Afiniti

Purpose

The Internal Auditor works within the Information Security Department to identify and recommend specific measures to improve Afiniti’s overall security posture based on risk appetite and compliance with contractual requirements and standards.

Key Responsibilities

• Develop a good understanding of Afiniti’s business, application, and deployment processes.
• Work as part of a global team to execute due care and due diligence audits for Afiniti.
• Perform planning, assessment, and testing phases of audit projects covering various IT governance, information security, application control, and operational activities
• Prepare and document all audit work papers in accordance with internal audit standards
• Work with the Director of Internal Audit to develop concisely written audit issues and recommendations in business terms for inclusion in audit reports to management
• Evaluate management’s remediation plans for sufficiency to address the root cause
• Perform issue validation to ensure the sustainability of management’s remediation efforts, once implemented
• Participate in the development, implementation, and maintenance of policies, objectives, short-and long-range planning
• Develops and implements projects and programs to assist in the accomplishment of established goals.
• Support third-party IS assessment process for Afiniti.
• Understanding of ISO 27001 and PCI DSS standards.
• Serve as an independent advisor by supporting the GRC team in policy modification, procedure development of ISO 27001, PCI DSS, and internal security baselines per emerging business requirements.
• Participate in and develop awareness training for various internal teams on security requirements for evidence gathering on ISO 27001 and PCI DSS audits.
  

The ideal candidate will have

• 5-10 years of IS/IT audit experience
• Ability to develop a good understanding of Afiniti's business, application, and deployment processes
• Strong knowledge and understanding of internal audit standards and practices
• Clear, complete, and thorough understanding of ISO 27001, NIST, PCI DSS standards and other applicable standards/ regulations
• Ability to work independently across all phases of audit execution, including making value-added recommendations to the Director of Internal Audit for inclusion in audit reports to management, evaluating remediation plans for sufficiency and performing validation activities to support issue closure.
• Proven experience in risk management, with a strong knowledge of risk management and internal control standards and best practices
• Working knowledge of emerging industry and technology trends
• Liaison with the external auditors and third-party InfoSec assessors
  

Education & Qualifications

• Bachelor of Engineering (or higher) in Computer Sciences or related disciplines
• Professional security certifications (CISSP, CISM, CISA)
  

Salary & Package

As well as a competitive base salary dependent on the number of years of experience, we also offer corporate benefits.