Job Description

We have great people here and are looking for more. Come join us - you will love it!

Roles and Responsibility:

The Information Security & Audit Team Leader will complete tasks related to information security project planning and execution, and will:

• Maintain compliance with SOC 2 and assist in the delivery of audit results and remediation activities.
• Work with business and technology partners to plan and execute information security programs in accordance with stakeholder requirements.
• Perform assessments of information security risk and compliance according to existing Information security policies in support of new application development.
• Perform technical assessments of information security in support of new application development.
• Respond to customer inquiries regarding information security within the Sterling RISQ environment.
• Maintain and develop documentation of operational procedures associated with Information Security.
• Drive the SOC 2 effort and manage the day-to-day responsibilities of gathering information, scheduling resources, and getting tasks completed across the organization.
• Manage and handle SOC 2 audit, clients online and on-site audits.
• Assist the external auditors with certain substantive auditing procedures.
• Partner with business leaders to develop and improve policies and procedures.
• Consult on key IT projects and initiatives as needed to ensure the implementation of leading practices and necessary internal controls.
• Evaluate the existing internal controls procedures and identify opportunities to strengthen those procedures.
• Be a team-oriented individual who can effectively work at all levels within the organization, both within the Department and other functions.

Skill and Knowledge

Proven track record of success, consisting of:

• Excellent communication skills. The ability to communicate clearly and effectively, both verbally and in writing is essential to the communication of information security risks.
• Familiar with the use of Information Security tools related to vulnerability assessment and management.
• Advanced understanding of network technology as necessary to effectively evaluate information security risks.
• Advanced understanding of application security technology and its use in the application development process.
• Understanding of information security risk analysis and treatments.
• Experience in risk tracking, risk remediation, and incident response.
• Advanced understanding of application security development lifecycle, including DevOps and Agile methodologies.
• Experience in a sales support role, responding to customer inquiries regarding information security.
• Ability to effectively document information security incidents and remediation actions
• Ability to write new or update existing documentation and policies related to Information Security within the environment.
• Strong technical audit skills (including IT audit /general computer controls familiarity).
• Strong management skills with a proven ability to successfully lead and thrive in a team environment, and ability to build rapport with both team members and our internal clients.
• Have interpersonal skills and confidence to build a trust relationship with your stakeholders to enable you to act as a valued advisor

Follow us:

Equal Employment Opportunities at Sterling
Sterling is an equal opportunity employer and prohibits discrimination based on race, color, religion, creed, national origin or ancestry, ethnicity, sex (including pregnancy, childbirth or related conditions), gender identity and expression, age, disability, citizenship, sexual orientation, military service, genetic information, and any other characteristic protected by law. In addition, Sterling is committed to taking affirmative action to employ and to advance in employment individuals regardless of race, color, religion, creed, national origin or ancestry, ethnicity, sex (including pregnancy, childbirth or related conditions), gender identity and expression, age, marital status, disability, citizenship, sexual orientation, military service and genetic information; and to base all employment decisions only on valid job requirements.

Disclaimer
This job description has been designed to indicate the general nature and level of work performed by employees within this classification. It is not designed to contain or be interpreted as a comprehensive inventory of all duties, responsibilities and qualifications required of employees assigned to the job.

Sterling