Careers

The Analyst of Audit and Compliance Services is an integral part of the Security Operations Center. The position overall is responsible for planning and performing audits of client general systems and application controls, IT (Information Technology) processes, project management, and risk management activities. The objective is to leverage knowledge and expertise to provide clients with unbiased findings that aim to mitigate client risk and align them with industry best practices.  

LOCATION: Candidates may work from home during pandemic but will be office-based when facilities re-open at one of our offices in Augusta, GA, Fort Wayne, IN or Centreville, MD.

Responsibilities 

• Works to understand the current Corsica Technologies' Cybersecurity offerings and how they could mitigate client risks. 

• Able to consult on matters of policy language and implementation, with the ability to write policy documents when necessary. 

• Serve as a Subject Matter Expert (SME) in interpreting compliance requirements with a focus on HIPAA, PCI DSS, and CJIS requirements.  

• Perform systems/applications integrated audits and project management reviews. 

• Execute external audit procedures and develop audit work papers and audit reports reflecting the results of work performed. 

• Follow up and perform validation of remediation activities to ensure control issues are effectively resolved when applicable. 

• Stay abreast of best practices, laws, rules, and regulations impacting institutions and ensuring that the changes are incorporated into the independent assessment process performed. 

• Report audit findings and make recommendations for correcting unsatisfactory conditions. 

• Maintain effective working relationships with the members of the audit staff. 

• Ensure that audit work conforms to policies and procedures. 

• Perform special reviews of projects if necessary. 

• Work with other members of the Audit staff as necessary to complete tasks as handed down by management. 

• Assist clients when necessary in understanding and completing SAQ documents or other compliance documents when requested. 

• Aid in setting up and managing training programs for clients where applicable. 

Competencies and Qualities 

• Able to conduct Risk Assessments that align with Scopes of Work or, when custom scopes are utilized, able to translate those requirements into an acceptable deliverable. 

• Able to understand client needs and communicate those needs in practical terms. 

• Able to evaluate information regarding HIPAA and PCI DSS against current best practices and client systems. 

• Maintain quality service by following organization standards. 

• Work with a team, communicate effectively, and have high attention to detail. 

• Meet client and company expectations for attendance, quality, and expertise.   

• Effective use of time and keep detailed notes in the company ticketing system. 

• Strong written and oral communication skills. 

SMust be committed to our core values the Corsica Way: 

• Customer Focused – We are nothing without our clients. 

• Operationally Excellent – Strive for perfection. Obtain Excellence. 

• Relational and Compassionate – Support our clients' missions through friendly service. 

• See things through to completion – Take the first step and finish what you start. 

• Integrity - always do the right thing – Do the right thing, even when no one is looking. 

• Committed to the team – Strive to meet your personal, team, and Company goals. 

• Accountable to one another and our clients – We are counting on you and so are our clients.  

Education, Experience, and Certifications 

Required 

• Minimum 2-3 years in IT audit or consulting role. 

• Minimum 2-year degree in information systems or equivalent. 

• Must have either the CISA or CISSP and must be able to obtain and pass the certification not held at the time of hire within 2 years.   

• Developed knowledge of Auditing Standards as put forth by ISACA, IIA, and others. 

Preferred 

• 2-3 years of Penetration Testing Experience 

• Offensive Security Certified Professional (OSCP)

• GIAC Certified Penetration Tester (GPEN)

• GIAC Web Application Penetration Tester (GWAPT)

• GIAC Exploit Researcher and Advanced Penetration Tester (GXPN

• or comparable certifications