Technology Audit Architect at Asurion
Posted in Management 12 days ago.
This job brought to you by eQuest
Location: Nashville, Tennessee
The Technology Audit Architect reports to the Director of Audit, Compliance and Risk, within the Global Security Organization. This person will design, implement, and manage Technology Audit Programs to ensure compliance with regulatory and contractual requirements and industry standards (to include PCI and SOC1 in support of the Chief Privacy Officer and Chief Security Officer for the firm). The Technology Audit Architect has demonstrated in past roles the ability to work effectively with very limited supervision in a client facing capacity. The Technology Audit Architect's responsibility will include leading security-related audits and drive compliance and alignment of Technology resources with Security Best Practices.
- Maintain ISA Certification.
- Lead, conduct and complete PCI Attestations on behalf of the company. This will include identifying technical requirements, ensuring communication of these requirements with appropriate Technology staff, auditing and testing the * Technology environment to ensure alignment of capabilities with technical requirements, communication of these audit or test findings with the relevant Technology staff and completion of all reports necessary to complete and submit Asurion's PCI attestation.
- Coordinate and represent Asurion in negotiations with acquiring banks and credit card processors with regards to Asurion's PCI attestation.
- Lead Asurion's response to client audits to include coordination of the collection of audit artifacts, reviewing to ensure adequacy and appropriateness, participating in interviews (both onsite and telephonic) and representing Asurion with the client to ensure our programs are appropriately represented to minimize audit findings.
- Lead proactive audits to educate stakeholders on contractual and regulatory requirements, collect artifacts to ensure compliance with client requirements and readiness for client audits, and identify any gaps so that mitigation strategies can be implemented or risk treatment decisions be made.
- Provide audit preparation training to internal personnel participating in client audits.
- Provide consulting services to the Business and IT.
- Mentor junior auditors.
- Perform other related duties as assigned.
- BA or BS in Computer Science, Management Information Systems, or related field desirable, practical experience plus education and certifications may be considered.
- Ten+ years of progressive experience in computing, audit, information security, risk management including experience with Internet technology, security technology, issue resolution and leading teams in a cross functional, global setting.
- Experience should include Big Four technology auditing, PCI, risk analysis and compliance testing.
- ISA or ability to obtain ISA Certification within first three months required, CISA, CISSP or other security related certifications strongly desired.
- Knowledge of information security standards and controls (e.g., PCI, NIST, ISO 27001, CIS, etc.), rules and regulations related to information security and data confidentiality and desktop, server, application, database, network security principles for risk identification and analysis.
- Strong analytical and problem solving skills are necessary.
- A practiced ability to influence peers, customers and project teams to make security-minded decisions and changes.
- Must be self-directed, organized and have excellent time management skills
- Ability to work in a fast-paced, dynamic environment while maintaining high quality output and a positive working relationship with peers and management
- The ability to operate under ambiguous circumstances, address uncomfortable issues and leverage data to make informed decisions.
- Exceptional teamwork, collaboration and interpersonal skills required
- Excellent communication (oral, written, presentation), interpersonal and consultative skills are required.
- This position requires some weekend and evening assignments as well as availability during off-hours for participation in scheduled and unscheduled activities.