Information Security Specialist I

Job Summary

The Information security Specialist will perform continuous SOC 2 compliance monitoring utilizing various systems. The specialist must have experience with SAS 70/SSAE 16/SSAE 18 SOC reporting, third-party security questionnaires, or other commensurate IT Audit/Compliance experience to document controls, gather evidence, perform gap analysis, and drive gap remediation. Specialist should be able to analyze security requirements for company systems/networks to meet SOC 2 requirements. Specialist must serve as subject matter expert for SOC 2 compliance and reporting. Responsibilities will include performing SOC 2 control evidence reviews, providing control exception remediation guidance, and facilitating communication to internal and external stakeholders where necessary.

Essential Job Functions

• Collaborate with IT and security personnel to respond to third-party security questionnaires
• Communicate identified control exceptions to control owners and provide guidance on remediation expectations with minimal oversight. Obtain subsequent evidence showing that deficiency is remediated.
• Provide SOC 2 compliance monitoring status reports on a regular basis.
• Experience with GRC tool methodologies, activities, strategic plan, and roadmap to mature initial implementation.
• Demonstrate ownership of monitoring SOC 2 compliance for assigned systems and associated controls from initiation to completion.
• Build and manage relationships with a wide network of local business and IT front-line stakeholders.
• Meet milestones and timelines for assigned control activities for SOC 2 compliance.
• Participate in IT and cybersecurity audits programs and projects.
• Work with SOC 2 reporting leads to identify, assess, document, and articulate all SOC 2 compliance requirements and activities according to SSAE 18 SOC reporting requirements.
• Guide business and IT team to create, review, and update policies, procedures, standards, and guidelines as needed for SOC 2 compliance.
• Review compliance status for SOC 2 internal controls through evidence review for control compliance on a regular basis to confirm that they would pass the SOC 2 audit and are free of control exceptions with minimal oversight.

Physical Actions

Physical Environment

Education Requirements

Experience Requirements

• Strong project management skills.
• Direct knowledge of and exposure to SAS 70/SSAE 16/SSAE 18 SOC reporting.
• Strong familiarity with governance and controls frameworks, such as COBIT, COSO, ITIL, NIST, and ISO.
• At least 4 – 6 years of external/internal audit experience or prior work experience with a consulting/auditing firm.
• Solid experience in testing, evaluating, and documenting controls for compliance.
• PC skills and hands-on experience building tools and presentations with Microsoft Word, Excel, PowerPoint, Project, and Access.
• Solid understanding of assessing and designing internal controls in an enterprise-level environment.