IT Auditor
About us;
LogRhythm, a Thoma Bravo company is a world leader in NextGen SIEM, empowering thousands of enterprises on six continents to successfully reduce cyber and operational risk by rapidly detecting, responding to and neutralizing damaging cyberthreats. LogRhythm’s technology serves as the foundation for the world’s most modern enterprise security operations centers (SOCs), helping customers measurably secure their cloud, physical, and virtual infrastructures for both IT and OT environments. Built for security professionals by security professionals, the LogRhythm NextGen SIEM Platform has won countless customer and industry accolades.
Who we are looking for;
LogRhythm is looking for a IT Auditor that will build the program, operationalize it, and ensure that we meet the requirements set forth by our external auditors, certifying bodies, our contractual agreements, all while meeting customer expectations of a security company. This critical position will report directly to the Chief Security Officer.
Here’s an overview of the responsibilities & challenges ahead;
This position gives you the ability to learn and interact with all facets of the corporate security and information technology programs. You’ll gain experience on the administrative side of security, related to governance, risk, and compliance. You’ll also gain experience on the technical side of security working with the information technology, security, development, and development operations teams. It’s an opportunity to validate and improve information security for an information security company.
- Develop, operationalize, and execute the internal audit program (processes, procedures, scheduled cadence, reports, plans, etc.)
- Collaborate with internal and external stakeholders, such as information security, information technology, marketing, product management, engineering (product security), devops teams (SaaS security), and external audit partners
- Create and deliver reports, metrics, and plans for both internal and external stakeholders
- Provide business and IT management with guidance on risk management matters; business continuity, disaster recovery, vendor management, change management, etc.
- Conduct audits and control assessments to validate compliance with ISO27001, NIST, SOC2 (COSO), GDPR, Privacy Shield, state privacy regulations, FIPS/Common Criteria, other certifying bodies, and the contractual agreements with our customers
- Consult with governance, risk, and compliance teams to implement policies and procedures
- Identify weaknesses in technology systems and architecture and nsure those are remediated
- Present audit findings to executive management
- Work directly with and be the liaison for our external auditors
Required Skills:
- Previous internal or external audit experience, especially working with technology companies
- Strong understanding of technology and security frameworks and regulations; ISO27001, NIST, SOC2 (COSO), GDPR, Privacy Shield, and FIPS/Common Criteria, etc; understanding of HIPAA, PCI, and FedRamp would be a plus
- Strong written and verbal communication skills and previous experience with audit reporting
- Experience translating business requirements with standard, practices, organizational processes, and to best determine risk to the business
- Knowledge of IT systems, applications, data and the general controls that protect them
- Knowledge of governance, risk, and compliance and how that relates to IT audit
- Experience interacting with external auditors and the certifying processes
- Experience working with software development teams
- Certifications are a nice to have (CISA, CIA, CPA, CISSP, CISM, etc.)
- Degree or equivalent experience in finance, accounting, legal, risk management, business administration, or computer science
Workplace equality & inclusion are not just words or topics for LogRhythm, they are part of our core values, beliefs, and integral to our company culture. We hire the best of the best and do not discriminate based on race, gender, age, religion, sexual orientation, identity, or other personal factors. LogRhythm was built on the principals of innovation, dedication, creativity, and commitment. It is through these key areas we were able to grow as an equal and inclusive workplace, one where our employees feel respected and safe in.