Business Summary :
Come be part of VMware’s InfoSec Operations Assurance team! The InfoSec Ops Assurance team focuses on Operational Assurance to increase the InfoSec maturity level at VMware by performing policy, common controls, critical vendor audits and extended support to customer audits.
The InfoSec IT Audit Analyst will be responsible for supporting all InfoSec Operations Assurance related strategies and initiatives that support the company’s core security objectives.
The role will provide innovative advice to VMware’s stakeholders by providing risk based and objective assurance services to support regulatory, contractual obligations and process continuous improvements.
Job Role and Responsibilities :
Responsible for supporting the overall InfoSec Assurance strategy of protecting information assets and data.
Supports new critical Information Assurance projects and initiatives.
Supports the ongoing security compliance audits from customers and third-party vendor external information security assessments.
Participates and supports internal policy assessments including but not limited to policy tests of compliance, effectiveness and developing value-added recommendations to improve internal IT controls and operational efficiency.
Assess company processes and controls against ISO 27001, 27002, 27017, 27018 and other industry leading frameworks to identify gaps in design and execution and communicate issues and recommendations to control owners.
Evaluates security practices in terms of risk to the organization and helps identify controls to mitigate loss.
Work closely with management and business unit leaders, performing necessary due diligence to ensure the business units are correctly following the security policies and practices established by the company.
Accurately interpret collected evidence to effectively identify, recommend, and report improvement opportunities for processes and controls.
Properly document, prioritize and execute all security assurance related initiatives.
Complete other related activities as needed to support corporate objectives.
Required Skills :
Bachelor’s degree in Computer Science, Information Systems, or related field.
4+ years of relevant experience in IT Audit, IT Security, Information Risk Management, IT Governance, or other IT Compliance related area.
Experience working with ISO 27001, 27002, 27017 and 27018 standards and SOC1 / 2 / 3 assurance attestations required.
Have a good understanding of the information technology industry and cloud service models (i.e. Software as a Service (SaaS), Infrastructure as a Service (IaaS), Platform as a Service (PaaS), etc.
and their related information security requirements.
Familiarity with most common cloud services providers like Amazon AWS, Microsoft Azure, IBM Cloud, Google Cloud, etc.
Awareness of current technology solutions from diverse vendors like Microsoft, Cisco, Palo Alto, SAP, Oracle, etc.
Awareness of SDLC processes and their related information security requirements
Ability to manage multiple tasks and work under critical deadlines while also producing quality detailed work.
Basic to intermediate project management skills.
Fluent in English language.
Excellent professional written, verbal, listening, and negotiating skills.
Ability to communicate at different levels with either technical experts, senior level management and current customers.
Excellent organizational and leadership skills.
Ability to work well under pressure and in situations of ambiguity.
Team player, flexible, and able to resolve conflicts.
Certified Information Services Auditor (CISA), Certified Information Security Manager (CISM), Certified Internal Auditor, Certified Information Systems Security Professional (CISSP), Certified Cloud Security Professional (CCSP), Certificate of Cloud Security Knowledge (CCSK), or any other industry recognized certification.
Preferred Skills :
Experience working on PCI-DSS, HIPAA and SOX assessments is desirable
Awareness of process automation and data analysis is desirable.
Basic development skills and understanding of programming and scripting languages like Python, Bash, Java and Power Shell is desirable.