Security Auditor Job Description
Security auditor
provides subject matter expertise related to ISO27001, PCI DSS, SOC 1, SOC 2, and other information security regulations.
Security Auditor Duties & Responsibilities
To write an effective security auditor job description, begin by listing detailed duties, responsibilities and expectations. We have included security auditor job description templates that you can modify and use.
Sample responsibilities for this position include:
Remain current with PCI DSS and new information from the PCI SSC and card brands, all IT Security and Cybersecurity best practices
Coordinating the PCI annual assessment with the QSA and internal stakeholders
Identifying technology and control risks within each PCI area
Providing technical consultation on PCI related technical controls
Working with the Motion Picture Association of America (MPAA) and other member studios to address content security matters on an industry level
Assisting with pre-retail leak research to determine the source of home entertainment piracy
Working with the Motion Picture Association of America and other member studios to address content security matters on an industry level
Participating in special audits or project reviews
Develop andmaintain security related control, process flow and narrative documentation
Leverage priorexperience to provide project teams guidance on effective role-based applicationsecurity design as part of the implementation of ‘in-scope’ SOX applications
Security Auditor Qualifications
Qualifications for a job description may include education, certification, and experience.
Licensing or Certifications for Security Auditor
List any licenses or certifications required by the position: CISA, CISSP, CISM, CIA, ISACA, CRISC, QSA, PCI, ISO, GIAC
Education for Security Auditor
Typically a job would require a certain level of education.
Employers hiring for the security auditor job most commonly would prefer for their future employee to have a relevant degree such as Bachelor's and Master's Degree in Computer Science, Information Systems, Technical, Education, Business, Information Technology, Accounting, Information Security, Finance, Engineering
Skills for Security Auditor
Desired skills for security auditor include:
HIPAA
Basic Networking
HTTP and HTML
SOC 2
TCP/IP
Vulnerability handling and validation
Change management
Operating systems
PCI
PCI-DSS
Desired experience for security auditor includes:
Create, directand/or perform the preparation and execution of security related IT controltests including IT Segregation of Duties reviews
Partner withall levels of IT management to ensure that SOX Testing is conducted in acooperative, timely and efficient manner with value added reporting and costeffective recommendations being provided to management to strengthen controls
Routinelysummarize and communicate to effected ITmanagement and control owners, controlweaknesses identified during testing and share any insight into operations orsuggestions for corrective actions and improvements that will drive increased efficiency while mitigatinginternal controls business risks
Monitorsecurity remediation plan execution through ‘deficiency closed’ phase
Performcustomary administrative tasks and responsibilities
Five or moreyears of experience with internal controls evaluation, COSO, COBIT, ITIL,ITGCC, and SOX 404 requirements including all phases of planning, evaluation,documentation, testing and remediation
Security Auditor Examples
1
Security Auditor Job Description
Job Description Example
Our innovative and growing company is hiring for a security auditor. To join our growing team, please review the list of responsibilities and qualifications.
Responsibilities for security auditor
- Planning, coordination and execution of risk based audit, reviewing the adequateness and effectiveness of internal controls within the DB Technology and supporting organizations
- Support of global and regional audit teams executing audits and with adequate familiarization also independently coordinating and leading audits
- Engaging in and maintaining constructive relations to management in covered areas and to stakeholders, effectively establishing a relationship management role
- Coordinated and constructive collaboration with Principle Audit Managers and auditors within the Global Group Audit organization
- Consolidating and documenting audit results of regional and global audits into an audit report to be reviewed by the responsible PAM
- Review, tracking and validation of open audit issues closure requests
- Comply with the Group Audit Methodology and be a natural role model and reference point for peer group
- Core objective is the identification and classification of so far unknown risks, to be communicated to the responsible management and to support impacted areas implementing risk remediation in an advisory capacity
- Able to work in a coordinated manner with fellow Principal Auditors, both locally and globally, building contacts and relationships with clients and colleagues through effective teamwork and innovative thinking
- Have an innovative mindset and be able to develop ideas which are implemented and have a positive impact
Qualifications for security auditor
- Experience with large and complex financial institutions or another highly-regulated industry
- Seven or moreyears of technology and audit experience (general technology controls,application, and pre-implementation system development reviews) within a publicaccounting, and/or internal audit function
- OOracle Database and Security Administration
- Good working knowledge of the UNIX/Linux/Windows systems and security administration, Active Directory, QUEST Active Roles Server, Roles Based Access Controls, Privileged access management tools
- A clear understanding of differences between independent oversight, supervision and execution responsibilities
- Experience in IT Audit and control concepts of Pre- and Post implementation audits
2
Security Auditor Job Description
Job Description Example
Our growing company is hiring for a security auditor. Please review the list of responsibilities and qualifications. While this is our ideal list, we will consider candidates that do not necessarily have all of the qualifications, but have sufficient experience and talent.
