About the job
The Red Hat Information Risk and Security team is looking for an Information Systems Audit Analyst. In this role, you will ensure that the Red Hat IT portfolio is consistent with documented company policies and standards and help ensure this alignment through the analysis, assessment, and validation of security, system, and application controls. You will also lead conversations with process, application, and system owners to develop and maintain process flows, documentation, and associated risks for emerging systems and environments. As an Information Systems Audit Analyst, you will report to the head of the IT Compliance team and serve in an internal testing and reporting capacity to the senior IT leadership. You won’t deal directly with a privacy audit, but you will coordinate with privacy auditors. Successful applicants must reside in a country where Red Hat is registered to do business.
What you will do
Promote adherence to Red Hat’s controls framework including coordination of management reviews
Monitor the adequacy and effectiveness of internal control, accuracy and completeness of reporting, compliance with laws and regulations, and timely remediation of deficiencies for SOX 404 and operational audits
Assist senior IT leadership in the prioritization and realization of remediation efforts of these findings
Provide support for management reviews and audits
Consult and advise in the development of relevant IT policies, standards, and guidelines to address evolving risks, best practices, and business needs
Develop and maintain positive working partnerships with stakeholders to address risk while meeting business needs
Provide periodic updates to the senior IT leadership in written, in-person, or virtual forums
3+ years of experience in IT SOX compliance, business controls, or audit role
Familiarity with risk management processes, including methods for assessing and mitigating inherent and residual risk using Stride or similar methodologies
Technology audit skills, including understanding of IT processes and system architecture, as well as understanding of infrastructure components like network devices, firewalls, and Linux operating systems
Ability to document and express system and control deficiencies in a risk-based context
Excellent logical thinking skills; passionate about solving challenging problems
Excellent written and verbal communication skills; ability to convey information effectively and professionally to a wide variety of technical and non-technical audiences
Knowledge of industry-standard and organizationally accepted analysis frameworks like COBIT, NIST CSF, CIS, ISO 27001, SOC 2, PCI DSS, and FedRAMP
Proven record of working in a position of trust
Ability to work as part of a globally distributed team using multiple communication methods to facilitate collaboration, e.g., chat, voice, video, or email
Familiarity with privacy principles, laws, and regulations, like General Data Protection Regulation (GDPR) and California Consumer Privacy Act (CCPA)
The following are considered a plus:
CISA or ISO Auditor or a similar qualification
Industry certifications like Certified Information Systems Auditor (CISA), Certified Information Security Manager (CISM), or Certified Information Systems Security Professional (CISSP) qualification or working toward professional membership in this field; other relevant information security exams will be considered, e.g., Certified Ethical Hacker (CEH), Global Information Assurance Certification (GIAC), etc.
