IT Security Auditor

Vintti is a specialized staffing agency that believes diversity is the catalyst for innovation. We connect US-based SMBs, startups, and firms with exceptional talent from Latin America, fostering a rich tapestry of cultural perspectives within American businesses. Our unique position allows us to handpick professionals who not only possess the required skills but also bring fresh ideas and global insights to the table. Vintti's services go beyond filling positions; we enrich company cultures and expand business horizons on an international scale.

An IT Security Auditor is tasked with evaluating and ensuring the integrity and security of an organization's information systems. This role involves the systematic examination of IT infrastructure, policies, and operations to identify vulnerabilities, ensure compliance with regulations, and implement best practices for safeguarding data. The auditor's responsibilities include conducting risk assessments, analyzing security protocols, and recommending enhancements to mitigate potential threats. Through detailed audits and comprehensive analysis, the IT Security Auditor plays a crucial role in protecting an organization's digital assets and maintaining robust defenses against cyber threats.

- Bachelor's degree in Cybersecurity, Information Technology, Computer Science, or related field.
- Certified Information Systems Auditor (CISA) certification.
- Certified Information Systems Security Professional (CISSP) or Certified Information Security Manager (CISM) certification preferred.
- Minimum of 3-5 years of experience in IT security auditing or a related field.
- Thorough understanding of security frameworks such as NIST, ISO 27001, and COBIT.
- Strong knowledge of compliance requirements like GDPR, HIPAA, and PCI-DSS.
- Experience with penetration testing and vulnerability assessment tools.
- Proficiency in analyzing and interpreting security audit results.
- Strong understanding of network architectures, firewalls, and intrusion detection/prevention systems.
- Excellent written and verbal communication skills.
- Ability to document complex technical information clearly and concisely.
- Strong analytical and problem-solving skills.
- High level of attention to detail.
- Ability to work both independently and as part of a team.
- Familiarity with disaster recovery and business continuity planning.
- Proven ability to develop and maintain effective professional relationships.
- Experience with security incident investigation and response.
- Ability to train and educate staff on security practices and policies.
- Proficiency in using audit management software and security tools.
- Strong organizational skills and ability to manage multiple priorities.
- Ability to stay current with emerging security threats and technologies.

- Conduct and assess internal and external security audits.
- Review and evaluate information security policies, procedures, and practices.
- Analyze audit findings and prepare detailed reports.
- Develop audit plans and strategies for thorough examination of IT systems.
- Monitor compliance with security standards and policies.
- Identify security risks, vulnerabilities, and control weaknesses.
- Collaborate with IT departments on security solutions and improvements.
- Investigate and analyze security incidents and breaches.
- Provide recommendations to enhance security measures and mitigate risks.
- Conduct regular reviews of network architectures and infrastructure.
- Test the effectiveness of security controls via penetration testing and vulnerability assessments.
- Stay updated with IT security practices and technologies.
- Train and educate staff on security best practices and policies.
- Verify the integrity and security of data in IT systems.
- Communicate audit results and recommendations to senior management.
- Ensure compliance with laws, regulations, and standards.
- Maintain thorough documentation of audit processes, findings, and corrective actions.
- Assist in developing disaster recovery and business continuity plans.
- Participate in security awareness training sessions and workshops.
- Review and approve security-related changes to IT systems and infrastructure.

