SOCAudit Security Analyst

Overview

The SOC2 Audit Security Analyst will be responsible for managing the planning, scheduling, evidence collection and evaluation, documentation, and delivery, of required audit materials to third-party vendor auditors. They will support with the auditors the production of the final SOC2 Type II reports, which include HIPAA controls. This individual’s focus will be assisting in receiving favorable final SOC2 Type II reports within established timelines, while acting as a liaison between Subject Matter Experts, Application/System Owners, and the external vendor auditor.

This individual will have proven competencies and exposure within Information Technology and/or Auditing domains. This individual will work in a coordinated team environment and will need logical data and information analysis and evaluation skills and the ability to communicate requirements clearly to stakeholders.

• Act as an audit focal point, delivering a disciplined approach to preparing, requesting, tracking, and reviewing audit documentation to meet controls.
• Organize, review, and evaluate controls and evidence and provide guidance and feedback to stakeholders from all areas of the company to respond to the controls.
• Ability to understand, revise, and communicate control objectives and identify where there may be gaps in process, procedures, and/or policy to meet those controls. Assign and track appropriate remediation.
• Understand operations and technical environments, with an emphasis on process, procedure, and policy.
• Ability to develop and promote strong long-term partnerships with Subject Matter Experts, Application/System Owners, and external vendor auditors.
• Develop, maintain, and follow a schedule to ensure audit deliverables are obtained as required to meet audit deadlines.
• Engage with all areas, including technical and non-technical stakeholders to assign work deliverables, and provide rigorous consistent follow-up on the status of the deliverables required.
• Proactively identify and manage risks or issues that require escalation to keep deadlines on track.
• Ability to critically evaluate controls and output provided to ensure the spirit of and evidence requirements for the controls are met.
• Manage and adjust/reprioritize workload to meet audit deadlines.
• Prepare weekly team status reports for leadership.
• Supervise and mentor other SOC2 Type II Audit Associates and stakeholders to ensure audit objectives are met and to assist with audit knowledge transfer.

• Bachelor’s degree in accounting information systems, Business Management Information Systems (MIS), Information Security and Assurance, Risk Management, or related major. Four years of Governance, Risk, Compliance or Audit experience can be substituted.
• Knowledge of audit concepts, control environment review, evaluation techniques, and general business acumen.
• A broad-based understanding of audit management practices and experience supporting audits through to conclusion.
• Direct experience with SOC2, SOC1, ITGC, or other related audits preferred.
• Ability to manage comprehensive audit control sets, define, document, and effectively collect and organize large amounts of data to address evidence requirements, and clearly communicate the output to auditors.
• Requires detail oriented, analytical ability, consultative skills, critical thinking, and the ability to work effectively in a cross-functional, multi-disciplinary, team environment.
• Ability to understand, develop expertise, and adjust quickly to new technologies, industry, and organizational changes, and to modify associated audit requirements and documentation accordingly.
• Takes initiative and possesses the confidence to identify attestation examination issues and propose a solution to add value, not just check the box.
• Strong project coordination ability, with proven success in driving deliverables with varied organizations for on time, on budget and in scope delivery.