job summary: AWESOME OPPORTUNITY FOR AN IT CYBERSECURITY AUDITOR IN ATLANTA WITH INDUSTRY GIANT!!! ***Contract or Perm Position Background:
As part of Phase I, the cybersecurity control library was developed to document key controls, which are primarily 'global' controls in both US and Japan. Control Owners identified where the controls were implemented. Now building on phase I work, as part of Phase II, the Cybersecurity Control Owner Self-Testing process begins for those controls identified as implemented. This is the first time the controls are being tested; there are 83 controls that will be tested in the US. Control Owners identify individuals from their area to conduct the self-test and to document the results. Test scripts with specific steps to follow to execute the test have already been documented, and Testers are being trained on how to complete the self-testing. Once the Tester finishes the test, the Control Owner then reviews the results for agreement and passes it to the CAP team for first level Quality Assurance.
location: Atlanta, Georgia
job type: Contract
salary: $50 - 55 per hour
work hours: 8am to 5pm
responsibilities: Primary Responsibilities:
· This position would be responsible for providing the following:
o First Level Quality Assurance of the testing documentation, evidence, and other supporting material to:
o Confirm the test conclusion (effective, ineffective) is properly supported and has sufficient evidence.
o Confirm self-test was completed in accordance with Aflac's Cybersecurity Control Testing procedure and Self-Testing template
o Confirm that the population was complete for each control and sample selected met all procedural requirements
o Provide QA results to Aflac regional CAP and other stakeholders as needed (i.e. Control Owners or delegates) to obtain agreement with results. Present and discuss any portions of the test that was not executed correctly or completely, or any part of the test documentation that is inaccurate or incomplete. Resubmissions of testing documentation, evidence, and other supporting material by the Control Owner will need to go through the QA process again until the issues identified through the QA have been corrected.
o May help some with facilitation and tracking of the self-testing process.
· This position will primarily be working with the CAP team, Control Owners, and their designated Testers. The Testers will conduct the actual self-test of the control, will document the steps they followed to test it, will attach supporting evidence, and will indicate the test result. This is a test of both control design and operating effectiveness. Scope:
· Scope is Information Security/Cybersecurity controls, Physical Security controls, Business Continuity/ Disaster Recovery and Crisis Management controls. It also includes some IT related controls such as change management, capacity planning, and system back-ups.
o Examples of controls that will be tested include physical security controls, system access controls, vulnerability scanning, system patching, disaster recovery response, security incident response, security policy and standards, exceptions to policy, security assessments of applications, third parties, and infrastructure, Business Impact Analysis to declare RTO, anti-malware, DDoS controls, etc.
- Bachelor's degree
- A CISA and/or CISSP is desired.
· Typically this would be someone with IT Internal Audit experience who did security control testing or someone with Big 4 experience who do SOX and SOC testing related specifically to ITGC (Information Technology General Controls) testing as well as broader testing to include cybersecurity controls and business continuity/Disaster Recovery.
Equal Opportunity Employer: Race, Color, Religion, Sex, Sexual Orientation, Gender Identity, National Origin, Age, Genetic Information, Disability, Protected Veteran Status, or any other legally protected group status.