Senior IT Auditor

Job Description

Job Summary

We are seeking a candidate to join our global Enterprise Risk and Assurance Services (ERAS) Team. Teradata’s Internal Audit provides financial, operational, information systems and value-added audit and consulting services to the Company on a global basis. The ideal candidate will be part of a team focused on building relationships with key Company leaders, assessing risks, acting as a consultant as needed on process design and optimization as well as documenting, assessing and testing IT processes and controls across the Company. This candidate must possess a strong personality because they will have heavy interactions with local, regional and corporate leadership at all levels of management.

Key Responsibilities

• Lead and execute audits related to a variety of IT business activities, processes, and operations
• Counsel and guide business partners in identifying risks and potential risk mitigation alternatives commensurate with the risk identified and consistent with Company established risk appetite
• Develop and execute thorough audit programs and document related work to evaluate internal controls related to IT risks, operational activities, and compliance requirements
• Ensure compliance to guidance, standards and regulations such as the Payment Card Industry Data Security Standards (PCI-DSS), ISO 27001/27002, NIST Special Publications, FIPS, FedRAMP, and other Federal regulations and policies.
• Demonstrate strong interpersonal skills, including oral and written communications, listening, interviewing, fostering open communications, facilitating and influencing
• Work directly with internal business partners to assist in the identification and assessment of potential security risks, and establish risk owners, ratings, and management action plans.
• Using the NIST Risk Management Framework, conduct assessments of information security controls in order to measure the effectiveness of controls and identify control gaps.
• Work directly with technology and business partners to assess whether security controls adequately safeguard data
• Prepare detailed and summary reports of assessments, remediation plans, including customized reports, as needed

Work Environment

Travel is estimated at approximately 5-10% annually. The candidate for this senior level project consultant will be based remotely, with an expectation of periodic travel to our corporate offices (San Diego, Atlanta) or location specific audits / projects (potentially international travel).

Basic Qualifications

• 3+ years of experience in IT audit, information security, and compliance and internal / external audit experience
• Bachelor’s Degree in Computer Science, IT, Information/Cyber Security or other relevant business discipline from an accredited college or university.
• Experience with relevant security and risk management frameworks (NIST Risk Management Framework, NIST Cyber Security Framework, CIS Critical Security Controls, etc.)
• Strong understanding of public cloud infrastructure architecture and security controls
• Detailed understanding of internal auditing standards & requirements, as set out by IIA
• Experience with assisting/preparing risk assessments, audit programs and work paper documentation
• Experience with global data protection and privacy laws (e.g. GDPR, CCPA)
• A good understanding of technologies and controls including hosts, databases, networking, and applications
• Ability to effectively work and collaborate with technical and non-technical resources
• Demonstrated proficiency in the following areas: multi-tasking, critical thinking; and the ability to work quickly, efficiently, and accurately in a dynamic and fluid environment.
• Travel up to 15% annually, and ability to travel internationally
• Excellent communication skills (both written and oral)

Preferred Qualifications

• Internationally recognized auditing qualification such as CIA, CISA, CISM, or CISSP.