Receive alerts when this company posts new jobs.
Senior IT Internal Auditor
at Infoblox Inc.
Security technology is one of the most dynamic and influential industries right now, and you have the opportunity to be a part of it! The Information Security team at Infoblox is seeking a highly motivated, creative, and experienced Senior IT Internal Auditor to build our security compliance audit program. We are a dynamic group that is making monumental changes in the security posture of Infoblox, raising the bar for compliance in areas like cloud computing. We’re also integrating compliance and privacy by design into Infoblox's product architecture and delivery.
The Compliance team works with all areas of Information Technology, Legal and business owners to evaluate risks and improve processes and controls. The InfoSec team works hard, but also takes the time to celebrate accomplishments along the way.
The Senior IT Internal Auditor is responsible for planning and executing complex IT audits, reporting results, maintaining metrics, and ensuring remediation efforts are completed in a timely manner. In addition, they will also evaluate general IT controls, review control testing performed by others, and provide support to external auditors. You should have experience developing a comprehensive audit program to evaluate compliance with security policies and procedures. This position requires business acumen as well as substantial technical IT audit experience.
- Plan and execute compliance and security audits in accordance with the Institute of Internal Auditors (IIA) standards
- Develop testing methodologies to evaluate the adequacy of security controls according to NIST Common Security Framework, COBIT, ISO 27001/2, or other enterprise risk frameworks
- Help shape Infoblox’s SOC 2 audit control objectives and system description and manage the audit
- Document both positive and negative compliance findings to assess organizational posture
- Identify control weaknesses and recommend appropriate corrective actions to strengthen controls, to ensure compliance with law and policies, and improve operations
- Track gaps identified during external audits or security assessments
- Develop metrics and reports to communicate the current state of compliance and progress towards gap remediation
- Liaise with IT and business process owners to identify compliance concerns, ensure policies and processes are consistently applied
- Stay abreast of process changes and analyze the impact on the overall IT compliance capability
- Prepare and deliver education to internal staff on compliance processes, tools, and techniques
- Create and manage process flow maps and utilize them to identify business control gaps and/or process improvement opportunities
- 7+ years’ experience auditing Information Security controls, including 2+ years in a team lead or management position
- Verifiable experience assessing and improving a comprehensive audit program
- Knowledge of industry standard security compliance controls and evidentiary requirements
- Experience documenting processes and controls, creating process diagrams, presenting findings
- Exhibits the highest standards of personal integrity, trustworthiness, and discretion
- Ability to communicate security best practices to both technical and non-technical audiences
The ideal candidate will possess:
- Recent hands-on experience working with external auditors to develop a SOC 2 system description and controls, successfully completing a SOC 2 Type 2 audit and report
- Familiarity with additional compliance and risk management frameworks, such as FedRAMP, CMMC, ISO27001, HITRUST, Cloud Computing Security Requirements Guide (SRG), or C5
- Privacy compliance experience – especially GDPR and CCPA
- Experience with cloud data security and auditing public cloud solutions (AWS)
- ITIL Change and Problem Management process experience
- Familiarity with Security configuration benchmarking and assessment tools such as DISA STIGs, CIS Benchmarks, Nessus, or Qualys
- Super-user / Administrator experience with a Governance, Risk, & Compliance (GRC) tool such as ZenGRC, Eramba, FusionRM, or Archer
- Interest in learning about new technologies and how to apply an existing policy to them
- The ability to influence change in a matrixed organization
- The Senior IT Internal Auditor must be a US citizen
- Bachelor’s degree in Information Security, Computer Science or related field, or equivalent work experience
- Preferred industry certifications: CISM, CISA, CRISC, CISSP
- Agile or Lean methodology training or experience
- Work with a dynamic Information Security team that is building out a world-class program in a rapidly growing company
- A career path with opportunities to grow
- Discretionary Paid Time Off policy to promote a healthy work/life balance
- And many, many more perks!
It’s an exciting time to be at Infoblox. We are the market leader in technology for network control. Our success depends on bright, energetic, talented people who share a passion for excellence in building the next generation of networking technologies—and having fun along the way. Infoblox offers a fast-paced, action-oriented environment. We promote a culture that embraces innovation, change, teamwork, and strong partnerships. Join the winning Infoblox team—our future looks bright, and so will yours. To check out what it’s like to be a Bloxer, click here.