Experience Inc. Jobs

This job was posted by https://illinoisjoblink.illinois.gov : For more information, please see: https://illinoisjoblink.illinois.gov/jobs/12527666 Director, Internal Assurance

College Board - Risk Management Division

Location: This is a fully remote role.

Type:This is a full-time position

About the Team

The Information Security Governance Risk and Compliance (ISGRC) team at the College Board collaborates closely with other teams across the organization to assess and certify the security of College Board\'s information systems and processes. This dedicated team facilitates information security governance and compliance by supporting customer-facing initiatives such as third-party issued audits & certifications (ISO 27001:2022, PCI 4.0, and SOC2), responding to security questionnaires to existing and potential customers, assessing College Board\'s vendors, reviewing and negotiating contractual commitments to information security, providing disaster response and recovery oversight, testing system strength using industry-recognized frameworks, implementing information security policies, promoting security awareness and training, and testing the acumen of College Board employees through robust and innovative phishing campaigns.

About the Opportunity

In this role you will:

• Conduct internal audits to assess the effectiveness of security and technical controls

{=html} <!-- --> - Assess and evaluate controls for compliance with frameworks such as ISO27001:2022, SOC2, PCI 4.0, SOX IT General Controls, NIST 800-53 and HECVAT

{=html} <!-- --> - Identify and document control design and operating deficiencies and recommend improvements

{=html} <!-- --> - Collaborate with Technology, Security, GRC and business teams to develop remediation plans

{=html} <!-- --> - Prepare detailed audit reports and present findings to senior management

{=html} <!-- --> - Develop and maintain internal audit programs, procedures, workpapers and annual plans

{=html} <!-- --> - Demonstrate Internal Audit/Assurance function to external auditors in applicable audit and certification walkthroughs and engagements

{=html} <!-- --> - Stay up to date with industry\'s best practices and regulatory requirements

{=html} <!-- --> - Perform compliance readiness assessment and provide recommendations to Business, Technology and Security partners on identified gaps

About You

You have:

• Bachelor\'s degree in information technology, Management Information Systems, or equivalent program required with one or more current Information Security and/or Privacy certifications preferred (e.g., CISA, CRISC, ISO27001 Auditor)

{=html} <!-- --> - 10 or more years of hands-on experience in IT audit, particularly in technology and security controls (e.g., SOC 2 with 5 Trust Services Criteria)

{=html} <!-- --> - Experience leading and managing audits such as SOC2, PCI 4.0, ISO27001:2022, CSA CCM, HECVAT, NIST 800-53, SOX, SOC1, or similar types of audits

{=html} <!-- --> - Familiarity with Information Security principles and knowledge of IT processes (e.g., Access Management, Change Management, Vulnerability Management and Risk Management)

{=html} <!-- --> - Knowledge about risks and controls in Cloud environments such as AWS and Azure

{=html} <!-- --> - Experience in performing control design and operating effectiveness testing for controls applicable to SOC2, ISO27001:2022, PCI 4.0, and SOX IT General Controls frameworks and industry standards

{=html} <!-- --> - Experience managing relationships with auditors and internal cross-functional teams

{=html} <!-- --> - Exceptional kno ledge of InfoSec governance practices including risk, audit, policy and standard development, metrics development, and education and training

{=html} <!-- --> - Excellent analytical, verbal, and written communication skills, including the ability to facilitate meetings and presentations both remotely and in-person

{=html} <!-- --> - Strong technical, project management and time management skills are necessary for this role

{=html} <!-- --> - Strong organization and prioritization skills and ability to manage multiple tasks simultaneously, both independently and as a member of the team, including understanding of agile methodologies

{=html} <!-- --> - Adept critical thinking skills, including use and analysis of data to inform decisions and actions

{=html} <!-- --> - A commitment to excellence, an insatiable appetite for continuous improvement, and a constant need to learn and practice

{=html} <!-- --> - Demonstrate high Emotional Intelligence (EQ) to effectively collaborate with diverse teams in a fully remote setting

{=html} <!-- --> - Ability to travel to our Reston or New York office 3-4 times per year

{=html} <!-- --> - Excellent PowerPoint, Word, Excel, and MS Project skills

Proven ability to build r