Information Security Auditor

The successful candidate will be responsible for the designing, testing, reporting, and maintaining IT General Controls and Application level controls for Andesa Services in support of SOC-1/SOC-2 audits and client service level agreements.

Primary Responsibilities:

  • Coordinate SOC-1 and SOC-2 reviews with external auditors.
  • Drive the Internal Control Questionnaire (ICQ) process designed to assess the design and operating effectiveness of existing SOC-1/SOC-2 controls.
  • Design and execute tests of key IT controls.
  • Assign control activities to “owners” and ensure that they carry out these activities.
  • Educate control owners as appropriate to ensure understanding of controls assigned.
  • Periodically report to management on the state of IT controls including control deficiencies in need of remediation.
  • Provide a sound basis for the “Management Assertion” in the SOC-1 and SOC-2 reports.
  • Respond to client inquires on the SOC-1 and SOC-2 reports – i.e. testing exceptions, control remediation, etc.

Essential Skills:

  • Ability to speak effectively to clients and employees of organization.
  • Ability to create and maintain detailed documentation of control environment using risk/control matrices and flow diagrams.
  • Ability to work independently as well as within a team at a high level.
  • Knowledge of IT Auditing, IT General Controls, IT Application level controls.
  • Ability to design controls in support of achieving control objectives.

Education, Training and Experience

  • Bachelor degree in Auditing, Information Systems or equivalent experience.
  • At least two (2) years relevant work experience (Auditing, IT Controls, etc.)
  • Appropriate professional certification preferred – e.g. CISA.
paper airplane graphic


Andesa Celebrates Their Employees During Employee-Ownership Month