Information Security Auditor III Job at R3 LLC, Frederick, MD

NEVocHMvK040cE1TdHRQQWVhOUVGVnNV
  • R3 LLC
  • Frederick, MD

Job Description

At R3, we are committed to providing our clients with best-in-class solutions for all of their IT needs. We are relentless in our pursuit of excellence and dedicated to providing our clients with unsurpassed quality, service, and value day in and day out. As we continue to grow and innovate, we are seeking passionate and dedicated individuals to join our team. If you're ready to join our mission of setting the standard for IT excellence, we are seeking an energetic, self-motivated Information Security Auditor III (Senior), IT Risk and Compliance with experience leveraging industry standards to perform internal audits for R3 and their clients.

As a member of the Quality & Compliance (Q&C) team, you will focus on audits of critical technology functions including cloud-based technology implementations, security controls, and cybersecurity risks. This position requires an individual who can liaise with key stakeholders at all levels, as well as critical functional teams such as IT, Cybersecurity, HR, Finance, Sales, Legal, Contracts, supply chain, and others to identify and manage information security standards and best practices that govern cybersecurity for any given client.

Responsibilities:

  • Execute major components of audits and security control assessments, including critical technology functions, cloud-based infrastructure, emerging technology, cybersecurity, risk management, application, and third-party management, as well as lead small to medium size audits.
  • Perform assessments of IT controls using industry-standard guidance and leading best practices such as NIST 800-171, CMMC, FedRAMP, ISO/IEC 27001, FISMA, etc.
  • Schedule and conduct interviews and discussions with a variety of stakeholders, including IT and Cybersecurity technical engineers and administrators, and other key functional team members.
  • Identify, gather, review, and analyze documents and artifacts to assist in IT controls testing such as system security plans, SOPs, audit logs, configuration scans, and vulnerability scans.
  • Evaluate the implementation and effectiveness of IT controls using provided artifacts against federal requirements, industry guidance, and leading best practices.
  • Document the results of IT controls testing in a consistent and high-quality manner that would allow others to review and understand the results.
  • Establish and maintain good auditee relations during engagements. Communicate or assist in communicating the results of some audit projects to management via written reports and oral presentations.
  • Summarize and communicate IT controls assessment results to a variety of client stakeholders, including senior leadership.
  • Understand and analyze known IT control weaknesses, identify root causes, and develop detailed remediation plans.
  • Develop and maintain SSP and POAM documentation for in-scope environments, and applicable policies, processes, and procedures.
  • Provide subject matter expertise to internal and client personnel on a wide range of matters relating to IT security and assurance.
  • Work with technical teams and clients to remediate findings related to information systems, networks, and data, determining technical solutions and recommendations for implementation.
  • Perform risk assessments of business units and technology operations, design and execute audit procedures to verify the effectiveness of existing controls, identify and define issues, review and analyze evidence, and document auditee processes and procedures.
  • Review and provide feedback on audit workpapers to achieve clear, organized, and complete documentation to support work performed.
  • Coordinate with others and proactively take on additional work.
  • Deliver appropriate, succinct, and organized information, tailoring communication style to audience.
  • Manage assessments independently on time, within budget.
  • Effectively communicate information, issues, and audit progress to teammates and clients.
  • Perform various aspects of engagement administration, including hours and budget tracking.
  • Provide periodic on-the-job coaching and direct supervision over less experienced associates.

Ideal Teammate:

  • You have a broad understanding of context and implications (e.g., financial, legal, reputational) of the various types of risk affecting the business and critical technology functions.
  • You are a critical thinker who seeks to understand the business and its control environment.
  • You believe insight and objectivity are core elements to providing assurance on the effectiveness and efficiency of R3's and clients' governance, risk management, and compliance processes.
  • You possess a relentless focus on quality and timeliness.
  • You adapt to change, embrace bold ideas, and are intellectually curious. You like to ask questions, test assumptions, and challenge conventional thinking.
  • You are a firm believer that a rich understanding of data, innovation, and technology will only make you a better auditor. This will require leveraging the power of data analytics and furthering your technical expertise.
  • You are a teacher. You do the right thing and lead by example. You have a passion for coaching and investing in the betterment of your team and clients.

