Position Available
Information Security Auditor
Position Description
Position Summary: This position reports to the Internal Audit Manager and is responsible for reviewing and auditing the effectiveness and compliance of the Bank’s information security measures to include: assessing and evaluating security controls, identifying vulnerabilities, and recommending improvements to protect sensitive data and mitigate risks. This position will also conduct audits and assessments, and assist with identifying and addressing security gaps, maintaining regulatory compliance, and safeguarding against cyber threats. The Information Security Auditor/Officer is independent of the IT function, and will have no IT production responsibilities. The ISO/Auditor must have sufficient operational and technical knowledge, background and training to enable them to perform their assigned tasks. Essential Functions: Reviewing and evaluating the Bank’s information security policies and procedures for adequacy and effectiveness of the policies with industry best practices and regulatory requirements. Planning and evaluating audit activities, including defining scope, developing audit plans, conducting interviews and assessments, collecting evidence to support findings and conducting continuous monitoring over the information security program. Documenting and communicating audit findings, observations, and recommendations to management and committees. Monitoring risks and tracking mitigation, and reporting significant security events to the board, committees and executive management, as appropriate. Informing the Board, committee(s), and executive management of cybersecurity risks and role of bank personnel in protecting information. Collaborate with IT teams, management, Board, and Committee members to provide guidance on security best practices, risk mitigation strategies, and compliance requirements. Auditor/Officer may recommend working collaboratively with teams to implement corrective actions and enhance the Bank’s security posture. Engaging with management to understand new initiatives, providing information on the inherent security risks and outlining ways to mitigate the risks. Staying up to date with emerging security threats, technologies, and industry best practices. Working with management to understand information flow, risks associated with information flow, and best ways to protect information. Participates in relevant training in an effort to monitor, share, and discuss threats. Attends conferences and participates in training programs. Assist the Internal Audit Manager with execution of other audit fieldwork, written reports of internal audit reviews given to the Board of Directors, including findings, analyses, conclusions and recommended actions. Assist with the execution and completion of all special projects assigned; and, all other duties assigned. Skills and Abilities: Time Management - Managing one's own time. Critical Thinking - Using logic and reasoning to identify the strengths and weaknesses of alternative solutions, conclusions or approaches to problems. Reading Comprehension - Understanding written sentences and paragraphs in work related documents. Active Listening - Giving full attention to what other people are saying, taking time to understand the points being made, asking questions as appropriate, and not interrupting at inappropriate times. Speaking - Talking to others to convey information effectively. Writing - Communicating effectively in writing as appropriate for the needs of the audience. Mathematics - Using mathematics to solve problems. Competencies: Problem Sensitivity - The ability to tell when something is wrong or is likely to go wrong. It does not involve solving the problem, only recognizing there is a problem. Oral Comprehension - The ability to listen to and understand information and ideas presented through spoken words and sentences. Written Comprehension - The ability to read and understand information and ideas presented in writing. Oral Expression - The ability to communicate information and ideas in speaking so others will understand. Deductive Reasoning - The ability to apply general rules to specific problems to produce answers that make sense. Inductive Reasoning - The ability to combine pieces of information to form general rules or conclusions (includes finding a relationship among seemingly unrelated events). Knowledge- The ability to be proficient in the application of internal auditing theory, standards, procedures and techniques. Working Conditions: The work for this position is conducted in an office environment and the requirement for travel is limited. Travel will be required to drive to each bank facility as needed for audits. This position may require some extended hours as workload and deadlines dictate. Education and Experience: Candidate must have one of the following IT Certifications- CISSP, CISM, CRISC, or CISA or in the process of obtaining one of these certifications. Must have a minimum of five years information security/technology/audit experience. Resource Bank strives to be the employer of choice - EEO\Minority\Female\Vets\Disabled
Expiration Date
8/10/2024
How to Apply
Apply online.