Senior Security Control Assessor
Heredia, Heredia, cr
hace 1 día

Senior member of the Control Assurance team reporting to the Information Security Control Assurance Testing Manager.

May lead or support the independent comprehensive assessments of the management, operational, and technical security controls and employed within processes or IT systems to determine the overall effectiveness of the controls.

Tasks / Responsibilities

  • Contribute to the planning of control tests, including risk identification, sampling, selection of controls, testing methods and reporting criteria.
  • May lead control testing teams, to perform design and operating effectiveness testing of information security controls, including;
  • fieldwork, testing and reporting activities.

  • Provides peer review for control testing documentation produced during testing and act as Quality Assessor for tests they may lead, ensuring the accurate and timely completion of all the required control testing documentation.
  • Will identify and document control deficiencies including root causes, risk descriptions, consistent issue ratings and recommendations for improvement.
  • Is involved in creating and presenting reports of control testing findings to the testing stakeholders, including the socialization of any findings.
  • Maybe the primary contact with business stakeholders for the controls tests they lead, and is responsible for the quality of control testing engagements and stakeholder communications including regular status updates.
  • Contributes to the efficiency of the control testing program, by ensuring KPIs are measurable, that testing materials are standardized, and stakeholder feedback is captured to facilitate continual improvement.
  • Qualifications

    Experience / Knowledge / Skills / Abilities / Qualifications

  • 3+ years’ experience performing IT Audit or Information Security control assessments.
  • Bachelor’s degree in computer science, management information systems or relevant field or equivalent demonstrable experience.
  • CISA, CISM, CISSP, PCI QSA, ISO Lead Auditor or comparable certifications preferred.
  • Knowledge of cybersecurity principles and organizational requirements relevant to confidentiality, integrity, availability, authentication and non-repudiation.
  • Knowledge of governance, risk, and controls principles
  • Good collaboration and interpersonal skills
  • Skills in verbal and written communication
  • Skill in preparing plans and related correspondence
  • Skill in determining the protection needs of information systems, processes and networks
  • Skill in conducting reviews of systems
  • Skill in performing impact / risk assessment
  • Skill in performing root cause analysis
  • Skill in managing expectations and demonstrating commitment to delivering quality results
  • Ability to apply critical reading / thinking skills
  • Ability to answer questions in a clear and concise manner
  • Ability to ask clarifying questions
  • Ability to facilitate small group meetings
  • Ability to collect, verify, validate and analyze test data
  • Ability to translate data and test results into evaluative conclusions
  • Ability to exercise judgement when controls are not well defined
  • Reportar esta oferta

    Thank you for reporting this job!

    Your feedback will help us improve the quality of our services.

    Mi Correo Electrónico
    Al hacer clic en la opción "Continuar", doy mi consentimiento para que neuvoo procese mis datos de conformidad con lo establecido en su Política de privacidad . Puedo darme de baja o retirar mi autorización en cualquier momento.
    Formulario de postulación