Audit Project Manager for Security and Compliance
- Organize and lead security and compliance projects such as PCI, ISO 27001, and SSAE-18: Develop and manage plans for audit pre-planning, execution, remediation, and post remediation validation.
- Manage the annual audit calendar
- Coordinate and schedule meetings with auditors and POC/point of contact (during audits); ensure efficient use of the time
- Manage the audit evidence
- Develop internal processes and workflows that focus on security and/or compliance
- Make recommendations to change policies as the business or regulatory environment evolves
- Work with product and engineering teams, staying current on new products, and providing input on potential security and privacy requirements
- Work with the Information Security and Privacy team members to understand the company’s information security and privacy risk profile, in order to do audit planning
- Assist in planning and executing ad hoc security and privacy audits.
- Work cross-functionally on technology implementation projects to validate controls and meet Information Security and Privacy requirements
- Be meticulously organized
- Be able to anticipate the needs of the auditors and the teams producing evidence
- Know the ins-and-outs of PCI and ISO 27001, and what’s required to get through such audits
- Be good at working on several projects simultaneously
- Be independent and self-motivated
- 3 or more years of experience with internal audit with a focus on Information Security and Privacy
- Have PMO experience on audit management
- BA/BS or equivalent experience
- Demonstrated experience of project management practices and managing audit projects through their lifecycle.
- Communication skills, interpersonal skills, and presentation skills that allow effective interactions with business partners
- Working knowledge of audit participation in systems development/change management projects, including experience with ensuring information security and privacy control requirements are included in the system/process design and adequately tested prior to going into production environment.
- CISSP or CISA or CISM certifications a plus
- Understanding of e-commerce, cloud computing, web technologies and security architecture