The ideal candidate for the IT Security Auditor role will possess a Bachelor's degree in Cybersecurity, Information Technology, Computer Science, or a related field, coupled with a minimum of 3-5 years of hands-on experience in IT security auditing or a closely related discipline. They will hold certifications such as Certified Information Systems Auditor (CISA) and preferably Certified Information Systems Security Professional (CISSP) or Certified Information Security Manager (CISM). The candidate will demonstrate a deep understanding of security frameworks like NIST, ISO 27001, and COBIT, and will be proficient in compliance requirements including GDPR, HIPAA, and PCI-DSS. Specializing in penetration testing and vulnerability assessment tools, they will have a robust grasp of network architectures, firewalls, and intrusion detection/prevention systems. Exceptional analytical and problem-solving skills, attention to detail, and the capacity to document complex technical information clearly will be hallmarks of their profile. The ideal candidate will be a proactive learner, staying abreast of the latest IT security practices and technologies. Strong interpersonal skills will enable them to collaborate effectively with various departments, while their ability to communicate both technical and non-technical information concisely will prove invaluable when interacting with senior management and stakeholders. They will be resilient under pressure, highly accountable, and demonstrate an ethical approach to their work, fostering a culture of continuous improvement and professional development within the organization. Furthermore, their organizational prowess will allow them to manage multiple tasks and priorities efficiently, while their innovative mindset will drive the development of creative security solutions. Commitment to training and mentoring peers on security practices and policies will set them apart as a leader in the field.

- Conduct and assess internal and external security audits.
- Review and evaluate the organization's information security policies, procedures, and practices.
- Analyze audit findings and prepare detailed reports documenting your findings.
- Develop audit plans and strategies to ensure thorough and effective examination of IT systems and processes.
- Monitor compliance with established security standards and policies.
- Identify security risks, vulnerabilities, and control weaknesses.
- Collaborate with IT departments to design and implement security solutions and improvements.
- Investigate and analyze security incidents and breaches.
- Provide recommendations for enhancing security measures and mitigating risks.
- Conduct regular reviews of network architectures and infrastructure to identify potential security flaws.
- Test the effectiveness of security controls through penetration testing and vulnerability assessments.
- Stay up-to-date with the latest developments in IT security practices and technologies.
- Train and educate staff on security best practices and policies.
- Verify the integrity and security of data stored within IT systems.
- Communicate audit results and recommendations to senior management and stakeholders.
- Ensure compliance with relevant laws, regulations, and standards such as GDPR, HIPAA, and PCI-DSS.
- Maintain thorough documentation of all audit processes, findings, and corrective actions.
- Assist in developing and maintaining disaster recovery and business continuity plans.
- Participate in security awareness training sessions and workshops.
- Review and approve security-related changes to IT systems and infrastructures.

- Detail-oriented, with a meticulous approach to identifying security issues.
- Exceptional problem-solving and analytical abilities.
- Strong interpersonal skills for effective collaboration with various departments.
- Proactive and self-motivated to stay current with industry standards and emerging threats.
- High level of integrity and ethical standards.
- Adaptable and flexible in a rapidly changing environment.
- Strong organizational skills to manage multiple tasks and priorities.
- Ability to think critically and strategically about security risks.
- Excellent time management and ability to meet deadlines.
- Strong leadership skills and the ability to train and mentor others.
- Effective communicator with both technical and non-technical stakeholders.
- Persistent and thorough in investigating security incidents.
- Highly accountable and responsible towards their duties.
- Innovative mindset to develop creative security solutions.
- Resilient and able to work well under pressure.
- Detail-focused while also maintaining a big picture view.
- Strong technical aptitude and willingness to continually learn.
- Ability to work both independently and within a team environment.
- High level of curiosity and passion for cybersecurity.
- Committed to continuous improvement and professional development.

- Competitive salary range: $80,000 - $120,000 annually
- Comprehensive health, dental, and vision insurance
- 401(k) retirement plan with company match
- Paid time off (PTO) including vacation, sick days, and holidays
- Flexible work hours and telecommuting options
- Employee wellness programs
- Tuition reimbursement and professional development opportunities
- Certification and training support
- Employee recognition and incentive programs
- Life and disability insurance
- Health and wellness programs including gym memberships
- Work-life balance initiatives such as parental leave and flexible scheduling
- Opportunity to work with cutting-edge technologies and innovative projects
- Career advancement opportunities within the company
- Access to employee resource groups and networking opportunities
- Supportive and collaborative work environment
- Company-sponsored events and team-building activities
- Employee assistance program (EAP) for personal and professional support