Job Description

Locations

• Austin, Texas, United States 78727
• Cupertino, California, United States 95014

Salary

Skills Required

• evaluating technology risk areas from multiple perspectivesintermediate
• executing projectsintermediate
• proposing thoughtful and practical solutionsintermediate
• navigating complex environments technicallyintermediate
• navigating complex environments organizationallyintermediate
• highly motivated self-starterintermediate
• thrives in ambiguityintermediate
• thrives in dynamic environmentsintermediate
• lead complex audit projectsintermediate
• lead complex assessmentsintermediate
• identify risk areasintermediate
• scoping technical projectsintermediate
• executing technical projectsintermediate
• delivering technical projectsintermediate

Required Qualifications

• 7+ years experience in performing highly technical audits/assessments or leading or developing technical risk and compliance programs for engineering and security organizations. (experience, 7 years)
• Bachelor’s degree in Computer Science, Engineering, or related discipline, or commensurate experience (experience)

Preferred Qualifications

• Strong knowledge and hands on experience in the operation of technology practices and controls, including but not limited to: applications and infrastructure, threat and vulnerability assessments, change management, release management, access management, data center operations, third party cloud, asset management, networks and firewalls, data privacy, artificial intelligence and machine learning, databases, business continuity, disaster recovery, third party risk management, and emerging risk areas. (experience)
• Demonstrated proficiency in conducting reviews (e.g., audits, assessments, etc.) of highly technical areas including current/emerging technologies and key components of technology solutions such as networks, firewalls, operating systems, applications, databases, cloud services, data and information security, infrastructure, third party risk management, etc. (experience)
• Familiarity with public/private/hybrid cloud concepts (e.g, GCP, AWS), IaaS, PaaS and SaaS Services (compute, storage, network, security, administration, automation, application services, databases) in either native cloud or hybrid-cloud environments. (experience)
• Understanding of key infrastructure including micro-services architectures, Git, Infrastructure-as-a-code, Kubernetes, CI/CD frameworks. (experience)
• Strong knowledge and experience with compliance and regulatory standards (e.g., DMA, DSA, PCI, ISO, Sarbanes Oxley, SOC 1, SOC 2, HIPAA, GDPR, etc.). Ability to understand new regulatory standards and develop approaches to evaluating compliance against these standards and frameworks. (experience)
• Experienced in utilizing large scale data environments to develop analytics or methods for monitoring risk areas and evaluating control performance. Experience in developing scaleable continuous monitoring solutions is highly preferred. (experience)
• Knowledge and understanding of software engineering languages (e.g., Python, SQL). (experience)
• Ability to get things done, experience in delivering end-to-end projects timely with a high degree of quality. Proven ability to work well on a team, as well as independently, with limited supervision. (experience)
• Self-starter, exceptionally curious, can navigate ambiguity and challenges consistently, adapts well to change, and enjoys working in a dynamic environment. (experience)
• Highly collaborative. You possess a strong ability to work collaboratively as a member of the team and with cross-functional partners on detail oriented projects. (experience)
• Effective at seeing around corners and identifying/anticipating risk areas and the ability to navigate the organization to trigger thoughtful conversations (experience)
• Excellent project management and organizational skills. (experience)
• Ability to develop and deliver effective presentations to audiences and tailoring the message to the appropriate level, excellent communication skills, and ability to clearly articulate the impact of technical details to non-technical audiences. (experience)
• SAP knowledge and experience is a plus. (experience)
• CISSP and CISA certifications are preferred but not required. (certification)

Responsibilities

• The Internal Audit Department is seeking a Lead Engineering and Security Auditor who possesses a broad and diverse skillset to lead complex audit projects and assessments from start to finish. In this role, you will leverage your experience and expertise to actively identify risk areas and be a key contributor to the development of our plan. You will also play a crucial role in scoping, executing, and delivering a portfolio of technical projects. This is a high-visibility role on a small team that will provide you an opportunity to contribute to the organization’s control environment while also gaining exposure to many business areas.

Tags & Categories