Qualifications:

  • U.S. Citizen (Federal client requirement)
  • Bachelor's degree in in Information Technology/Security, Computer Science, Information Systems Management, or related field, or the equivalent combination of training, certification, education, and experience.
  • Demonstrated ability and working knowledge of frameworks and standards such as NIST 800-171, NIST 800-53, FISMA, FedRAMP, and/or CMMC
  • 8+ years of demonstrated knowledge and experience in IT risk and controls through IT audits, IT controls assessments, IT security reviews, and information security audits including areas such as application security, network security, cyber security, vulnerability management, third-party risk assessments, data protection, access management, etc.), or cloud computing controls (design, operation, risk management, auditing) or a combination
  • 5+ years of demonstrated experience with tools and technologies in support of performing assessments and audits
  • 3+ years of experience in managing audit engagements, project management, or a combination
  • Experience auditing cloud computing (Microsoft preferred) and controls
  • Demonstrated knowledge of traditional and emerging technology domains, including cybersecurity, cloud, infrastructure, networking, data management, integration strategies, IT operations, IT risk management, and IT governance

Preferred Qualifications:

  • CISSP, CISA, or CISM certification strongly preferred; other auditing and/or security certifications such as CCA, CCP, CIPP, CDPSE, CRISC, CGEIT, etc. desired
  • Familiarity with other compliance frameworks such as SOC 2, PCI-DSS, ISO/IEC 20000-1, ISO/IEC 27001, HIPAA, HITRUST, OMB Circular A-123, or similar internal control assessments

Why join our winning team?

  • Competitive wages to reflect your experience and skills.
  • Comprehensive medical, dental, and vision insurance plans to keep you and your family healthy.
  • 401(k) with company match to help you plan for the future.
  • Flexible time off policies to ensure you maintain a healthy work-life balance.
  • Opportunity to give back to our community with (paid) volunteer time off.
  • We offer many remote opportunities, allowing you to work wherever you want.
  • We are committed to creating a positive impact on society and contributing to a better world--we're involved in our community and encourage our employees to do the same.
  • We are reshaping the industry and the way it thinks about technology and service.
  • We strive to be better and encourage our employees to do the same by offering training incentives and bonuses to help you and your career grow.
  • The opportunity to be a part of an amazing team.

R3 is an equal opportunity employer. It has been and will continue to be a fundamental policy of R3 to not discriminate on the basis, of race, color, religion, gender, gender identity, pregnancy, marital status, sexual orientation, age, national origin, alienage or citizenship status, veteran or military status, disability, medical condition, genetic information, or any other characteristic prohibited by federal, state, and/or local laws. This policy applies to all aspects of employment, including hiring, promotion, demotion, compensation, training, working conditions, transfer, job assignment, benefits, and termination.

Compensation details: 115000-150000 Yearly Salary

PI0a78b356ef9a-30492-36439516

Job Tags

Local area, Flexible hours,

Similar Jobs

The LiRo Group

Resident Engineer Job at The LiRo Group

 ...We have an immediate need for a Resident Engineer for a multi-billion dollar redevelopment project at JFK International Airport. Come join our team! We are looking to build services and capabilities through the growth of our key asset- our staff. Ranked among... 

Veritas Steel LLC

General Laborer/Fabricator Job at Veritas Steel LLC

 ...asset, our people, are protected. We have a very extensive training program to ensure the safety of all of our employees. As a General Laborer / Fabricator , you will use your expertise in metal fabrication to produce high-quality products that meet our strict... 

Sidley Austin LLP

Legal Secretary Job at Sidley Austin LLP

 ...functions of the job. If you need such an accommodation, please email ****@*****.*** (current employees should contact Human Resources). Education and/or Experience: Required: High school diploma or general education degree (GED) Three or... 

Guardian Tax

Tax Preparer L I Job at Guardian Tax

 ...Ready to dive into the world of tax preparation and jumpstart your career? As a Tax Preparer, you'll get to roll up your sleeves and learn the ropes while gaining valuable skills. You'll be helping individuals tackle their tax responsibilities and make a real difference... 

Cobalt Security Services

Security Officer, Full Time Graveyard Job at Cobalt Security Services

 ...Location : Camarillo, CA Pay Range : $18 /hour (depending on experience)* New Hire Bonus : $300 - following 3 months employment**...  .... Office Line: (***) ***-**** Benefits & Perks for Security Guards ~ Health Insurance, Vision Insurance, & Dental insurance...