Cybersecurity Assurance Analyst (Audit)
About the role
The Cybersecurity Assurance Analyst (Audit) is responsible for coordinating and executing a variety of compliance audit controls to ensure compliance with Information Security Policy, industry standards, and various compliance standards. This role supports multiple compliance programs and involves managing the execution of multiple security controls validations simultaneously with specific deadlines.
Responsibilities
- Manage the execution of multiple security controls validations simultaneously with specific deadlines.
- Manage the assigned compliance program to successful completion each year.
- Manage scope and project timelines and assist in managing the project budget.
- Manage day-to-day vendor relationships and assist with vendor evaluations (or Requests for Proposals) as needed.
- Suggest improvements to the compliance and audit control processes.
- Document execution of information security controls and any findings identified during the control validation cycle.
- Consult with control owners such as system administrators, database administrators, application owners and others on developing complete and repeatable control processes including control documentation such as procedures, control evidence, narratives, control matrices, metrics reports, etc.
- Develop an understanding of each compliance standard and the validation requirements to satisfy the standards, including any policies, rules and regulations or laws governing the area reviewed.
- Communicate potential control gaps to management along with suggested remediation.
- Educate and train process owners on compliance obligations.
- Maintain and monitor progress of remediation steps on identified control deficiencies.
Requirements
- Bachelor's degree with 6+ years of experience or Master's degree with 4+ years of experience.
- 2-3 years practical experience with controls validation and compliance testing of CMMC audits, SSAE 16, AT-101 (SOC 1 / SOC 2), PCI, ISO, HIPAA, Privacy, NACHA, or SOX IT General Computer Controls auditing or similar audit experience.
- Professional/technical certifications such as CISA, CISSP, GSEC, or CISM or willingness to pursue.
Qualifications
- Strong communication skills to facilitate working with internal customers of a wide variety of audiences.
- Excellent organizational skills to ensure that the necessary documentation is retained for review by other organizations as appropriate.
Skills
- Experience with controls validation and compliance testing of CMMC audits, SSAE 16, AT-101 (SOC 1 / SOC 2), PCI, ISO, HIPAA, Privacy, NACHA, or SOX IT General Computer Controls auditing or similar audit experience.
- Ability to develop and document control processes and procedures.
- Knowledge of compliance standards and the validation requirements to satisfy the standards, including policies, rules and regulations or laws governing the area reviewed.
Benefits
Lumen offers a comprehensive package featuring a broad range of Health, Life, Voluntary Lifestyle benefits and other perks that enhance your physical, mental, emotional and financial wellbeing. We are committed to providing equal employment opportunities to all persons regardless of protected statuses. We do not tolerate unlawful discrimination in any employment decisions, including recruiting, hiring, compensation, promotion, benefits, discipline, termination, job assignments or training.
Pay
This information reflects the anticipated base salary range for this position based on current national data. Individual pay is based on skills, experience and other relevant factors.
Schedule
This is a remote opportunity open to candidates located anywhere in the U.S.
Equal Opportunity Employer
We are committed to providing equal employment opportunities to all persons regardless of race, color, ancestry, citizenship, national origin, religion, veteran status, disability, genetic characteristic or information, age, gender, sexual orientation, gender identity, gender expression, marital status, family status, pregnancy, or other legally protected status (collectively, “protected statuses”).