IT GRC Audit Analyst Ten X
Irvine, CA

Job Description

Auction.com is the nation's leading online real estate marketplace focused exclusively on the sale of residential bank-owned and foreclosure properties via online auctions and live trustee sale events. By offering access to exclusive properties and technology designed to seamlessly connect buyers and sellers, Auction.com empowers residential real estate investors and financial institutions to achieve optimal, mutually beneficial results - to go beyond the bid.

JOB SUMMARY:

Assists with planning, organizing, and implementing GRC efforts pertaining to IT Security, Disaster Recovery, and Audit functions related to all company Information Systems. Ensures that facilities, data systems and databases are protected according to recognized Industry Standards and in conformance with Bank Client contractual requirements, including regulatory standards where applicable. Responsible for assisting the INFOSEC Department, and IT Engineering in general, apply sound Information Assurance practices for reliable audit metrics pertaining to IDS/IPS, WAF/ WAN/LAN Firewalls, Systems and Network Administration and Software Engineering security best practices within the SDLC.

CAREER LEVEL:

Mid-level

ESSENTIAL DUTIES AND RESPONSIBILITIES:

Duties and responsibilities which occupy a major portion of time and importance in the job, will include one or more of the following duties:

Coordinates with the various Engineering Teams gathering essential systems reports to be used to establish metrics for INFOSEC department review and evidence for audits.

Works alongside INFOSEC personnel evaluating metrics regarding the effectiveness and efficiency of existing security control measures, in order to provide the appropriate assurance results for audits.

Performs auditing and monitoring analysis of policies, systems, procedures to verify compliance with established security policies, notifying appropriate individuals of observed violations.

Identifies gaps in protection and compliance, recommending solutions to remediate or mitigate the risks associated with the protection gaps.

Works with staff at all levels in the organization, vendors and contractors to insure protections are effective, efficient and non-disruptive to the appropriate duties, rights and mission of the individuals within the various business organization(s).

Assists with documentation regarding all inquiries related to alleged security breaches as well as maintaining internal in-scope policies and procedures and evidence preparation for audit questionnaires.

Assists and advises staff regarding department appropriate security and disaster recovery procedures.

May assist with maintaining training and awareness programs to ensure data owners, custodians and users are aware of their responsibilities.

May make written and oral presentations on security issues.

REQUIRED QUALIFICATIONS:

Bachelor's degree in Computer Science, Information Systems or related field; or equivalent experience.

Minimum six years' Information Security & Audit experience within a business computing environment, Banking/Financial or Real Estate environment helpful.

Excellent communication, interpersonal and project management skills.

Experience with all or most of the following information security technologies:

o Active Directory

o Intrusion detection/prevention systems (IDS/IPS)

o Web filtering

o Vulnerability scanners

o Encryption technologies for data at rest and data in transit

o Mobile device and removable media protection or management systems

o Forensic analysis

o Security Information and Event Management (SIEM) systems

o Common Vulnerabilities and Exposures (CVE) databases

o Anti-Virus

o Network Access Control

Familiarity with the following IS principles:

o Data center environmental and physical security controls;

o IT operations, including service availability management, system monitoring and batch processing;

o Change, problem & incident management;

Familiarity with risk assessment and risk management concepts or processes.

Experience with: networking and network security, database principles, security architectures.

Working knowledge of various regulatory and standards body security requirements - particularly:

o GLBA, NIST, ISO 27001/27002, SOC (SSAE 18).

Ability to work independently, relying on experience and judgment to plan for and accomplish goals.

Thorough knowledge of IT security principles and practices and the ability to evaluate the effectiveness and efficiency of existing security control measures.

Currently held Certification: CISA preferred, equivalent acceptable (i.e. GIAC, or CRISC).

To all recruitment agencies: Auction.com does not accept agency resumes unless you are part of our preferred partner network. Please do not forward resumes to our jobs alias, Auction.com employees or any other company location. Auction.com is not responsible for any fees related to unsolicited resumes.