Information Security and Compliance Specialist

Work collaboratively with internal Idera technology stakeholders regarding technology controls reviews and assessments. The scope of these activities will include participating with any related teams on a consultative basis. ● Design, test, and document controls related to compliance with AICPA Trust Principles (SOC2) and ISO 27001 and 27701 requirements; ● Gather audit evidence from company stakeholders to provide to assessors, coordinate scheduling of meetings between assessors and company stakeholders for audits; ● Plan and execute internal and external audits to assess and evaluate potential technology risks and controls issues; ● Curate audit findings into management reports and provide recommendations to stakeholders regarding remediation or mitigation of identified risks; ● Work collaboratively to drive Idera’s risk management program which includes the identification, assessment, tracking and reporting of technology risks and status; ● Execute continuous audit testing program and refine controls to support Testing automation; ● Coordinate pentest scheduling with DevOps team and third-party or internal penetration testing team, vulnerability scans with Product Management and DevOps, and remediation of any findings with applicable teams; ● Assist with risk assessments of third-party vendors; ● Any other infosec-related compliance tasks identified. Experience Required: Experience with SOC 2 Type 2 and ISO 27001 and 27701 audits (must Have or obtain at the time of hire - ISO 27001 internal auditor certification), performing internal audits (user access reviews, risk assessments; evaluating findings of penetration tests and vulnerability scans). Apply tot his job Apply To this Job