|Location||Reston,VA or Remote|
|Preferred GIAC Certifications||GCIA|
Are you passionate about security in the cloud? Are you looking for a place to put your skills and passion for compliance and risk management to use on the latest cloud-based technologies? Do you enjoy not having the same day twice? If so, Clarabridge is the place for you. We are seeking an Midlevel Security Auditor to join a highly successful team within a fast-paced growth company.
Our security mission: Clarabridge strives for customer confidence and trust by delivering software that provides security and privacy for data protection throughout the customer lifecycle backed by globally recognized standards, compliance, and regulatory drivers.
We are looking for a Security Auditor (midlevel) who is a multi-faceted person with a passion for global audit, compliance, and privacy activities, ensuring administrative, physical and technical safeguards for data protection, including access control, intrusion detection, virus protection, incident response, cloud architecture, cyber, and many other security, privacy, and regulatory considerations. You must possess an excitement for ensuring organizations processes map to policy, regulatory, and industry best practices for data protection and privacy while showing value to others about this important but often feared organizational imperative.
You will contribute to and/or perform internal audits, third-party audits, and inquiries from external auditors and assessment, as well as analyzing customer security requirements, ensuring security and privacy program adequately supports the increasing requirements. Additionally, you will contribute to the development and implementation of security and privacy policies and procedures to address regulatory, compliance, and privacy changes.
The Security Auditor reports to the Lead of Audit & Compliance and will have the following responsibilities:
Performing IT, infrastructure, cyber, and software as a service audits related to information security policy, regulations, governance, and other security-related provisions and best practices.
Contributing to audit gaps recommendations in software, configurations, policies, procedures, and processes.
Cataloging results, including recommendations, to key stakeholders.
Contributing to developing metrics and reporting key risk indicators.
Contributing to tracking global cross-functional team remediation.
This position requires or prefers the following competencies for this position:
Bachelor's degree with at least two years of relevant technical, business experience, or project management experience is required.
Experience working with a SaaS vendor is desired, or experience working with cloud service providers will be considered. Big 4 working with SaaS companies is a plus.
Knowledge of ISO, HITRUST, PCI, NIST, and SOC.
Privacy (GDPR, CCPA, etc.) experience is desired.
Security+ or CISA or GCIA is required or be able to obtain the required certification within six months of hire.
Must know industry-accepted practices regarding systems, networks, and a variety of security concepts, practices, and procedures.
Excellent analytical, strong communications, and soft skills, with the ability to speak to a variety about security and compliance matters.
Good written and verbal communication skills are necessary.
Experience with contracts is desired.