Senior Analyst, IT Corporate Audit - Cybersecurity

A Brief Overview

Cybersecurity Senior Analyst is a key member of the Internal Audit team responsible for executing cybersecurity audits across the organization’s technology environment. The role performs detailed testing of security controls and information systems to evaluate the design and operating effectiveness of cybersecurity defenses and support the overall assessment of the organization’s control framework.

• Independently execute cybersecurity audit testing, including performing detailed test procedures, evaluating control design and operating effectiveness, and documenting results in accordance with audit standards and methodology.
• Own assigned audit areas end-to-end, including walkthroughs, evidence collection, validation, and workpaper documentation, ensuring accuracy, completeness, and audit defensibility.
• Perform testing procedures to assess key cybersecurity domains, including cloud security (Azure & GCP), network security, data protection, application security, and third-party/vendor risk management.
• Identify control gaps, document exceptions, and contribute to the development of audit findings and recommendations.
• Apply risk-based thinking when evaluating issues, including consideration of mitigating and compensating controls.

• Collaborate with Audit Managers and team members to support audit execution, validate control effectiveness, and ensure timely completion of deliverables.
• Partner with IT, compliance, and business stakeholders to understand processes, obtain evidence, and validate remediation activities.
• Build and maintain effective working relationships across technology teams.

• Leverage data analytics and emerging technologies (e.g., AI tools) to enhance audit testing procedures, coverage, and efficiency.
• Contribute to continuous improvement of audit methodologies, tools, and testing approaches.

• Develop clear, concise, and well-supported work papers and documentation.
• Effectively communicate audit results, issues, and risks to audit team members and management.

• Stay current on cybersecurity risks, trends, tools, and techniques and apply insights to audit testing and risk identification.
• Support knowledge sharing and training efforts within Internal Audit to enhance cybersecurity awareness and capabilities.

• 3+ years of experience in information security, risk, or compliance, with a focus on cybersecurity controls.
• At least one relevant cybersecurity certification (e.g., CISSP, CISM, or equivalent)

• Experience in a large, complex environment (e.g., healthcare, insurance, or retail).
• Demonstrated ability to independently execute moderately complex audit or control testing areas.
• Working knowledge of regulatory and industry frameworks (e.g., HIPAA, ISO, PCI DSS, NY DFS, NAIC, SOX, HITRUST).
• Familiarity with cybersecurity domains such as cloud security, vulnerability management, ransomware, and security testing tools.
• Proven ability to collaborate across teams and build strong stakeholder relationships.
• Strong analytical, problem-solving, and critical thinking skills.
• Effective written and verbal communication skills.

• Bachelor’s degree in Information Technology, Cybersecurity, or a related field preferred or equivalent experience (High School Diploma + 4 years of relevant experience).

40

Full time

$79,310 - $158,620

We take pride in offering a comprehensive and competitive mix of pay and benefits that reflects our commitment to our colleagues and their families. The benefits for this position include medical, dental, and vision coverage, paid time off, retirement savings options, wellness programs, and other resources, based on eligibility.

Qualified applicants with arrest or conviction records will be considered for employment in accordance with all federal, state and local laws.