IT Auditor at LogRhythm
Senior IT Auditor
LogRhythm is a world leader in NextGen Security Information and Event Management (SIEM), empowering organizations to successfully reduce risk by rapidly detecting, responding to and neutralizing damaging cyberthreats. Our platform combines user and entity behavior analytics (UEBA), network traffic and behavior analytics (NTBA) and security automation & orchestration (SAO) in a single end-to-end solution. Among other accolades, LogRhythm is positioned as a Leader in Gartner’s SIEM Magic Quadrant. We are based in Boulder, CO with offices in Maidenhead UK, Australia, Singapore, Germany and The Netherlands.
LogRhythm is looking for a Senior IT Auditor that will build the program, operationalize it, and ensure that we meet the requirements set forth by our external auditors, certifying bodies, our contractual agreements, all while meeting customer expectations of a security company. This critical position will report directly to the Chief Security Officer.
This position gives you the ability to learn and interact with all facets of the corporate security and information technology programs. You’ll gain experience on the administrative side of security, related to governance, risk, and compliance. You’ll also gain experience on the technical side of security working with the information technology, security, development, and development operations teams. It’s an opportunity to validate and improve information security for an information security company.
- Develop, operationalize, and execute the internal audit program (processes, procedures, scheduled cadence, reports, plans, etc.)
- Collaborate with internal and external stakeholders, such as information security, information technology, marketing, product management, engineering (product security), devops teams (SaaS security), and external audit partners
- Create and deliver reports, metrics, and plans for both internal and external stakeholders
- Provide business and IT management with guidance on risk management matters; business continuity, disaster recovery, vendor management, change management, etc.
- Conduct audits and control assessments to validate compliance with ISO27001, NIST, SOC2 (COSO), GDPR, Privacy Shield, state privacy regulations, FIPS/Common Criteria, other certifying bodies, and the contractual agreements with our customers
- Consult with governance, risk, and compliance teams to implement policies and procedures
- Identify weaknesses in technology systems and architecture and nsure those are remediated
- Present audit findings to executive management
- Work directly with and be the liaison for our external auditors
- Previous internal or external audit experience, especially working with technology companies
- Strong understanding of technology and security frameworks and regulations; ISO27001, NIST, SOC2 (COSO), GDPR, Privacy Shield, and FIPS/Common Criteria, etc; understanding of HIPAA, PCI, and FedRamp would be a plus
- Strong written and verbal communication skills and previous experience with audit reporting
- Experience translating business requirements with standard, practices, organizational processes, and to best determine risk to the business
- Knowledge of IT systems, applications, data and the general controls that protect them
- Knowledge of governance, risk, and compliance and how that relates to IT audit
- Experience interacting with external auditors and the certifying processes
- Experience working with software development teams
- Certifications are a nice to have (CISA, CIA, CPA, CISSP, CISM, etc.)
Degree or equivalent experience in finance, accounting, legal, risk management, business administration, or computer science
LogRhythm is proud to be an equal opportunity employer. We are committed to equal opportunity regardless of race, color, ancestry, religion, gender, gender identity, genetic information, parental or pregnancy status, national origin, sexual orientation, age, citizenship, marital status, disability, or Veteran status.