Information Security & Risk Management - Audit Manager

Morgan McKinley is on the lookout for a motivated individual to join a growing team and play an integral role in organizing and managing internal and external audits.

The ideal candidate has a strong background in information security risk management programs, a deep understanding of industry best practices and frameworks, and a track record of collaborating across teams on complex projects.

Key Responsibilities:

• Develop audit programs and plans, determine the scope of audit coverage, and manage internal and external audit engagements.
• Oversee the audit process, make recommendations on policies, and ensure compliance obligations are met.
• Coordinate and/or perform audit work, review reports and management responses, and review workpapers for proper support.
• Identify factors causing deficient conditions and provide constructive, practical recommendations for audit findings.
• Support iterative review of assessment results and follow up on the implementation of corrective actions.
• Conduct compliance assessments and internal control testing of critical business processes and systems.
• Identify and manage the implementation of new compliance requirements introduced by changes to regulations and frameworks like ISO 27001, SOC 2, NIST 800-53, and GDPR.
• Contribute to the development of scalable models and tools to improve decision-making and accuracy.
• Assimilate risk and compliance assessment data into concise reports and dashboards for leadership.

Skills and Attributes:

• A self-starter who can drive tasks to completion independently and learn new skills as program requirements evolve.
• Possesses strong business judgment, deep analytical thinking, and the ability to manage multiple responsibilities in a fast-paced environment.
• Strong verbal and written communication skills and a solution-oriented approach.
• Experience with information security frameworks and industry standards such as NIST 800-53, ISO 27001, and COSO.
• Experience performing IT audits and control testing.
• Experience using GRC tools and technologies to support the assessment and audit process.
• Expertise in security control design, development, implementation, and monitoring.

Qualifications:

• Bachelor's degree in Computer Science, Engineering, or a related field, or equivalent work experience.
• CISA, CRISC, CISM, or CISSP certifications are preferred.

If this matches you, please apply or reach out directly for a confidential chat.