Responsibilities for security auditor
- Fundamental understanding of regulatory requirements for financial institutions
- Bachelors Degree in Computer Science or a related scientific degree
- CISA, CISM, CSSIP, Security+, CEH or equivalent qualification preferred
- Working closely with control owners to identify solutions and close issues
- Review and analyze technical documents including
- Promote a risk-conscientious environment
- Primarily focused on Cyber Security (cyber risk, hacking etc) Product Security, and pre-implementation project execution
- Rotational strategy – after you have had a few years to get to know the business and the areas that align to your aspirations, we encourage and help you transition
- Work/life balance – work hard, play hard (far better balance than most Public IT Audit roles)
- Minimal travel – IT and audit functions most of the finance groups are based in Milwaukee
Qualifications for security auditor
- Big 4 Audit or I.T
- Extensive experience in IT Security and audit
- On-site assessments
- External vulnerability assessments and reporting
- Internal vulnerability assessments and reporting
- Social Engineering Testing
3
Security Auditor Job Description
Job Description Example
Our growing company is looking to fill the role of security auditor. Thank you in advance for taking a look at the list of responsibilities and qualifications. We look forward to reviewing your resume.
Responsibilities for security auditor
- The Information Technology Auditor IV shall be responsible the timely execution of risk-based information Systems audits in accordance with the annual audit plan
- As a member of the IT Controls and Assurance team, execute audits as per the annual plan
- Develop a strong working relationship with various stakeholders (both Internal and External) to help execute a successful audit program
- Add ‘value’ to the organization by advising management on ways to improve effectiveness and efficiency of controls
- Provide timely updates to management on the progress of audits and escalate any issues as appropriate
- Engage with independent auditors, certification bodies
- You give recommendations to strengthen IT environments against such breaches
- Create and maintain information system security documentation, Standard Operating Procedures (SOP), checklists, and Plans of Action and Milestones (POA&M)
- Conduct periodic and continuous monitoring of the system, procedures, and documentation to ensure compliance with the authorization package
- Conduct daily, weekly and monthly review and management of the audit collection system
Qualifications for security auditor
- Strong preference for CISSP, CISA certifications
- Must have the ability to interact with a broad range of people at all levels across multiple divisions, in particular, personnel from Creative, Production, Post-Production and
- 3 years of experience in Information Technology Audit, Information Security and /or other relevant experience
- Experience identifying information technology risks, testing network and application security, and providing management with information and recommendations
- Working knowledge of industry information security, information technology, information systems standards
- Understanding of Identity and Access Management technologies and methodologies across multilayer and multi-technology networks, system, application and databases
4
Security Auditor Job Description
Job Description Example
Our company is looking for a security auditor. Thank you in advance for taking a look at the list of responsibilities and qualifications. We look forward to reviewing your resume.
Responsibilities for security auditor
- Monitor and assist with security infractions and assist in security investigations and responses as requested
- Communicate well, both written and verbal
- Support the implementation of the Group Audit risk-based methodology including
- Strictly adheres to and enforces system security policies and follows all company standards
- Supporting the implementation of the Group Audit risk-based methodology including
- Assists with monthly, quarterly, and annual regulatory audits and follow-up as necessary to ensure completion
- Perform systems and application security access reviews
- Acts as a liaison between the client’s internal/external auditors and Dell internal teams to ensure all auditor requests are completed accurately and in a timely manner
- Lead assigned IT audit projects to achieve department guidelines and within established timetables with high quality results
- Identifies risks and controls within applications and systems that supports key business processes and performs an assessment to determine audit scope
Qualifications for security auditor
- CISA certification is mandatory
- Degree in Environmental Engineering, Management Engineering or comparable education
- Minimum of 2-year experience in social, environmental and security audit within structured companies or auditing firms
- Good Knowledge of Italian and European applicable legislation and SA8000 international standard
- Understanding of supply chain processes would be a plus
- Fluency in Italian and English (read, written, spoken)
5
Security Auditor Job Description
Job Description Example
Our growing company is hiring for a security auditor. We appreciate you taking the time to review the list of qualifications and to apply for the position. If you don’t fill all of the qualifications, you may still be considered depending on your level of experience.
Responsibilities for security auditor
- Conducting Privacy Impact Assessments (PIA)s of all Major, Minor and GSS systems
- Obtaining security authorizations for systems by conducting security audits of the network and devices for Federal Information Security Management (FISMA)
- Ensuring information systems maintain appropriate operational security posture consistent with FISMA and working in close collaboration with information system owners
- Serving as an advisor on matters involving the security of information systems, and providing security training
- Developing and ensuring compliance with security policies, standards, and procedures
- Monitoring information systems and operational environments
- Developing and updating security plans/requirements
- Managing and controlling changes to systems, and assessing security impact
- Ensuring information system owners integrate and implement security requirements into the design, development, and configuration of information systems
- Completing all work assignments on a timely basis
Qualifications for security auditor
- Proven risk assessment and problem solving skills
- High ethical standards and level of discretion
- Available to business trips (almost 50% of time)
- BS degree (or equivalent) and minimum of 4 years of IT related experience
- Bachelor Degree in Environmental Engineering, Management Engineering, Humanities or Social Sciences
- At least 1-year experience in social, environmental and security audit within structured companies or auditing firms