Cybersecurity Engineer Job at innovitusa in Des Moines

Hiring: W2 Candidates Only

Visa: Open to any visa type with valid work authorization in the USA

Responsibilities

• Evaluate the design and implementation of vendor cybersecurity controls against contractual and industry standards.
• Collect and analyze evidence such as security policies system configurations logs and access records.
• Conduct interviews with vendor personnel to assess security practices and governance.
• Perform control testing and sampling to verify the effectiveness of technical and administrative safeguards.
• Identify gaps deficiencies or non-compliance in vendor controls and assess associated risks.
• Prepare audit reports summarizing findings risks and recommended corrective actions.
• Track remediation efforts and validate closure of audit findings.
• Coordinate with internal stakeholders to ensure vendor risks are communicated and addressed.

Candidate Skills and Qualifications

• 8 Years-Required-Cybersecurity frameworks and compliance : Proven experience auditing controls against NIST ISO 27001 PCI-DSS or SOC 2 standards with working knowledge of current data protection laws regulatory compliance and third-party risk management practices.
• 8 Years -Required-Technical IT auditing : Strong ability to evaluate security controls such as network protection identity access management endpoint security and incident response across modern IT environments.
• 5 Years -Required-Communication and reporting : Experienced in drafting audit reports presenting findings to executive and legal stakeholders and engaging vendors constructively.
• 5 Years -Required-Analytical and investigative thinking : Demonstrated ability to identify security gaps assess risk impact and make sound evidence-based recommendations.
• 4 Years -Required-Third-party / vendor risk auditing : Hands-on experience conducting cybersecurity audits of external vendors including due diligence contract compliance and risk assessments.
• 3 Years -Required-Policy and documentation review : Skilled at reviewing and validating security documentation procedures and control implementation for accuracy and completeness.
• 3 Years -Preferred-Cloud cybersecurity auditing : Experience auditing vendor environments hosted in AWS Azure or Google Cloud including cloud-native controls and shared responsibility models.
• 3 Years -Preferred-Incident response and breach assessment : Familiarity with analyzing vendor incident response plans reviewing past breaches and evaluating remediation practices.
• 3 Years -Preferred-Contract interpretation and SLA compliance : Ability to interpret legal and technical language in vendor contracts to ensure proper implementation of SLAs IT and cybersecurity obligations.
• 2 Years -Preferred-Government or regulated industry experience : Background in auditing technology vendors serving courts.
• 2 Years -Preferred-Presentation to executives : Experience summarizing technical findings for non-technical audiences including C-suite executives or legal counsel.
• 1 Years -Preferred-Certifications : At least one relevant certification (CISA CISSP CRISC or ISO 27001 Lead Auditor).

Employment Type

Full Time