Security Auditor Granite Telecommunications
Quincy, MA

Job Description

Granite Background & History

Granite is one of the premier communications services provider to businesses across the United States and Canada. We provide exceptional customized service with an emphasis on reliability and outstanding customer support and our customers include over 85 of the Fortune 100. Granite has over $1.4 billion in revenue with more than 2,000 employees and is headquartered in Quincy, MA just off I-93 and directly next to the North Quincy T Station on the Red Line. Our mission is to be the leading telecommunications company wherever we offer services as well as provide an environment where the value of each individual is recognized and where each person has the opportunity to further their growth and achieve success.

Granite has been recognized by the Boston Business Journal as one of the "Healthiest Companies" in Massachusetts. Our Quincy office has an onsite dining facility and a fully equipped state of the art gym that offers daily Cross Fit, Mixed Martial Arts, and Yoga classes available to employees at zero cost.

Granite's philanthropy is unparalleled with over $200 million in donations to organizations such as Dana Farber Cancer Institute, The ALS Foundation and the Alzheimer's Association to name a few.

We have been rated a "Fastest Growing Companies" by Inc. Magazine past ten consecutive years in a row (2007-2016).

If you are a highly motivated individual who wants to grow your career with a fast paced and progressive company, Granite has countless opportunities for you.

EOE/M/F/Vets/Disabled

General Summary of Position:

Granite has an immediate need for a Security Auditor to review, assess, report on and recommend security changes based on findings. The Security Auditor will play a critical role in Granite's move to achieve SOC-2 compliance and FISMA moderate and high level certifications. This person will report to the EIS Information System Security Manager.

The right candidate will be a self-starter, able to work independently or as a team member. Must be able to thrive in a fast paced environment and learn new technologies quickly. This is a growing company where you will be able to have a significant impact on our internal processes and get a chance to add directly to the goals of the organization.

Duties and Responsibilities:

* Plan, execute and lead security audits across Granite, including EIS environment and Commercial environment per SSP security controls.
* Inspect and evaluate information systems, management procedures and security controls
* Evaluate the efficiency, effectiveness and compliance of operation processes with corporate security policies and related government regulations
* Develop and administer risk-focused exams for IT systems
* Review or interview personnel to establish security risks and complications
* Execute and properly document the audit process on a variety of computing environments and computer applications
* Assess the exposures resulting from ineffective or missing control practices
* Accurately interpret audit results against defined criteria
* Weigh the relevancy, accuracy and perspective of conclusions against audit evidence
* Provide a written and verbal report of audit findings
* Develop rigorous "best practice" recommendations to improve security on all levels
* Work with management to ensure security recommendations comply with company procedure
* Collaborate with departments to improve security compliance, manage risk and bolster effectiveness
* Actively participate in all EIS Security Meetings.

Required Qualifications:

* BA/BS degree in computer science, networking, accounting, finance or a related field, or sufficient experience in public accounting, internal auditing, or other field that would provide the same basic knowledge.
* A minimum of four years operational IT audit experience in an environment that provides exposure to sophisticated information systems audit techniques, network security, technology infrastructure, software development and project management.
* Knowledge of TCP/IP and Tenable Nessus Scanning Platforms
* Knowledge of SIEMs/logging platforms, preferably LogRhythm
* Knowledge of CIS Benchmarks and Remediation
* Understanding of concepts related to information systems audit, including security and control risks such as logical and physical access security, change management, information security, business recovery practices and network technology.
* Strong analytical ability, including network and network systems design, capacity planning, operations methodology, error detection/resolution techniques, quality assurance techniques, and IT implementation and management methodologies.
* Familiarity with NIST 800-53 security controls, FISMA and FedRamp system categorizations and related security controls.
* Ability to gather data, compile information, and prepare reports.
* Ability to perform control reviews on systems development, operation, programming, control, and security procedures and standards.
* Familiarity with SOC 2.
* Demonstrated ability to work independently while contributing to the success of the team
* Minimal travel
* Ability and willingness to attain GSA Public Trust-2 clearance.