Audit Project Manager for Security and Compliance


  • Organize and lead security and compliance projects such as PCI, ISO 27001, and SSAE-18:  Develop and manage plans for audit pre-planning, execution, remediation, and post remediation validation.
  • Manage the annual audit calendar
  • Coordinate and schedule meetings with auditors and POC/point of contact (during audits); ensure efficient use of the time
  • Manage the audit evidence
  • Develop internal processes and workflows that focus on security and/or compliance
  • Make recommendations to change policies as the business or regulatory environment evolves
  • Work with product and engineering teams, staying current on new products, and providing input on potential security and privacy requirements
  • Work with the Information Security and Privacy team members to understand the company’s information security and privacy risk profile, in order to do audit planning
  • Assist in planning and executing ad hoc security and privacy audits.
  • Work cross-functionally on technology implementation projects to validate controls and meet Information Security and Privacy requirements

You should:

  • Be meticulously organized
  • Be able to anticipate the needs of the auditors and the teams producing evidence
  • Know the ins-and-outs of PCI and ISO 27001, and what’s required to get through such audits
  • Be good at working on several projects simultaneously
  • Be independent and self-motivated

Preferred Qualifications:

  • 3 or more years of experience with internal audit with a focus on Information Security and Privacy
  • Have PMO experience on audit management
  • BA/BS or equivalent experience
  • Demonstrated experience of project management practices and managing audit projects through their lifecycle.
  • Communication skills, interpersonal skills, and presentation skills that allow effective interactions with business partners
  • Working knowledge of audit participation in systems development/change management projects, including experience with ensuring information security and privacy control requirements are included in the system/process design and adequately tested prior to going into production environment.
  • CISSP or CISA or CISM certifications a plus
  • Understanding of e-commerce, cloud computing, web technologies and security architecture