Senior IT Internal Auditor (Remote)
About SANS
SANS Institute (SANS) launched in 1989 as a cooperative for information security thought leadership, it is SANS' ongoing mission to empower cyber security professionals with the practical skills and knowledge they need to make our world a safer place. We fuel this effort with high quality training, certifications, scholarship academies, degree programs, cyber ranges, and resources to meet the needs of every cyber professional. Our data, research, and the top minds in cybersecurity collectively ensure that individuals and organizations have the actionable education and support they need.
Join the SANS Team
At SANS, our culture is defined by Mission, Brand, People. Our goal is to hire people who understand the importance of continuing to fight against the cyber security threats (Mission) while delivering the highest quality training (Brand) to our students. We want employees whose personal values align well with our culture of fairness, honesty, customer focus, and pragmatic approach (People).
Summary of Position
The Senior IT Internal Auditor will assess and evaluate the effectiveness and efficiency of the organization's IT systems, controls, and processes. This role will conduct audits of IT systems and infrastructure, security controls, and compliance with regulatory requirements, ensuring that IT risks are mitigated, and identifying opportunities for improvements. The Senior IT Internal Auditor will work closely with senior management and IT departments to recommend best practices and solutions to strengthen IT governance and security.
We're looking for a self-starter who is adaptable, detail-oriented, reliable, and possesses excellent communication skills. The ideal candidate will thrive both independently and in a team setting.
Key Responsibilities
- Lead and execute IT audits, including risk assessments, internal control reviews, and compliance testing.
- Evaluate the design and effectiveness of IT controls, policies, and procedures related to data security, IT systems, networks, applications, and continuity.
- Identify and assess IT risks and vulnerabilities, ensuring compliance with industry standards and regulations (e.g., GDPR, NIST, ISO 27001, PCI-DSS).
- Develop audit plans, test procedures, and audit reports, ensuring timely completion of audits and presenting findings to senior management.
- Collaborate with cross-functional teams to assess technology-related risks, compliance, and control effectiveness across various IT domains (e.g., systems, networks, and applications).
- Assist in identifying opportunities for process improvements and implementing cost-effective solutions to address IT control deficiencies.
- Provide guidance to cross-functional teams, ensuring high-quality work and engagement.
- Stay current with IT trends, emerging technologies, and regulatory changes, applying knowledge to enhance audit strategies.
- Perform follow-up reviews on audit recommendations and ensure that corrective actions are implemented effectively.
- Assist with preparing audit documentation and reports for both internal and external stakeholders.
- Other duties as assigned.
Core Skills and Behaviors
- Relationship Building
- Change Leadership
- Business Acumen
- Active Listening
- Effective Communication
- Operational Excellence
- Critical Thinking & Problem Solving
- Influence & Negotiation
- Results-Oriented
- Self-Awareness & Accountability
Skills, Experience, and Education
- Bachelor's degree in management information systems, computer information technology, computer engineering, accounting, or related degree / equivalent experience.
- 5+ years of related experience in privacy, security, or IT audit roles with a focus on privacy or governance risk and compliance operations.
- IAPP Certification (CIPP/E, CIPM, CIPT, or similar) is highly preferred.
- Professional certification (CISA, CSIM, CIA or similar) preferred
- Strong understanding of risk mitigation methodologies and regulatory requirements pertaining to information security, privacy, and/or data security.
- Practical knowledge of multi-jurisdictional data protection laws and regulations, including those in the UK, EU, US, and Canada.
- Proven ability to manage multiple priorities simultaneously and deliver results on time.
- Excellent analytical, problem solving, technical writing, verbal communication, and interpersonal skills.
- Excellent communication skills with the ability to interact with teams, be a thought leader, and drive innovation.
Reporting Relationships
This position reports directly to the Director of Governance and Risk and does not have direct reports.
Work Environment
This is a remote position, so the ideal candidate must be comfortable working independently in a home office setting.
Equal Opportunity Employer
SANS is an Equal Opportunity Employer and does not discriminate against any employee or applicant for employment because of race, color, sex, age, national origin, religion, sexual orientation, gender identity, status as a veteran, and basis of disability or any other federal, state or local protected class. If, because of a medical condition or disability, you need a reasonable accommodation for any part of the application process, or to perform the essential functions of a position, please contact SANS Human Resources.
In addition, all qualified applicants with arrest or conviction records will be considered for employment.
California residents for SANS privacy notice for California job applicants
The base salary range for this position is between $120,000 and $140,000. Base salary ranges may vary by geographic location and relevant experience, education, certifications, and years of experience. There is no guarantee an offer will be at the top of the posted range based on the salary analysis.
