Information Security Auditor (NYUJP00000495)

Posted: 2 months ago

Position Summary:

CISSP or CISA is required !!!

This position is based in the Information Security function under the Office of the CIO. The IT Security Risk Assessment/Auditor professional will be primarily responsible for performing IT Security Risk Reviews of application, system and networking projects and environments to identify, evaluate, and recommend security controls that address information security risk to the University and manage proper control of regulatory requirements.

2. Principal Accountabilities

30% Technical Security Reviews:
• Initiates and performs risk assessment activities including vulnerability assessment and management activities, covering all University business units, including Finance, Research, Health Care, and Educational activities.
• Performs information security reviews related to security maturity and risk management.
• Provides guidance and assistance regarding information security matters such as the interpretation of information security policies and requirements or their applicability to particular situations.
30% IT Compliance Control:
• Researches and deploys tools and strategies to leverage audit results into actionable items; proposes operational improvements to reduce risk.
• Keeps current on compliance requirements in all areas of University activity, including HIPAA,
FERPA, GLBA, PCI, including national and international data privacy laws.
• Ensures alignment with relevant Information Security standards including NIST 800-53, 800-171, ISO 2700x, etc.
30% Reporting & Communication:
• Analyzes data from Information Security functions and provides reports and recommended response actions to Information Security management. Represents Information Security to
other organizations on information security related matters, as assigned. Publishes regular status reports and submits to management.
• Develops assessment and risk metrics, in coordination with overall security reporting.
• Works with Awareness Specialist and Communications to determine and document information
security requirements and controls necessary for the protection of information resources.
• Formerly documents all assessment activity and ensure archiving of documentation in a secure
auditable location as part of the NYU IT Governance process.
10% Risk Management and SOC Support
• Maintains IT risk register, correlating audit and review results, as well as operational information, to determine likelihood and impact of risks. Recommends policy and functional actions to reduce risk.
• Oversees operational tasks supporting information security functions such as intrusion detection and prevention, security event log analysis, management reporting, malware prevention and remediation, encryption, network segmentation, remote access, cloud security, and authentication.
• Supports, maintains, monitors, troubleshoots and enhances security infrastructure tools, methodologies, software, and hardware. Drafts and reviews information security policies,
processes, and procedures.
• Performs related responsibilities as required.

dy>