Legal, Compliance, ERM, sales and account management, and EPD.


• Bachelor's degree in Information Security, Computer Science, or related discipline or equivalent experience.


• Experience managing projects and initiatives.


• Experience with auditing standards and hands-on audit of controls


• Working knowledge of Policies, Standards, and Procedures.


• Excellent written and verbal communications.


• Ability to manage multiple, changing, complex priorities.


• Working knowledge of the following areas: information security, system administration, IT support, compliance, audit, risk management, and change management.


• Working knowledge of operational, security, and infrastructure controls (networks, server, and end-user computing devices) system administration, cryptographic management, quality control, regulatory monitoring, and business continuity planning and practices.


• Familiarity with legal, regulatory and industry requirements and frameworks. Including, but not limited to the following:

• 
  
  
  
  • NIST 800-171 and NIST 800-53 
  
  
  • ISO 27001
  
  
  • SOC 2
  
  
  • SOX
  
  
  • PCI DSS
  
  
  • GLBA
  
  
  • CCPA/CPRA
  
  
  • NY DFS
  
  
  
  


• Working knowledge of internal and external audits, penetration testing, and certification and communicating results to technical and non-technical audiences.


• Working knowledge of processes and technologies that support including, but not limited to:
  
  
  
  • Authentication and authorization
  
  
  • Servers and Networking
  
  
  • Database Management Systems
  
  
  • Web services
  
  
  • End-Point Security
  
  
  • Data Loss Prevention
  
  
  • Privacy
  
  
  • Human Resources
  
  
  • Regulatory reporting
  
  
  
  

• Key skills include the following, as well as other competencies


• Analyze Problems and Make Decisions - Commit to a course of action after identifying and assessing alternatives based on logical assumptions, facts, resources, constraints and organizational values.


• Build Credibility and Trust - Adhere to Blend values and high ethical standards of behavior by demonstrating respect, honesty, consistency and fairness when interacting with colleagues, customers, business partners and other stakeholders.


• Collaborate with Others - Work effectively with others both within and across Blend businesses lines, establishing and maintaining productive working relationships.


• Deliver Results - Tenaciously work to meet or exceed expectations by keeping self and others focused on achieving critical goals.


• Professional/Technical Expertise – Knowledge of technology platforms; ability to relate business requirements and risks to implementation of systems and processes.

Bonus Points:

• Active security/compliance certification desired or willingness to obtain - CISSP, CCSP, SSCP, CySA, ECSA

Benefits and Perks: 

• Meaningful equity and a 401(k) plan


• Comprehensive health benefits


• Wellness benefits covering a variety of wellness activities, gym memberships, fitness classes and more


• 16 weeks of paid parental leave


• Generous vacation policy


• Work from home office set up stipend and internet stipend during COVID-19