Audit Analyst - Third Party Risk Cyber Security Auditor (Audit Hiring Event)

Description

AUDIT HIRING EVENT: APPLY BELOW TO BE CONSIDERED FOR AN ON-SITE INTERVIEW ON EITHER TUESDAY, MARCH 4TH OR WEDNESDAY, MARCH 5TH.

About the Role

The Audit Department is responsible for providing internal auditing services that include reviewing business processes, systems, and operations, as well as examining tenants and contractor records. Reporting to the Inspector General and the Board of Commissioners Audit Committee, the Department's mission is to bring an independent, systematic, and disciplined approach to evaluating and improving the effectiveness of internal control and risk management.

The Audit Department is looking for highly skilled individuals to join their team in support of the mission - to enhance and defend the integrity of the Port Authority's programs and operations. Reporting directly to the Manager the duties of this position are highly confidential and involve the handling of sensitive documentation. The selected candidate is expected to maintain confidentiality and discretion.

• Demonstrate the ability to work in a fast-paced environment.

• Conduct risk assessments of third-party vendors.

• Perform vulnerability scans of third-party environments and analyze the scan data.

• Identify and evaluate third-party's cybersecurity controls and ensure compliance with Port Authority policies, standards, and guidelines as well as industry best practices.

• Articulate risks and control weaknesses as well as identify potential options for remediation or compensating controls.

• Execute Cybersecurity and IT audits in accordance with professional standards, including data gathering, analysis, preparation of workpapers and summarizing the results of the audit for technical audits.

• Bachelor's degree in Information Systems, Computer Science or related fields.
• Minimum of (1) year experience in risk management, auditing and/or a cyber-related position is preferred.
• Demonstrated ability to exercise good judgement and discretion in handling confidential information.

• Thorough understanding of IT risk and mitigation strategies.

• Thorough understanding of internal controls practices and system controls

• Knowledge of professional auditing standards (IIA/ISACA) and knowledge of CIS Top 20, COBIT, NIST, PCI, ISO, HIPAA, CJIS, COSO frameworks as well as Cloud Security Alliance Cloud Controls Matrix

• Ability to utilize scanning tools and make conclusions.

• Ability to read and analyze system configurations.

• Have strong organizational skills as well as effective oral and written communication skills.

• Strong attention to detail and ability to closely follow defined processes.

• Ability to meet deadlines, work independently and prioritize work.

• Ability to effectively build relationships and interact with internal and external partners at all levels.

• Knowledge and willingness to learn standards, PA policies and procedures.