Position Summary:
As an Information Security Auditor within the IS and Compliance team, you'll be responsible for safeguarding internal company data and client data through robust information security, compliance, and risk management programs. You'll manage the development, deployment, and execution of controls and defenses to ensure the security and compliance of our technology infrastructure and data assets. This role involves developing and executing security controls, defenses, and countermeasures to prevent attacks on email, data, e-commerce, and web-based systems, as well as administering policies to control access to systems.
Expected Duties:
-Audit Participation:
Facilitate audit testing for SOC 2, PCI DSS, and SOX compliance, develop and monitor controls, and assist with remediation guidance.
-Cloud & Systems Audits:
Lead audits of cloud environments, information systems, and security tools to ensure adherence to frameworks, laws, and regulations.
-Security Assessments:
Support comprehensive assessments of security controls to determine their effectiveness and ensure they meet security requirements.
-Stakeholder Guidance:
Guide stakeholders on securing systems and liaise with auditors and compliance teams to implement compensating controls.
-Research & Best Practices:
Research best practices and trends in information security, ensure execution of required testing, and lead remediation activities for successful security audits/certifications.
-Identify Weaknesses:
Identify weaknesses in internal controls, provide guidance on improving security compliance processes, and partner with stakeholders to implement solutions.
-Policy Alignment:
Ensure alignment with internal policies and external regulatory requirements, continuously identify process enhancements, and stay current on changing regulatory requirements and industry frameworks.
Qualifications: Knowledge, Skills, and Abilities
-Education & Experience:
Bachelor's degree with 4-6 years of related experience or equivalent work experience.
-Audit Expertise: 3+ years of experience in external/internal audit roles managing and leading AICPA SOC 2, PCI DSS, and SOX audits.
-Framework Knowledge:
Knowledge of industry frameworks and standards such as ISO/IEC 27001:2013, PCI DSS, NIST CSF, and NIST 800-53.
-Security Controls:
Experience implementing and/or assessing IT security controls to meet security, compliance, and audit requirements.
-Certifications:
Possess or be working towards professional security certifications such as CISA, CISSP, CRISC, CCSP, CISM, GIAC, QSA, or similar.
-Consensus Building:
Expertise in building consensus across business partners and technology leaders, and influencing successful outcomes.
-Project Management:
Strong project management and communication skills, including the ability to gather relevant data, work in a team environment, and manage conflict.
-Cloud Assessments:
Experience assessing controls within multi-cloud environments and effectively communicating results to stakeholders.
-Control Documentation:
Assist with documenting control objectives and procedures in areas such as cybersecurity, cloud security, governance and compliance, DevSecOps, data security and protection, incident response, enterprise security architecture, and technology risk management.
-Problem-Solving Skills: Strong business and technical aptitude and problem-solving skills.
-Continuous Learning:
Enthusiasm to learn through structured, on-the-job, and self-directed training.
-Communication Skills:
Ability to communicate security-related concepts to a broad range of technical and non-technical staff.
This role offers an exciting opportunity to ensure the security and compliance of our technology infrastructure and data assets. If you're passionate about information security and risk management, we'd love to hear from you!MeridianLink has a wonderful culture where people value the work they do and appreciate each other for their contributions. We develop our employees so they can grow professionally by preferring to promote from within. We have an open-door policy with direct access to executives; we want to hear your ideas and what you think.
Our company believes that to be productive in the long term, we must have a genuine work-life balance. We understand that employees have families and full lives outside of the office. To that end, we honor their personal commitments.MeridianLink is an Equal Opportunity Employer. We do not discriminate based on race, religion, color, sex, age, national origin, disability, or any other characteristic protected by applicable law.MeridianLink runs a comprehensive background check, credit check, and drug test as part of our offer process.
Salary range of $94,500 - $133,400. [It is not typical for offers to be made at or near the top of the range.] The actual salary will be determined based on experience and other job-related factors permitted by law including geographical location.
Meridianlink offers:
Potential For Equity-Based AwardsInsurance coverage (medical, dental, vision, life, and disability)Robust paid time offPaid holidays401(k) plan with company matchRemote workAll compensation and benefits are subject to the terms and conditions of the underlying plans or programs, as applicable and as may be amended, terminated, or superseded from time to time.#LI-REMOTEApply for this job
