Senior IT Auditor
LogRhythm is looking for a Senior IT Auditor that will build the program, operationalize it, and ensure that we meet the requirements set forth by our external auditors, certifying bodies, our contractual agreements, all while meeting customer expectations of a security company. This critical position will report directly to the Chief Security Officer.
This position gives you the ability to learn and interact with all facets of the corporate security and information technology programs. You’ll gain experience on the administrative side of security, related to governance, risk, and compliance. You’ll also gain experience on the technical side of security working with the information technology, security, development, and development operations teams. It’s an opportunity to validate and improve information security for an information security company.
- Develop, operationalize, and execute the internal audit program (processes, procedures, scheduled cadence, reports, plans, etc.)
- Collaborate with internal and external stakeholders, such as information security, information technology, marketing, product management, engineering (product security), devops teams (SaaS security), and external audit partners
- Create and deliver reports, metrics, and plans for both internal and external stakeholders
- Provide business and IT management with guidance on risk management matters; business continuity, disaster recovery, vendor management, change management, etc.
- Ensure compliance with audit controls related to ISO27001, NIST, FedRAMP, SOC2 (COSO), GDPR, Privacy Shield, state privacy regulations, FIPS/Common Criteria, PCI-DSS, other certifying bodies, and the contractual agreements with our customers
- Consult with governance, risk, and compliance teams to implement policies and procedures
- Identify weaknesses in technology systems and architecture and create plans to ensure those are remediated
- Work directly with and be the liaison for our external auditors
- Previous internal or external audit experience, especially working with technology companies
- Strong understanding of technology and security frameworks and regulations; ISO27001, NIST, FedRAMP, SOC2 (COSO), GDPR, Privacy Shield, and FIPS/Common Criteria, PCI-DSS, etc.
- Strong written and verbal communication skills and previous experience with audit reporting
- Experience translating business requirements with standard, practices, organizational processes, and to best determine risk to the business
- Knowledge of IT systems, applications, data and the general controls that protect them
- Knowledge of governance, risk, and compliance and how that relates to IT audit
- Experience interacting with external auditors and the certifying processes
- Experience working with software development teams
- Certifications are a nice to have (CISA, CIA, CPA, CISSP, CISM, etc.)
- Degree or equivalent experience in finance, accounting, legal, risk management, business administration, or computer science
Salary and Other Compensation
- The annual starting salary for this position is between $90,000-$115,000, depending on experience and other qualifications of the successful candidate.
- LogRhythm offers the following benefits for this position, subject to applicable eligibility requirements.
- 401k plan
- Flexible time off
- Employee assistance program
- Created:/ Revised Date: May 26th 2021
- Reporting to: - Director of Security
- Location: - Boulder, Colorado (will consider US remote working)
- Employment Status: - Full Time
- FLSA/ Applicable State Law Status- Exempt
Workplace equality & inclusion are not just words or topics for LogRhythm, they are part of our core values, beliefs, and integral to our company culture. We hire the best of the best and do not discriminate based on race, gender, age, religion, sexual orientation, identity, or other personal factors. LogRhythm was built on the principals of innovation, dedication, creativity, and commitment. It is through these key areas we were able to grow as an equal and inclusive workplace, one where our employees feel respected and safe in.
Disclaimer: The salary, other compensation, and benefits information is accurate as of the date of this posting. The company reserves the right to modify this information at any time, subject to applicable law.