Automate manual tasks around Security Assurance and Audits. Participate in planning, scheduling and preliminary analysis for all internal and external audit projects. Coordinate audit activities including notification and scheduling for all affected parties of audit timing, scope, objectives, approach and deliverables. Work closely with external auditors and internal audit teams on managing and supporting the audits. Identify, document, and map technology processes and internal controls of applicable technology infrastructure and operational areas per the scope of the audit project. Perform risk assessments of technology infrastructure and operational processes and controls for assigned areas. Complete audit testing, inquiry, observation and other analysis required to meet objectives of audit projects. Keep existing policies and procedures aligned with audit and security requirements. Communicate progress and results of audit throughout the audit engagements. Develop value added recommendations to deal with issues identified during assigned audits and draft audit reports to formally communicate the results of the audit and related recommendations. Monitor implementation of outstanding audit recommendations and validate their implementation. Request and review vendors auditing documentation to insure alignment with Cloud Ops internal controls and provide assessments and recommendations. Internal or external audit experience with Big 4 Audit Firms. Ability to quickly acquire and apply knowledge of changing technologies implemented. Good understanding of audit process/methodology, and risk management/advisory ability. Experience in using a risk-based audit approach in evaluations of and recommendations for management processes.
Passion for technology, information security, and how Facebook protects and delivers services to its +2 billion users Does not take a check the box mentality to security compliance Excellent communication, attention to detail, and project management skills a must Experience and passion for working with fragmented data to report meaningful metrics and identify actionable insights Strong understanding of one (1) or two (2) of the following security compliance frameworks, controls, and best practices: AICPA Trust Principals (SSAE 16/18 - SOC 2 and 3), ISO 27000 Series, OWASP Top 10, PCI DSS, SANS CIS Critical Security Controls, regulations governing personally identifiable information (PII/PHI - HIPAA/Hi-Trust), and other applicable regulatory compliance frameworks Experience working with security controls across all security domains such as access management, encryption methods, vulnerability management, network security, etc. Ability to work independently and collaboratively across various levels cross functionally Strong desire to learn and continuously deepen technical skills Security consulting experience or related professional services/consulting background strongly preferred
Bachelors in computer science, computer engineering, or business technology preferred, however candidates with highly relevant industry experience will also be considered Certifications in one or more of the following areas preferred: CISSP, CISA, CISM, GISO, GCIH, CIPP