Information Security Audit Manager - Remote

Overview:

The Information Security (IS) Audit Manager is assigned to the Information Security Team at CIS. Reporting to the Director of Information Security Governance, Risk, and Compliance (GRC), the Information Security Audit Manager will collaborate with other cybersecurity team members to promote the CIS mission and help support our growth. The primary purpose of this position is to evaluate and manage the control implementation within the organization and measure compliance to internal standards and best practices.

The Center for Internet Security (CIS) makes the connected world a safer place for people, businesses, and governments through our core competencies of collaboration and innovation. We are a community-driven nonprofit responsible for industry leading best practices for securing IT systems and data. We lead a global community of IT professionals to continuously evolve these standards and provide products and services to proactively safeguard against emerging threats.

• Base salary is determined on a number of factors including, but not limited to, education, experience and skills
• Health (PPO, EPO, HSA), Dental & Vision Insurance eligibility starting from the first day of hire
• $500 wellness card for Health Coverage Participants
• 401(k) with 4% Company Match, vested from the first day of hire
• Flexible Spending Account (FSA) & Dependent Care Account (DCA)
• Life Insurance
• Bonding Leave
• Paid Volunteering Program
• Bonus eligibility
• Paid Time Off (PTO) inclusive of vacation, personal and sick time
• Paid Holidays
• Wellness Program
• Employee Engagement Activities
• Professional Development Opportunities
• Tuition Reimbursement
• Student Loan PayDown Program
• Employee Referral program
• Employee Assistance Program

• Manage and build a compliance framework working with all business units to create a SOC2 and ISO 27000 compliant infrastructure
• Manage the day-to-day operations of the Information Security Audit team
• Lead the control implementation strategy and auditing functions of various controls based on the established CIS control framework
• Coordinate development of the corporate privacy policy and the implementation of privacy-based controls required for global privacy compliance and ISO27701 certification
• Implement a risk-based monitoring approach that helps define risk mitigation strategies, and aligns to implemented control effectiveness
• Monitor the audit team’s performance and tasking including internal account assessment and review remediation activities for exceptions or areas of improvement
• Provide input into new strategies, technologies, and projects within the organization to assure ‘privacy by design’ and adherence to control requirements
• Other tasks and responsibilities as assigned

• Bachelor’s degree in Computer Science, Cybersecurity, IT Compliance, or a related field*
• 5+ years’ experience in IT auditing, security operations, or related position
• 3+ years’ experience leading, supervising, coaching, and providing strategic direction to teams and/or individuals
• Demonstrated experience with the CIS control and compliance evaluations requirements, examples would include ISO27001, SOC2, NIST 800-171, etc.
• Demonstrated knowledge and application of the CIS Controls
• Experience with training end users, system administrator’s, peers, and executives in regards to controls, compliance, and cybersecurity best practices
• Must be authorized to work in the United States

It's a plus if you have:

• Experience in the not-for-profit environment
• Master degree in Computer Science, Cybersecurity, or IT Compliance
• Contributed or developed information technology policies, standards, and procedures
• CISA certification, CIPP certification
• COBIT5, NIST Cybersecurity Framework or other related frameworks for implementing cybersecurity control

*Additional years of relevant experience or a combination of an Associate’s degree or equivalent and relevant experience may be substituted for the Bachelor’s degree.

At CIS, we are committed to providing an inclusive environment in which the diverse backgrounds, experiences, and views of our employees, members, and customers are valued and respected. It is through this commitment that we are able to work together towards our common mission: to make the connected world a safer place.