We are anticipating the need to hire a Site Security Auditor in the near future.
The Site Security Auditor at ISE will assist in the growth of our media and entertainment vendor audit program. Our ideal candidate for the Site Security Auditor must have hands-on technical expertise with GRC tools, intrusion prevention & detection and direct experience with security audits.
What you’ll do at ISE:
Perform site assessments of services facilities, which conduct workflows at physical premises, including commercial and residential scenarios.
Drive client security through knowledge of security protocols and demonstrating responsible cybersecurity practices, including risk management, control implementation, ISMS implementation, and business continuity management, among other topics, to build a stronger overall security posture.
Conduct meetings with clients and clients’ vendors’ employees, while addressing the vendors’ security policies, workflow, physical, and digital security parameters.
Create audit plans to test key controls and verify compliance. Assess the severity of identified weakness and the impact of the risk involved.
Identify security gaps based on Motion Pictures Association (MPA) Best Practices and other best practice and standard bodies, understand any underlining causes or related impact, and how to address them.
Document and present audit findings, observations, and conclusions to internal and external stakeholders.
Evaluate and develop recommendations to ensure vendors compliance with industry best practices.
Collaborate with leadership to develop adjustments to existing policies and practices in order to address gaps within business processes and within the audit process.
Ensure completion of the project within the agreed-upon level of effort and time frame.
Must Haves:
One year of experience within the last four years in Media & Entertainment industry audit experience.
Knowledge of security audit frameworks, practices, tools, and techniques.
Auditors should possess analytical and technical knowledge together with interviewing, interpersonal and presentation skills.
Experience with Motion Picture Associaton (MPA) Best Practices and how they are integrated in vendor locations.
Minimum of two years of experience conducting IT audits covering Content Security, Cyber Security, Information Security, and/or Information Systems.
At least one active information security, cybersecurity, and/or IT audit certification below.
CompTIA
Security+
CASP+
PenTest+
EC-Council
CEH
GIAC
GSEC
GISF
GWAPT
GISP
ISACA
CISA
CISM
CRISC
CGEIT
CDPSE
CSX-P
ISC2
CISSP
PECB
ISO 27001 Certified Auditor
What you bring to the table:
Experience reading and illustrating architecture and network diagrams.
Understanding of the principals of information security policies, business continuity plans, and industry control requirements as they pertain to the security of the content.
Ability to identify gaps and develop recommendations around operations, policy management, and physical and digital security.
Knowledge of compensating controls or alternatives due to restraints such a budget, employment, nature of content, etc.
Strong writing, communication, logistics/time management, professionalism.
Ability to travel internationally.
Salary:
Associate to Mid Level: $70K-$90K
Senior Level: $90K-$110K
If you don't meet all the criteria above but are still interested in the job, please apply. Nobody checks every box, and we're looking for someone excited to join the team.
What we bring to the table:
Work that matters; projects that impact people’s everyday life and wellbeing
Quality, integrity, dedication, and education: our core values.
Life balance: flexible schedule and unlimited vacation
Work from home option
$0 health premium plan option, including spouse and family.
Opportunities to research and publish, speak at major security events and conferences.
Leadership and peers that support and mentor you: your growth is our growth, your success is our success.
Relaxed and fun environment: ditch the suit and tie, sit or stand at your desk or find a sofa.
How you’ll learn at ISE:
Everyone has a mentor, or two or three sometimes. We hold you and ourselves accountable for your advancement. You’ll learn directly from your mentor, your colleagues, resources vetted by the team, and at regular firetalk lunches by your peers. You also have access to paid training, workshops, university courses, certification courses, and we’ll pay for the certs too. Want to learn a new skill that you aren’t currently using but want to? Great! Innovation is key–new technology is important.
About ISE:
ISE is an independent security consulting and software firm headquartered in Baltimore, Maryland dedicated to securing high value assets for global enterprises and performing groundbreaking security research. Using an adversary-centric perspective driven by our elite team of analysts and developers, we improve our clients’ overall security posture, protect digital assets, harden existing technologies, secure infrastructures, and work with development teams to ensure product security prior to deployment. Our team enjoys working in a creative, educational, and comfortable environment where they can thrive professionally.
Building a Better Community:
We value different viewpoints and fresh perspectives. We embrace people who challenge our thinking and question the status quo. We are opposed to narrow minded, exclusionary, and discriminatory viewpoints or practices that inherently undermine our creative process, hinder growth, and impede innovation.
Need more info?
Be sure you spend some time at www.ise.io. Make sure you look through all the perks on the Careers page, then check out our Research and Blog, our events page for the IoT Village, and About page. Follow us on Twitter @ISEsecurity and @IoTvillage
Thermo Fisher Scientific
Mazars
Mazars
Mazars
Mazars