To learn more about how Dell Technologies is supporting our communities, customers, partners and team members, please visit our COVID-19 response site.
IT Audit Analyst - Opportunity for Working Remotely
Primary Location: Heredia,
Come be part of VMware’s InfoSec Operations Assurance team! The InfoSec Ops Assurance team focuses on Operational Assurance to increase the InfoSec maturity level at VMware by performing policy, common controls, critical vendor audits and extended support to customer audits.
The InfoSec IT Audit Analyst will be responsible for supporting all InfoSec Operations Assurance related strategies and initiatives that support the company’s core security objectives. The role will provide innovative advice to VMware’s stakeholders by providing risk based and objective assurance services to support regulatory, contractual obligations and process continuous improvements.
Job Role and Responsibilities:
• Responsible for supporting the overall InfoSec Assurance strategy of protecting information assets and data.
• Supports new critical Information Assurance projects and initiatives.
• Supports the ongoing security compliance audits from customers and third-party vendor external information security assessments.
• Participates and supports internal policy assessments including but not limited to policy tests of compliance, effectiveness and developing value-added recommendations to improve internal IT controls and operational efficiency.
• Assess company processes and controls against ISO 27001, 27002, 27017, 27018 and other industry leading frameworks to identify gaps in design and execution and communicate issues and recommendations to control owners.
• Evaluates security practices in terms of risk to the organization and helps identify controls to mitigate loss.
• Work closely with management and business unit leaders, performing necessary due diligence to ensure the business units are correctly following the security policies and practices established by the company.
• Accurately interpret collected evidence to effectively identify, recommend, and report improvement opportunities for processes and controls.
• Properly document, prioritize and execute all security assurance related initiatives.
• Complete other related activities as needed to support corporate objectives.
• Bachelor’s degree in Computer Science, Information Systems, or related field.
• 4+ years of relevant experience in IT Audit, IT Security, Information Risk Management, IT Governance, or other IT Compliance related area.
• Experience working with ISO 27001, 27002, 27017 and 27018 standards and SOC1/2/3 assurance attestations required.
• Have a good understanding of the information technology industry and cloud service models (i.e. Software as a Service (SaaS), Infrastructure as a Service (IaaS), Platform as a Service (PaaS), etc.) and their related information security requirements.
• Familiarity with most common cloud services providers like Amazon AWS, Microsoft Azure, IBM Cloud, Google Cloud, etc.
• Awareness of current technology solutions from diverse vendors like Microsoft, Cisco, Palo Alto, SAP, Oracle, etc.
• Awareness of SDLC processes and their related information security requirements
• Ability to manage multiple tasks and work under critical deadlines while also producing quality detailed work.
• Basic to intermediate project management skills.
• Fluent in English language.
• Excellent professional written, verbal, listening, and negotiating skills.
• Ability to communicate at different levels with either technical experts, senior level management and current customers.
• Excellent organizational and leadership skills.
• Ability to work well under pressure and in situations of ambiguity.
• Team player, flexible, and able to resolve conflicts.
• Certified Information Services Auditor (CISA), Certified Information Security Manager (CISM), Certified Internal Auditor, Certified Information Systems Security Professional (CISSP), Certified Cloud Security Professional (CCSP), Certificate of Cloud Security Knowledge (CCSK), or any other industry recognized certification.
• Experience working on PCI-DSS, HIPAA and SOX assessments is desirable
• Awareness of process automation and data analysis is desirable.
• Basic development skills and understanding of programming and scripting languages like Python, Bash, Java and Power Shell is desirable.
Category : Engineering and Technology
Subcategory: Information Security
Experience: Manager and Professional
Full Time/ Part Time: Full Time
Posted Date: 2020-09-30
VMware Company Overview: At VMware, we believe that software has the power to unlock new opportunities for people and our planet. We look beyond the barriers of compromise to engineer new ways to make technologies work together seamlessly. Our cloud, mobility, and security software form a flexible, consistent digital foundation for securely delivering the apps, services and experiences that are transforming business innovation around the globe. At the core of what we do are our people who deeply value execution, passion, integrity, customers, and community. Shape what’s possible today at http://careers.vmware.com.
Equal Employment Opportunity Statement: VMware is an Equal Opportunity Employer and Prohibits Discrimination and Harassment of Any Kind: VMware is committed to the principle of equal employment opportunity for all employees and to providing employees with a work environment free of discrimination and harassment. All employment decisions at VMware are based on business needs, job requirements and individual qualifications, without regard to race, color, religion or belief, national, social or ethnic origin, sex (including pregnancy), age, physical, mental or sensory disability, HIV Status, sexual orientation, gender identity and/or expression, marital, civil union or domestic partnership status, past or present military service, family medical history or genetic information, family or parental status, or any other status protected by the laws or regulations in the locations where we operate. VMware will not tolerate discrimination or harassment based on any of these characteristics. VMware encourages applicants of all ages. Vmware will provide reasonable accommodation to employees who have protected disabilities consistent with local law. Job ID: R2011961