Auditor - Risk

As a Risk Assurance Analyst, you will be part of our Global Trust department that covers information security, privacy, and product security risks and certification and will report to the InterSystems Data Protection Officer. You will collaborate with members of the ­­­­­Clinical Risk, Clinical Safety, and Compliance teams to provide risk management and assurance support across InterSystems products, services, and operations.

This is an office based position in Windsor, UK. 

The Risk Assurance Analyst responsibilities will include:

• Risk reporting and technology risks, processes, and controls.
• Investigation of internal control incidents or control failures, including data breach incidents
• Current and emerging technologies which may include cloud services (SaaS, PaaS, IaaS), web development tools, virtualization, UNIX, Linux, Windows, and networking and security technologies.
• ISO 27001/ISO 27002, SOC 2, HITRUST, NIST SP 800-53, CSTAR (CAIQ), ISO 27017/27018/27701, OWASP, SLSA, NIST CSF, and/or other leading business and IT control frameworks.
• Key domains of information technology general controls, including change management, access to programs and data, computer operations and systems development, cybersecurity and resiliency frameworks.
• Identifying key risks and controls, knowledge of privacy/security/risk management controls readiness, controls optimization, including the configuration of controls around security, privacy, business process and within IT environments.
• Investigating control failures including working with internal and external parties for evidence collection and evaluation, root cause determinations, and recommendation development for Plan of Action and Milestone corrective actions.
• Applying internal control principles and business/technical knowledge including information technology general controls and application controls; risk reporting concepts; working experience applying professional skepticism skills.
• Leading the adaption of work programs and practice aids, as well as perform assessments, using relevant tools to evaluate controls, security, SOD, and potential for optimization.
• Exhibiting project management skills, including developing project plans, resource budgets, and deliverables schedules.
• Creating a positive environment while meeting management expectations. This includes providing candid, meaningful feedback in a timely manner and keeping leadership informed of progress.
• Interacting with customers on solutions and reviewing projects on customer engagements (implementations).

Required Qualifications:

• 3-5+ years of auditing or risk management
• Bachelor’s degree in one of the following: Accounting, Finance/Economics, Management, Information Systems, Computer Science, Business, Science, Technology, Engineering & Mathematics and/or other business field of study

Preferred Qualifications:

• Certifications such as CIPM, CISA, GSNA, CRMA, or CCSA
• Experience and knowledge around controls with risk reporting, compliance, and operational processes within an organization as an auditor or business process specialist, including business process and IT management control