In addition, SANS provides the following benefits:
- Medical
- Dental
- Vision
- Short-Term Disability
- 401(k) with company match
- Employee Assistance Program
- Supplemental Life Insurance and AD&D
- Paid Time Off
- Company Paid Holidays
- Volunteer Paid Time Off
Department
Legal
Employment Type
US Employee | Full-Time
Minimum Experience
Mid-level
Compensation
$120,000-$140,000
Apply Now
SANS Institute (SANS) launched in 1989 as a cooperative for information security thought leadership, it is SANS' ongoing mission to empower cyber security professionals with the practical skills and knowledge they need to make our world a safer place. We fuel this effort with high quality training, certifications, scholarship academies, degree programs, cyber ranges, and resources to meet the needs of every cyber professional. Our data, research, and the top minds in cybersecurity collectively ensure that individuals and organizations have the actionable education and support they need.
Join the SANS Team
At SANS, our culture is defined by Mission, Brand, People. Our goal is to hire people who understand the importance of continuing to fight against the cyber security threats (Mission) while delivering the highest quality training (Brand) to our students. We want employees whose personal values align well with our culture of fairness, honesty, customer focus, and pragmatic approach (People).
Summary of Position
The Senior IT Internal Auditor will assess and evaluate the effectiveness and efficiency of the organization's IT systems, controls, and processes. This role will conduct audits of IT systems and infrastructure, security controls, and compliance with regulatory requirements, ensuring that IT risks are mitigated, and identifying opportunities for improvements. The Senior IT Internal Auditor will work closely with senior management and IT departments to recommend best practices and solutions to strengthen IT governance and security.
We're looking for a self-starter who is adaptable, detail-oriented, reliable, and possesses excellent communication skills. The ideal candidate will thrive both independently and in a team setting.
Key Responsibilities
- Lead and execute IT audits, including risk assessments, internal control reviews, and compliance testing.
- Evaluate the design and effectiveness of IT controls, policies, and procedures related to data security, IT systems, networks, applications, and continuity.
- Identify and assess IT risks and vulnerabilities, ensuring compliance with industry standards and regulations (e.g., GDPR, NIST, ISO 27001, PCI-DSS).
- Develop audit plans, test procedures, and audit reports, ensuring timely completion of audits and presenting findings to senior management.
- Collaborate with cross-functional teams to assess technology-related risks, compliance, and control effectiveness across various IT domains (e.g., systems, networks, and applications).
- Assist in identifying opportunities for process improvements and implementing cost-effective solutions to address IT control deficiencies.
- Provide guidance to cross-functional teams, ensuring high-quality work and engagement.
- Stay current with IT trends, emerging technologies, and regulatory changes, applying knowledge to enhance audit strategies.
- Perform follow-up reviews on audit recommendations and ensure that corrective actions are implemented effectively.
- Assist with preparing audit documentation and reports for both internal and external stakeholders.
- Other duties as assigned.
Core Skills and Behaviors
- Relationship Building
- Change Leadership
- Business Acumen
- Active Listening
- Effective Communication
- Operational Excellence
- Critical Thinking & Problem Solving
- Influence & Negotiation
- Results-Oriented
- Self-Awareness & Accountability
Skills, Experience, and Education
- Bachelor's degree in management information systems, computer information technology, computer engineering, accounting, or related degree / equivalent experience.
- 5+ years of related experience in privacy, security, or IT audit roles with a focus on privacy or governance risk and compliance operations.
- IAPP Certification (CIPP/E, CIPM, CIPT, or similar) is highly preferred.
- Professional certification (CISA, CSIM, CIA or similar) preferred
- Strong understanding of risk mitigation methodologies and regulatory requirements pertaining to information security, privacy, and/or data security.
- Practical knowledge of multi-jurisdictional data protection laws and regulations, including those in the UK, EU, US, and Canada.
- Proven ability to manage multiple priorities simultaneously and deliver results on time.
- Excellent analytical, problem solving, technical writing, verbal communication, and interpersonal skills.
- Excellent communication skills with the ability to interact with teams, be a thought leader, and drive innovation.
Reporting Relationships
This position reports directly to the Director of Governance and Risk and does not have direct reports.
Work Environment
This is a remote position, so the ideal candidate must be comfortable working independently in a home office setting.
Equal Opportunity Employer
SANS is an Equal Opportunity Employer and does not discriminate against any employee or applicant for employment because of race, color, sex, age, national origin, religion, sexual orientation, gender identity, status as a veteran, and basis of disability or any other federal, state or local protected class. If, because of a medical condition or disability, you need a reasonable accommodation for any part of the application process, or to perform the essential functions of a position, please contact SANS Human Resources.
In addition, all qualified applicants with arrest or conviction records will be considered for employment.
California residents for SANS privacy notice for California job applicants
The base salary range for this position is between $120,000 and $140,000. Base salary ranges may vary by geographic location and relevant experience, education, certifications, and years of experience. There is no guarantee an offer will be at the top of the posted range based on the salary analysis.
In addition, SANS provides the following benefits:
- Medical
- Dental
- Vision
- Short-Term Disability
- 401(k) with company match
- Employee Assistance Program
- Supplemental Life Insurance and AD&D
- Paid Time Off
- Company Paid Holidays
- Volunteer Paid Time Off
Department
Legal
Employment Type
US Employee | Full-Time
Minimum Experience
Mid-level
Compensation
$120,000-$140,000
Apply Now