Cybersecurity Auditor | GRC | ISO & SOC or ITGC

This job is with Cornerstone OnDemand, an inclusive employer and a member of my Gwork – the largest global platform for the LGBTQ+ business community. Please do not contact the recruiter directly.

Cybersecurity Auditor | Pune, Mumbai or Hyderabad | ISO & SOC or ITGC | Hybrid

Position Summary:

The Global Governance, Risk and Assurance team is responsible for maintaining compliance with enterprisecybersecurity control frameworks, policies and procedures. The team is part ofthe global Cybersecurity Engineering and Assurance organization at Cornerstone On Demand .

The Cybersecurity Auditor is a critical role in supporting the overall strategy and vision of the Cybersecurity Engineering & Assurance team, and reports into the Associate Director of Cybersecurity& Assurance.

In this role, you will be responsible for performing internal audits, enabling cyber certifications and external audits, managing cyber risk and ensuring continued assurance withthe company's compliance frameworks.
In this role you will...
Perform cybersecurity audits and risk     assessments in all areas of the organization in line with the global     Internal Audit Program's objectives
Document audit procedures, recommend     remediation plans and liaise independently with stakeholders to validate     implementation
Work with functional owners to ensure control     objectives and activities meet compliance standards for effectiveness and assurance     evidence
Publish and present timely and high-quality audit     reports
Partner with leaders     across business functions such as Engineering,     Cloud Operations, Privacy, Product and Customer Success to implement effective cybersecurity controls
Identify emerging cybersecurity and information technology risks, evaluate internal controls to treat risks, and develop opportunities to continuously uplift control frameworks
Work with Cornerstone's external partners and     cross functional teams to schedule appropriate internal audit testing     and/or risk assessments.
Perform formal reviews of new technologies,     initiatives and strategic projects against the company's cybersecurity     requirements
Recommend updates to cybersecurity policies, standards     and operating procedures to address new industry practices, requirements     and regulations
Illustrate ownership and accountability and ensure     operational efficiency

Educational Background:
Degree in     Information Technology, Computer Science, Cybersecurity or related fields
CISA, CRISC, CISSP and/or ISO 27001 LA/LI desired

You'vegot what it takes if you have...

2y-4y total     years of experience in cybersecurity, compliance, IT audits and/or cyber risk     management
Hands-on     expertise in industry-standard cybersecurity assurance standards (e.g.,     SOC 2, ISO 27001, NIST, PCI DSS, SOX 404, etc.), trends and best practices
Experience in auditing general and automated controls, including but not limited to logical security, physical security, change and problem management, data backup, disaster recovery and incident management
Knowledge of security tools, technologies and control best practices for domains such as IAM, encryption, system hardening, anti-malware, data leakage prevention, NIDPS, network security and vulnerability management

Hands-on exposure to auditing and/or securing     leading cloud PaaS technologies platforms such as Amazon Web Services,     Google Cloud and Microsoft Azure
Proficient in Word, Excel, PowerPoint and other     Microsoft 365 tools
Mature data     analysis, documentation, articulation and presentation skills
Ability     to communicate effectively with stakeholders across global regions and     organizational levels
Ability to work autonomously with flexibility and excellent     judgment
Ability to work effectively under pressure to meet deadlines

Ability to solve problems quickly and automate processes
Ability to work cooperatively as part of a team
#LI-Hybrid

]]>