Information Security Auditor

The successful candidate will be responsible for the designing, testing, reporting, and maintaining IT General Controls and Application level controls for Andesa Services in support of SOC-1/SOC-2 audits and client service level agreements.

Primary Responsibilities:

  • Coordinate SOC-1 and SOC-2 reviews with external auditors.
  • Drive the Internal Control Questionnaire (ICQ) process designed to assess the design and operating effectiveness of existing SOC-1/SOC-2 controls.
  • Design and execute tests of key IT controls.
  • Assign control activities to “owners” and ensure that they carry out these activities.
  • Educate control owners as appropriate to ensure understanding of controls assigned.
  • Periodically report to management on the state of IT controls including control deficiencies in need of remediation.
  • Provide a sound basis for the “Management Assertion” in the SOC-1 and SOC-2 reports.
  • Respond to client inquires on the SOC-1 and SOC-2 reports – i.e. testing exceptions, control remediation, etc.

Essential Skills:

  • Ability to speak effectively to clients and employees of organization.
  • Ability to create and maintain detailed documentation of control environment using risk/control matrices and flow diagrams.
  • Ability to work independently as well as within a team at a high level.
  • Knowledge of IT Auditing, IT General Controls, IT Application level controls.
  • Ability to design controls in support of achieving control objectives.

Education, Training and Experience

  • Bachelor degree in Auditing, Information Systems or equivalent experience.
  • At least two (2) years relevant work experience (Auditing, IT Controls, etc.)
  • Appropriate professional certification preferred – e.g. CISA.
 
RECENT NEWS

Andesa Services Announces Roy Peterson as Chief Technology Officer

MEDIA COVERAGE

BCTV Features Article on Andesa CEO’s Appointment to Albright Board of Trustees

FROM THE BLOG

Accentuate the Positive