Cybersecurity Internal Audit Analyst
Within Octane’s Risk Governance and Operations team, the Cybersecurity Internal Audit Analyst will be responsible for auditing IT, Security Engineering and other functions to attest to their compliance with our cybersecurity and privacy regulations, as well as cybersecurity frameworks and external audits. In this role, the Analyst will require extensive knowledge of the cybersecurity domains and processes in order to evaluate the design and effectiveness of processes and controls.
This role reports to the Director of Security and Resilience.
In the course of audits, the Analyst will need to navigate SaaS systems, data sets and reports. To efficiently execute the assigned tasks, we plan to automate whenever possible. We will favor candidates with technical skills in order to implement part of this automation.
Responsibilities:
- Audit management
- Provide guidance in defining purpose and scope of audits
- Provide guidance in defining the audit methodology
- Assess workload for planned audits
- Identify need for additional discussions with auditees to clarify processes and controls - Lead the evidence gathering
- Document clear and thorough output of auditees interviews
- Assess design and effectiveness of controls
- Document and report gaps in design and effectiveness of controls
- Make recommendations to close gaps in design and effectiveness of controls Responsibilities: Reporting
- Provide guidance in building reports to present to Risk leadership on the status of technology risk and compliance issues based on assessment results and information from various monitoring and control systems
Responsibilities:
- Keep abreast of IT-Security projects and activities
- Identify important efficiency gains in evidence gathering and controls testing - In collaboration with supervisor, implement scripts based on identified efficiency gains
Skills:
- Bachelor’s degree in Computer Science, Management Information Systems, Cybersecurity or another related field.
- 2+ years of work experience in Audit, Risk, and/or Compliance.
- Very good verbal and written communication
- Ability to articulate complex technical issues in simplified terms to the relevant staff/business teams
- Ability to synthesize a variety of data points, problem solve, and formulate remediation actions for processes and controls
- Substantial experience working on at least one of the following frameworks/audits: NIST CSF, ISO 27001, SOX, CCPA, SOC2
- Basic programming skills - python, powershell or other scripting language
- Ability to work independently with limited supervision
- Experience working with GRC tools
Benefits
- Robust Health Care Plans (Medical, Dental & Vision)
- Generous Parental Leave
- Up to 5 weeks PTO (self-managed)
- Retirement Plan (401k) with Company contribution
- Educational Assistance/Tuition Reimbursement up to $3K/year
- Life Insurance (Basic, Voluntary & AD&D)
- Short Term / Long Term Disability & Life insurance
- Pre-Tax Commuter Benefits
Octane Lending is an equal opportunity employer committed to providing equal employment opportunity without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, age, disability, or any other protected status with respect to recruitment, hiring, promotion and other terms and conditions of employment
#LI-AR1
#LI-Hybrid