Risk & Compliance Auditor

Risk & Compliance Auditor

J. J. Keller is seeking a Risk & Compliance Auditor to help strengthen and maintain our internal control environment and compliance posture. In this role, you will support audits across multiple frameworks, including information security safeguards, ensure adherence to policies and procedures, and partner with stakeholders to drive continuous improvement. To maintain audit independence, this role operates separately from other business units, ensuring objective oversight and governance across the organization.

• Coordinates and conducts internal and external audits for SOC 2 Type II, ISO 27001, PCI-DSS, Professional Background Screening Association standards (FCRA) and other standards.
• Evaluates audit results, recommends improvements, and issues deficiency notices as needed.
• Evaluates, monitors and consults on resulting corrective action plans and remediation efforts.
• Coordinates and manages the completion of penetration tests with external consultants and internal resources, and the development, implementation, and monitoring of related corrective action plans, and distribution of resulting reports to interested parties.
• Reviews policies, guidance and training for information security, and provides consulting services promoting overall achievement of corporate security objectives and compliance with regulatory and customer requirements.
• Maintains security incident response plans and metrics.
• Leads evaluation of security incident reports, and execution of incident response efforts, including task management, resource coordination, after action reviews, and incident documentation.
• Participates in business continuity efforts by assisting with annual security incident tabletop exercises and generating a post-exercise review.
• Manages the Optro Governance, Risk & Compliance software platform, including creating audits, deploying audit questions, entering corrective actions, generating reports and monitoring completion status.
• Triages security policy exceptions.
• Evaluates and consults on the business risks and proposed compensating controls.
• Follows up on approved exceptions expiring.

• Education and Experience Requirements:
  
  Bachelor's degree in Business or related field required. Minimum of 3 years of related auditing experience required, including exposure to information security controls.
• Other Skills/
  
  Qualifications:
  
  Experience addressing security and compliance terms in commercial contracts. Experience with ISO 27001 and privacy frameworks, and auditing to those frameworks. Experience completing security questionnaires and evaluating vendors. Experience with Governance, Risk and Compliance tools. Strong interpersonal, written, and verbal communication and presentation skills. Strong analytical, problem-solving, and conflict management skills. A curious and practical mindset that can balance compliance with ethical and business needs.
  
  Ability to work cross-functionally, with many teams, including sales, infrastructure, security, and product teams. Ability to influence and lead business partners and supporting teams.