Audit Manager | On-Site, Arizona
united states • Audit • Full-Time
MegaplanIT is a Security Testing, Compliance Assessment & Managed Security (MDR) firm specializing in over 48 technically advanced services designed to protect cardholders and other sensitive data, secure in-scope networks, systems & web/mobile applications to ensure that organizations are both secure and compliant. MegaplanIT’s growth derives from providing our clients with quality service and consistent communication to ensure that we have exceeded their Security & Compliance needs while delivering on-demand support to bolster their defense against tomorrow’s cyber threats.
Headquartered in Scottsdale, AZ, we are looking to add an experienced PCI Qualified Security Assessor (QSA) to our growing team.
The Audit Manager provides security assessments and consulting services to a wide range of clients against industry standards such as SSAE-18 SOC 1 & 2, PCI DSS, ISO, HIPAA, and NIST. The Audit Manager prepares executive and technical level reports for clientele detailing the assessment findings, including any security gaps, and helps to identify solutions to improve the client’s security posture. This is a remote position with minimal travel requirements.
The role of the Audit Manager in executing management testing and being able to provide direct reports technical expertise and training. The Audit Manager will need to demonstrate superior organizational skills as there is a high volume of work. The work will need to be executed within established department policies, procedures, standards, and protocols.
- Provide practical recommendations for information security and governance around a diverse range of technologies and compliance drivers which include ISO, PCI, and HIPAA
- Perform comprehensive technical audits such as SSAE-18 SOC 1 & 2, PCI DSS, ISO 27001/27002, NIST 800-53/171/CSF, and HIPPA Security for MegaplanIT Holdings, LLC clients
- Provide Trusted Advisory Services as well as Policy and Procedure Development during audit engagements
- Develop reports that detail compliance gaps for all assessments, including risk severity level, systems impacted, business risk summary, and recommendations for remediation
- Create roadmaps to achieve full compliance before a formal audit via gap assessment techniques with prioritized remediation steps, estimated work efforts, and associated timelines
- Manage and drive evidence gathering for all standards’ requirements and advise clients on how to achieve compliance
- Review Deliverables with clients, guide remediation activities and provide advisory services that could be of benefit concerning industry trends around achieving and maintaining compliance (i.e., technical solutions)
- Serve as a Subject Matter Expert, providing knowledge and assistance in a broad range of security, risk, and compliance fields
- Assist Business Development/Sales team by answering operational and technical questions related to but not limited to SSAE-18 SOC 1 & 2, PCI DSS, PCI SLC, PCI SSF, ISO27001/27002, Policy and Procedure, Penetration Testing, and HIPAA compliance.
- Support security practice offerings in pre-sales and post-sales roles
- Assist with developing and managing internal and external delivery processes, procedures, and methodologies
- Develop and maintain positive relationships with client personnel
- Maintain high morale by contributing to an effective, positive work environment
- Ability to guide oneself through a professional development process, including timely completion of reviews and goal setting for additional training and certification
- Deliver work that meets or exceeds expectations based on a strong understanding of the client’s business and needs
- Maintain effective communication between other consultants, management, and client stakeholders
- Participate in industry conferences and professional organizations
- Provide additional value for clients by offering constructive insights and consultative advice based on personal experience with the client, their industry, established standards, and leading practices
- Demonstrate a high level of commitment to client success as shown by responding promptly to changes in client expectations both professionally and effectively.
- Knowledge of SSAE-18 SOC 1 & 2 regulations with an emphasis on testing requirements, auditing in administrative services, and basic accounting principles
- Professional certifications (e.g., CPA, CIA) and/or an MBA along with demonstrated technical abilities in select areas (regulatory compliance, security, privacy, cyber security, etc.) are preferred
- Abilities in select areas (e.g., accounting, regulatory compliance, etc.) are preferred
- Able to multi-task and work independently with minimum supervision to meet client deadlines
- Must be flexible, proactive, quick to learn, and possess a can-do attitude
- Excellent written and oral communication skills with the ability to express their thoughts clearly, know how to listen, and be able to contribute to a team environment
- Proven experience conducting enterprise risk and security assessments
- Ability to conduct IT audits about policies, process and procedure design, and information security aspects of privacy and regulatory compliance standards
- Be able to communicate compliance, information security, and technology issues clearly to business and technical clientele
- Pass criminal background check
- Possess sufficient information security knowledge and experience to conduct technically complex security assessments
- Possess a minimum of one year of experience in each of the following information security disciplines:
- Application security
- Information systems security
- Network security
- Possess a minimum of one year of experience in each of the following audit/assessment disciplines:
- IT security auditing
- Information security risk assessment or risk management
- Minimum of 5 years of previous experience conducting assessments
- Experience in SSAE-18 SOC 1 & 2 work is preferred
- Candidates should have previous management experience
- Full Time
- The compensation Range for this role is based on the national averages. The actual salary offer will be based on the experience and expertise of the successful candidate