Develops IT, cybersecurity and privacy audit programs and special consulting projects leads audit testing and CAP reviews and delivers audit reports to audit management

Lead and/or participate in complex information technology audits of IT areas to assess the adequacy of internal controls and compliance with Company and departmental goals, objectives and standards

Perform and document audit activities utilizing a comprehensive audit approach (policies, procedures, processes, controls and measures) to address financial, compliance, IT and operational risks in accordance with professional standards

Researches and interprets governmental laws, regulations, and compliance requirements for review

Job Specifications

Typically has the following skills or abilities:

Bachelor's degree in management information system or computer science or engineering, or related field or equivalent experience.

6 years of hands-on technical information security/privacy experience.

One existing certification (or equivalent) from each of the following categories, which must be currently maintained and valid.
General Audit Certification: Certified Information Systems Auditor (CISA), Certified Internal Auditor (CIA), Certified Fraud Examiner (CFE)

IT Audit Certification: Information Technology Infrastructure Library (ITIL), Certified Information Systems Auditor (CISA), Certified in Risk and Information System Control (CRISC), Certified in Risk Management Assurance (CRMA), Certified in Governance of Enterprise IT (CGEIT), Cisco Certified Network Associate/Professional (CCNA, CCNP)

IT Security/Privacy Certification: Certified Information Systems Security Professional (CISSP), Certified Information Security Manager (CISM), Quality Security Assessor (QSA), Payment Card Industry Professional (PCIP), Certified Ethical Hacker (CEH), Microsoft Certified Professional/Security Engineer (MCP, MCSE)

Expert-level knowledge of security principles and technologies with
5+ years of hands-on experience in information technology systems and security assessments or security by design testing

Big four or equivalent regulatory compliance consulting experience applying broad risk and threat assessment methodology experience across information technology, security, privacy and business

Demonstrated leadership skills in identifying and analyzing regulatory, security and privacy vulnerabilities in the following:
* Finance regulatory compliance testing such as NAIC/MAR, SOX, EHNCA, ICFR or equivalent.
* Information technology compliance testing such as ISO27001/2013, COSO, AICPA/SOC(I,II,III) or equivalent.
* Information security compliance testing such as CMS ARS, CIS, CSA or equivalent.
* Information privacy compliance testing such as HIPAA (45 CFR), GDPR, CCPA, NYCRR or equivalent.
* GRC frameworks such as NIST (800-36), ISO (27k series), COBIT, ITIL, GAAS or equivalent.
* Compliance crosswalk methodologies and models such as SCF, CCF, UCF, RMF, HITRUST or equivalent.

Proven leadership with multiple cross-functional teams in a deadline-driven environment

Excellent written reporting and presentation skills

Ability to travel approximately 25% of the time

Clean credit history as reported by credit report

Preferred Skills

IT Auditor experience within internal/external audit team

#LI-REMOTE

#LI-VISIONCARE

Compensation range for the role is listed below. Applicable salary ranges may differ across markets. Actual pay will be determined based on experience and other job-related factors permitted by law. As a part of the compensation package, this role may include eligible bonuses and commissions. For more information regarding VSP Vision benefits, please.

Notice to Candidates: Fraud Alert - Fake Job Opportunity Solicitations Used to Collect Fees/Personal Information.

We have been made aware that fake job opportunities are being offered by individuals posing as VSP Vision and affiliate recruiters.to learn about our application process and what to watch for regarding false job opportunities.

As a regular part of doing business,VSPVision ("VSP")collects many different types ofpersonal information, including protected health information, about ouraudiences, includingmembers, doctors,clients, brokers, business partners,andemployees. VSP Vision employees will have access to this sensitive personal information and are subject to follow Information Security and Privacy Policies.